The concept of zero trust for securing information networks is gaining popularity. This is underscored by the recent executive order to improve the nation’s cybersecurity, highlighting zero trust as a key component.
The zero-trust architecture is a powerful tool that helps security professionals determine optimal ways to design security controls for their networks. However, industrial control system (ICS) and critical infrastructure networks have important differences from IT networks and require ICS security professionals to reformulate the IT zero-trust approach—particularly regarding the decision of where to encrypt traffic and at what point that end-to-end encryption hurts the availability of protection and control devices.
Furthermore, the notion that trust can be excluded from the calculus of network security is misguided. Trust underpins all security; therefore, when applying zero trust to a network, security professionals should continually evaluate these questions: What do I trust? Why do I trust it? When should I no longer trust it?
During this webinar, the presenters share their thoughts and expertise on:
- How and why trust factors into the field of cybersecurity.
- The core tenets of zero trust.
- Tools and techniques to modify and apply zero-trust principles to operational technology (OT) industrial control networks.
- Existing policies and controls that make applying zero trust more attainable.
Date held: August 11, 2021
Contribute to the conversation
We want to hear from you. Send us your questions, thoughts on ICS and OT cybersecurity, and ideas for what we should discuss next.
Dr. Ed Schweitzer discusses how SEL is working to develop solutions that are inherently secure on the Schweitzer Drive podcast.
Read about the importance of cybersecurity fundamentals and understanding adversaries.
Learn why security techniques commonly used in IT may be unsuitable for application in critical energy systems.