Zero Trust is a security strategy requiring every user and device connected to a network to be authorized, authenticated and continuously validated to access a network and interact with data, services or other assets.
Zero Trust, in critical infrastructure organizations, is seen as essential to ensuring that their integrated mix of operational technology (OT) and IT systems are protected from malicious intruders, and that they are able to mitigate and recover from successful cyberattacks when they occur. Critical infrastructure in recent years has become a key target of threat actors, particularly those with ties to nation-states. Because of critical infrastructure’s importance, attacks have the potential to threaten a nation’s security, economy and even the health of people who depend on those services.
Zero Trust eliminates the implicit trust that was inherent in traditional networks, which assumed that every user or device inside the network perimeter was trustworthy. Instead, its “never trust, always verify” approach treats every user, device, application and service as a suspect, assuming each may have been compromised. It also requires constant validation of all access privileges to protect the organization if a valid credential later becomes compromised.
Why Zero Trust? Mitigating Threats to Critical Infrastructure and Operational Technology
As ransomware and other attacks have increased in recent years, the focus of many attacks has been shifted to industry and critical infrastructure, including attacks involving industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In 2021 alone, 649 organizations in 14 of 16 critical infrastructure sectors suffered ransomware attacks, according to the FBI’s 2021 Internet Crime Report.
Attacks such as those on the Colonial Pipeline and meat packer JBS (both attacks have been linked to groups in Russia) have had far-reaching impacts. For instance, the attack on the Colonial Pipeline shut down the pipeline’s operations for almost a week and had significant downstream impact. At the beginning of Russia’s invasion of Ukraine, the FBI and the Department of Homeland Security issued a warning to operators of critical infrastructure about the potential of cyberattacks, urging them to adopt a “shields up” defensive posture.
The Cybersecurity and Infrastructure Security Agency (CISA) identified 16 critical infrastructure sectors whose assets, systems and networks are considered so vital to the nation’s operations that attacks on them could threaten national security, economic security, or public health and safety. Those sectors include:
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Services
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials, and Waste
- Transportation Systems
- Water and Wastewater Systems
Beyond commercial or political impacts, attacks on infrastructure, such as hospitals, can put lives at risk. In the current environment, a comprehensive security strategy built on zero trust principles is considered essential to protecting critical infrastructure systems and reducing risk to acceptable levels.
Zero Trust’s Key Components for Planning and Implementation
Zero Trust strategies grew out of the realization that traditional security methods, which focused on protecting the network perimeter, were no longer enough. Cloud computing and mobile computing extended beyond any physical or logical network perimeters all the way to systems at the edge. The focus of security has shifted to identities, whether human or non-human, that interact with an organization’s systems and data. Zero Trust applies continual verification of those identities throughout those interactions.
In critical infrastructure settings, the need for a Zero Trust approach is amplified by the convergence of IT systems with operational technology (OT) systems, many of which lack essential protections. ICS systems often use old, unsupported operating systems and software that doesn’t receive updates and security patches. The integration of IT and OT systems, which allows remote access to OT equipment, can leave the entire enterprise vulnerable. Access control methods often include outdated systems such as VPNs that weren’t built to manage access to critical systems and applications. VPNs also don’t isolate protocols and systems, and can allow lateral movement through a network.
A Zero Trust strategy includes several key elements that are necessary to control all interactions between users and data, and systems and applications.
Network Segmentation. In network segmentation, the network is broken down into distinct sub-networks, typically consisting of Virtual LANS, allowing teams to apply security controls specific to that subnet. It helps control access and restrict movement within the network.
Protocol Isolation. Unlike IT systems, which mostly have standardized on TCP/IP, OT systems use a wide variety of protocols, some of them specific to the equipment or function involved. Isolating those protocols limits their use to a specific location, such as a virtual machine. Protocol isolation allows protocols to be accessible on the ICS Network (trusted network) but unavailable (closed) to the external untrusted networks and users unless they are using a solution (e.g., secure user access platform) that translates the protocols from the trusted network to the untrusted network without exposing the native protocols. As a result, protocols that hackers could exploit traditionally are now closed due to protocol isolation which dramatically reduces the attack surface of the OT and ICS networks.
Multi-factor Authentication. MFA—which employs a combination of passwords, tokens and biometrics—is extremely effective in preventing identity compromise. It should be required for access to a network, including user sessions involving any data in transit.
Least Privilege. Any level of access should be guided by the principle of least privilege, under which users, devices, applications, APIs or any other network identity is given only the minimum privileges necessary to complete a specific job or task. Least privilege polices also can include role-based access, which limits access only for performing a specific job, and time-based access, which grants access for a set amount of time in which to perform the job. Location-based access allows users access only from a certain location.
Strong encryption. Any communication between the IT and OT systems, as well as to the internet, should have a high level of encryption.
Logging and Monitoring. Organizations need to log and record all user access session data to critical OT systems, including those involving vendors accessing their critical assets. Monitoring should be done in real-time, if possible, and should include monitoring the movement of any files.
Clear Assess Risk. No security strategy is perfect—the goal is to identify risks and reduce them to acceptable levels. Organizations can use a Zero Trust strategy to identify and verify an acceptable risk level for critical assets.
Achieving Zero Trust in OT and ICS Systems
XONA offers Zero Trust access protection to ensure the protection of OT system data and applications. The company leverages several innovative techniques to protect critical asset data and applications, all through the standard Zero Trust approach. The company combines strong multi-factor authentication with granular authorization to applications and systems. XONA’s Clientless Secure Gateway (CSG) employs protocol and system isolation, encrypted thin-client display and real-time session logging and user access monitoring to combat against even the most sophisticated cybercriminals. The CSG delivers clientless access to ICS via any common web browser on any capable device.
A Zero Trust approach for access to OT and critical infrastructure maintains reliable industrial processes and more importantly, safeguards civilization.
- The Case for Zero Trust Access for the Industrial Internet of Things
- OT: Icefall: Addressing Operational Technology Equipment Flaws with Zero Trust Controls
- XONA Provides Secure and Compliant Operations via Mobile Device for Porto de Sergipe Power Plant
- How to Securely Transition to Remote Plant Operations in Response to Today’s Challenges
- XONA Reduces Critical Infrastructure Risks for Major Distributor of Natural Gas