This is part 2 of a 2-part article about the 3-phase approach to OT zero trust. You can read part 1 here.
By zeroing out trust on operational technology (OT) networks, the OT zero trust approach neutralizes the activities of attackers and malware. As we mentioned in part 1, OT environments that use the OT zero trust approach improve defenses, streamline security oversight, and minimize time taken up by maintenance. We roll out OT zero trust policy in 3 phases:
Phase 1: Zero trust for inbound devices
This cybersecurity policy takes effect from the moment a device comes onto your premises. Modern cyber attacks frequently begin with an infected laptop or USB brought onto the work site by a trusted employee – put a stop to this insider threat by setting up a checkpoint for rapid, installation-free device scans. Newly-arrived assets being prepared for onboarding should also be pre-scanned to mitigate the risk of supply chain attack – in the past, cyber attackers have triggered cyber incidents by compromising devices prior to shipment.
Phase 2: Zero trust for applications
Traditional antivirus software can bog down assets, leading to crashes or delays. Operations-friendly, “OT-native” lockdown software secures legacy endpoints with a trust list that only allows applications critical to operations. For modernized endpoints that carry out more varied or complex tasks, our engineers believe a library of trusted ICS applications and licenses can inform next-generation antivirus software as to which files and applications it can skip and give priority to, preserving resources for operations.
Phase 3: Zero trust for networks
Attackers find your OT network much more challenging to attack when unnecessary “doors” in the network are sealed with specific rules for traffic put in place by firewall or IPS appliances. With these special rules for traffic, which are based strictly on which assets need to communicate in order to do their work, the network is separated into segments that are easier to monitor and secure.