.png)
Momentum toward Zero Trust Architectures (ZTA) continues. Recently, the National Institute of Standards and Technology (NIST) released Implementing a Zero Trust Architecture (SP 1800-35). While SP 1800-35 is not scoped for ICS or OT environments, its concepts can help inform how OT can continue thinking about and planning for Zero Trust.
Zero Trust (ZT) is a modern cybersecurity strategy built on the principle that no user, device, or system should be inherently trusted, whether inside or outside the network perimeter. Instead, access decisions are made based on continuous verification, least privilege, and contextual policy enforcement. This approach is a response to credential-based attacks, insider threats, and adversaries capable of bypassing traditional perimeter defenses.
Zero Trust Architecture (ZTA) puts this model into use through five control areas:
Recent threat campaigns, including Volt Typhoon, have shown how attackers use valid credentials, unauthorized devices, and network traversal to remain undetected. These threats are difficult to stop with perimeter-based defenses alone.
Zero Trust addresses these tactics by limiting access, verifying identity and system state, and reducing movement between systems.
U.S. government leadership has mandated Zero Trust adoption across agencies, and is actively promoting its broader adoption across critical infrastructure, private industry, and other sectors through shared frameworks, maturity models, and partnerships. To support Zero Trust implementation, U.S. government agencies have released several key frameworks:
Federal mandates such as Executive Order 14028 and OMB Memorandum M-22-09 require civilian agencies to implement Zero Trust strategies by the end of FY2024. While these mandates currently focus on IT, there is increasing momentum to extend Zero Trust principles into critical infrastructure and OT environments. The Department of Defense is planning to release OT- and IoT-specific ZTA overlays beginning in late 2025, which will inform how operators across sectors adapt to these evolving expectations.
Implementing Zero Trust in OT environments presents unique challenges. Many devices lack support for modern identity protocols or endpoint tools. Strict availability and safety requirements limit downtime, and visibility is often fragmented across teams.
Despite these constraints, core Zero Trust principles—such as asset visibility, access control, and continuous monitoring—remain relevant and adaptable. Below are key Zero Trust concepts and how they can be applied within industrial environments.
Traditional OT systems often assume that anything inside the network is safe. Zero Trust challenges this: every user, device, and application must continuously prove trustworthiness.
OT Considerations:
Limit users and systems to only what they need to perform their roles.
OT Considerations:
· Maintenance personnel should only access specific PLCs during scheduled windows
· Engineering workstations should not have unrestricted access across all systems
Reduce the attack surface by breaking networks into smaller, controlled zones.
OT Considerations:
· Segment SCADA, safety systems, business IT, and guest access
· Use firewalls, unidirectional gateways, and VLANs to enforce separation
Collect telemetry from endpoints, network traffic, and user behavior to detect anomalies and validate trust continuously.
OT Considerations:
· Use passive tools to detect changes in device behavior
· Monitor for anomalies like unexpected command sequences or firmware uploads
Replace shared or anonymous access with identity-aware controls.
OT Considerations:
· Where feasible, use MFA for remote access
· Log and audit user access: who, when, where, and for how long
Avoid broad access via traditional VPNs and jump hosts.
OT Considerations
· Use just-in-time access with session recording and approval workflows
· Consider Zero Trust Network Access (ZTNA) to enable granular access without full network exposure
Many OT assets can't support modern agents or regular patching.
OT Considerations
NIST SP 1800-35 identified a foundational barrier to Zero Trust adoption:
“Lack of adequate asset inventory and management needed to fully understand the business applications, assets, and processes that need to be protected, with no clear understanding of the criticality of these resources.”
If this has been cited as a challenge in IT environments, this will be even more challenging in OT.
Industrial Defender supports this barrier and other underlying aspects of Zero Trust with OT asset management capabilities that address these areas:
(Supporting ZTA Pillar: Devices & Assets)
Zero Trust requires full awareness of all devices on a network. Industrial Defender builds and maintains a continuously updated inventory of OT and ICS assets, including detailed attributes like firmware, OS versions, configurations, and installed software. This enables organizations to enforce policies based on real-world device status and eliminate blind spots across segmented environments.
(ZTA Pillars: Devices, Data, Applications)
ZTA depends on validating trust continuously. Industrial Defender detects unauthorized changes to devices, configurations, or files through baselining and integrity monitoring. This supports policy enforcement, anomaly detection, and incident response within industrial systems.
(ZTA Pillar: Identity)
Although Zero Trust for IT focuses heavily on identity, OT environments often struggle to map users to actions. Industrial Defeder collects and correlates data from authentication logs (e.g., Windows event logs, syslog), local user accounts, and remote access tools.
(ZTA Pillar: Network/Environment)
Zero Trust emphasizes tight segmentation between zones. Industrial Defender does not enforce segmentation directly but helps verify segmentation effectiveness by monitoring communication paths and network activity at the asset level, alerting when unexpected or policy-violating communication occurs.
Together, these capabilities help build the operational context and visibility required to support Zero Trust principles in industrial environments, without disrupting core processes or safety requirements. Zero Trust in OT isn’t about installing one product. It’s a shift in architecture and mindset, focused on resilience, risk reduction, and safety assurance.
To learn more about how Industrial Defender can help support your Zero Trust efforts in OT environments, please reach out to your Industrial Defender representative or contact us here.
Key Resources
