Zero Trust for Industrial Control Systems

The concept of zero trust for securing information networks is gaining popularity. This is underscored by the recent executive order to improve the nation’s cybersecurity, highlighting zero trust as a key component.

The zero-trust architecture is a powerful tool that helps security professionals determine optimal ways to design security controls for their networks. However, industrial control system (ICS) and critical infrastructure networks have important differences from IT networks and require ICS security professionals to reformulate the IT zero-trust approach—particularly regarding the decision of where to encrypt traffic and at what point that end-to-end encryption hurts the availability of protection and control devices.

Furthermore, the notion that trust can be excluded from the calculus of network security is misguided. Trust underpins all security; therefore, when applying zero trust to a network, security professionals should continually evaluate these questions: What do I trust? Why do I trust it? When should I no longer trust it?

During this webinar, the presenters share their thoughts and expertise on:

• How and why trust factors into the field of cybersecurity.
• The core tenets of zero trust.
• Tools and techniques to modify and apply zero-trust principles to operational technology (OT) industrial control networks.
• Existing policies and controls that make applying zero trust more attainable.

Date held: August 11, 2021