Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Infrastructure Operators Implementing Zero Trust in OT Environments

A survey commissioned by cybersecurity company Xage shows that zero trust is on track to being implemented in many operational technology (OT) environments, particularly in critical infrastructure organizations.

A survey commissioned by cybersecurity company Xage shows that zero trust is on track to being implemented in many operational technology (OT) environments, particularly in critical infrastructure organizations.

Private companies and governments have come to realize the importance of a zero trust cybersecurity model, where nothing is trusted by default, and users or devices are verified before being given access to a requested resource.

A recent survey by the Cloud Security Alliance (CSA) showed that 80% of C-level executives consider zero trust a priority for their organization and a vast majority are in the process of implementing zero trust strategies.

The new Xage report — based on a survey of cybersecurity professionals working in critical infrastructure organizations in the United States — shows that zero trust is also widely being implemented in OT environments.

Xage says there has been “heavy skepticism” regarding the practicality of implementing zero trust in industrial environments, which host a mix of modern and old equipment and where any disruptions could be very costly.

However, more than half of respondents determined that an equipment overhaul is not required to implement zero trust, with some strategies not requiring any updates to existing technology.

The survey found that 41% of critical infrastructure operators are in the early stages of zero trust implementation and 88% have taken some steps towards zero trust. All respondents said they have plans to adopt zero trust at some point.

[ Read: The History and Evolution of Zero Trust ]

Advertisement. Scroll to continue reading.

Roughly two-thirds of critical infrastructure operators have shifted to a proactive security approach.

Organizations that have already started implementing zero trust strategies believe this approach helps them accelerate digital transformation, provides improved user experience, leads to more efficient operations, and helps them save time or money.

On the other hand, many organizations still find it difficult to adopt zero trust, and the challenges cited by many respondents include the lack of knowledge and resources, as well as “conflicting direction from leadership.”

While nearly half of respondents believe it will take more than three years to complete their zero trust objectives for OT, some have found ways to overcome the associated challenges, including by integrating zero trust into their culture, setting a formal process for defining goals, assessing weaknesses in their existing security architecture, and incorporating identity and access management (IAM) practices and tools.

Related: The Need for Resilient Zero Trust

Related: Zero Trust, We Must

Related: Demystifying Zero Trust

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.