As tensions with Russia mounted in the early weeks of the war in Ukraine, the FBI and the Department of Homeland Security issued a strong advisory to Critical Infrastructure owners, urging them to adopt a “shields up” strategy, hardening their systems against possible Russia-sponsored cyberattacks against U.S. electricity, gas and other systems.
The “who” and the “what” were easy to grasp. But the “how” wasn’t so clear. The advisory didn’t include additional guidance to help industrial leaders better understand what goes into a “shields up” posture.
The announcement mentioned some basic security steps companies could take right away, such as enabling multifactor authentication, conducting regular antivirus and antimalware scans, and strengthening spam filters. A subsequent Shields Up page from the Cybersecurity & Infrastructure Security Agency (CISA) offered more detailed advice. But neither mentioned what should be at the core of a truly effective shields up strategy: zero trust.
Industrial leaders are familiar with the idea of zero trust, and many companies have started working toward adopting the strategy. But there are some unique challenges in implementing zero trust, which organizations can address by answering several questions. What are the key elements for zero trust in an industrial setting? How best can organizations go about implementing it? And how can they anticipate and deal with the complications that may arise?