The ISA Global Cybersecurity Alliance (ISAGCA) has announced the release of a white paper discussing outcomes of the zero trust model for cybersecurity in the context of operational technology (OT) and industrial control systems (ICS).
Zero trust has become a widely accepted cybersecurity strategy, with the idea that risk is internally and externally inherent. Zero trust strategy is becoming more relevant in OT and hybrid approaches can incorporate zero trust principles when appropriate. The new paper from ISAGCA, titled “Zero Trust Outcomes Using ISA/IEC 62443 Standards,” analyzes the use of the ISA/IEC 62443 series of standards for zero trust in OT.
OT security prioritizes safety as the utmost concern. The paper provides guidance on how ISA/IEC 62443 — the world’s leading consensus-based standards for control systems cybersecurity — can support concepts of zero trust. The paper recommends that the zero trust model should not be introduced for essential functions as defined in ISA/IEC 62443. It emphasizes the importance of never overriding or interrupting essential critical functions in zero trust architecture implementations, especially safety functions associated with fault-tolerant systems design.
The implementation of zero trust may involve additional upfront and maintenance costs as it elevates security dimensions and magnitude, but it also offers significant benefits in terms of understanding and organizing a security strategy. If certain zero trust principles are not feasible to achieve within an OT network, hybrid approaches can incorporate them where appropriate to enhance detection and response capabilities at scale.
“Zero Trust Outcomes Using ISA/IEC 62443 Standards” is available for download on the ISAGCA website.