The other day I tweeted out a link to an article I saw come through Twitter that extolled the virtues of Zero Trust in the Operational Technology environment. In short, Zero Trust Architecture is a security approach that relies on mutual authentication and fine granularity of permission to protect data and services. Essentially, transactions are proceed when the end points are 100% sure they know who they are communicating with and those entities are explicitly permitted to complete that transaction. Contrast this to perimeter-based security which allows transactions to take place simply because a communication was established. e.g., “If my firewall didn’t stop you, it must be OK for you to view this web page” or “I trust you because you have the right IP address.”
Now without getting into the weeds of a comparison between the two security architectures, let’s assume many of the points Don O’Neil (the author) makes in the article are valid. End-to-end security is arguably the most desirable security model and ZTA is probably one of the better ways to achieve it. However, I think we have a long way to go to get to ZTA in the OT world.
The issues abound, from ancient protocols with no notion of trust, to many operators’ desire to keep OT as simple as possible to minimize the risk of failure. Not to mention regulatory approaches (and resulting mindsets) with perimeter-based security baked in. NERC CIP Electronic Security Perimeters, anyone?
To be fair, O’Neil writes about evolving OT to ZTA and acknowledges many of these issues in the article. I’m a little worried, however, that the only folks who really pick up on those details are the ones who already understand how tall those hurdles really are. We need more articles like O’Neil’s to get us beyond perimeters and build security directly into OT systems . This would greatly reduce the impact of a perimeter getting breached -something that keeps many of us in the OT world awake any night…
Does moving to ZTA mean all of those perimeters will go away? Perhaps with some of the use cases that carry less risk, but in many situations defense-in-depth rules the day, so the ZTA and perimeters will need to co-exist.