A Zero Trust approach for the cybersecurity of Industrial Control Systems

Industrial plants are adopting an increasing number of digital interconnected technologies that are enriched by several software applications. The IT/OT convergence offers several benefits in terms of efficiency and flexibility but it opens as many issues in terms of cyber vulnerabilities because industrial plants were not designed to be open to Internet. The frequency of successful cyber attacks shows that typical security solutions are inadequate to the novel complexity of industrial contexts. This novel scenario requires original approaches differing from traditional multi-layer networking solutions that are applicable just to rigid and stable infrastructures. We explore the applicability of Zero Trust Architecture (ZTA) principles to the industrial context by designing, implementing and testing an integrated defensive solution. The results obtained through a working prototype show that it is possible to implement a Zero Trust identity-centric approach in an industrial context to increase the security and flexibility of the system while providing complete visibility over the entire network. The proposed approach can be used to strengthen legacy industrial systems that were designed for offline use, and to allow the adoption of innovative technologies that minimize the cyber risk for the overall infrastructure.