Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Infrastructure Operators Implementing Zero Trust in OT Environments

A survey commissioned by cybersecurity company Xage shows that zero trust is on track to being implemented in many operational technology (OT) environments, particularly in critical infrastructure organizations.

A survey commissioned by cybersecurity company Xage shows that zero trust is on track to being implemented in many operational technology (OT) environments, particularly in critical infrastructure organizations.

Private companies and governments have come to realize the importance of a zero trust cybersecurity model, where nothing is trusted by default, and users or devices are verified before being given access to a requested resource.

A recent survey by the Cloud Security Alliance (CSA) showed that 80% of C-level executives consider zero trust a priority for their organization and a vast majority are in the process of implementing zero trust strategies.

The new Xage report — based on a survey of cybersecurity professionals working in critical infrastructure organizations in the United States — shows that zero trust is also widely being implemented in OT environments.

Xage says there has been “heavy skepticism” regarding the practicality of implementing zero trust in industrial environments, which host a mix of modern and old equipment and where any disruptions could be very costly.

However, more than half of respondents determined that an equipment overhaul is not required to implement zero trust, with some strategies not requiring any updates to existing technology.

The survey found that 41% of critical infrastructure operators are in the early stages of zero trust implementation and 88% have taken some steps towards zero trust. All respondents said they have plans to adopt zero trust at some point.

[ Read: The History and Evolution of Zero Trust ]

Advertisement. Scroll to continue reading.

Roughly two-thirds of critical infrastructure operators have shifted to a proactive security approach.

Organizations that have already started implementing zero trust strategies believe this approach helps them accelerate digital transformation, provides improved user experience, leads to more efficient operations, and helps them save time or money.

On the other hand, many organizations still find it difficult to adopt zero trust, and the challenges cited by many respondents include the lack of knowledge and resources, as well as “conflicting direction from leadership.”

While nearly half of respondents believe it will take more than three years to complete their zero trust objectives for OT, some have found ways to overcome the associated challenges, including by integrating zero trust into their culture, setting a formal process for defining goals, assessing weaknesses in their existing security architecture, and incorporating identity and access management (IAM) practices and tools.

Related: The Need for Resilient Zero Trust

Related: Zero Trust, We Must

Related: Demystifying Zero Trust

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

Network security policy management firm FireMon has appointed Alex Bender as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.