Apply a Zero Trust Security Model to Industrial Control Systems (ICS)
Challenges with applying zero trust
Applying zero trust principles comes down to segmenting the network, using authentication technology to verify the requestor before making any service available, enabling secure point-to-point networking, and monitoring device and entity behavior.
This breaks down where technological limitations prohibit these capabilities. Sensor ship with a built-in back door. These devices must be calibrated in the field. The engineer installing them sets the operating level when the device is installed. Many devices lack even simple authentication capabilities, which means they cannot securely verify their identity.
Additionally, many lack logging capabilities. Behavior analysis must fall back on potentially untrustworthy telemetry collected at the network edge of the segment in which these devices reside. The networks themselves are traditionally low capacity (although this is improving), meaning that they lack the bandwidth to support real-time analysis of indications of compromise. The cost of segmentation seems high compared with the simplicity of a flat network. These constraints mean that zero trust cannot be comprehensively applied across an entire ICT environment.
How to apply zero trust to ICS environments
Given these constraints, securing ICT environments requires stronger measures at the edge, and more edges. That is, network segmentation, where practical, can impede malware attempting to move laterally.
Over these segments, security teams need to perform reputation analysis on the segment rather than attempt it on each device. This will help isolate malfunctioning zones, allowing further forensic analysis.
Where possible, require multi-factor authentication for users. And as technology catches up, deploy processor technology offering a secure co-processor for critical functions, such as patching, logging, security updates and analysis, and authentication.
Secure coprocessors are now available from most major chip manufacturers. However, most organizations will not deploy them as the price remains higher than simpler designs. ICT has an in-use lifetime of decades, meaning upgrades are rare and the capital expense is significant. Unfortunately, market mechanisms prevent wide-scale adoption of advanced security technologies. Regulation will ultimately drive adoption.
The complexity of managing ICT security may slow adoption of zero trust. Enterprises that recognize the risk and invest in a comprehensive IT/OT information security program may find their path eased by using a managed security partner (MSP) with expertise in both traditional IT and ICT domains. The enterprise itself must maintain its own cybersecurity hub, but once procedures are nailed down, a partner can cover much of the normal incident response and remediation activities. That partner will help deploy and sustain a reliable, trustworthy, resilient, and secure infrastructure.
Next steps
As we mentioned, zero trust is a model and a strategy, not a product. Taking into consideration the segmentation of ICS networks coupled with an expanding digital attack surface, using a variety of point products to apply zero trust can further complicate security—even for extremely knowledgeable MSPs.
Look for a unified cybersecurity platform to consolidate the security capabilities necessary to apply multiple aspects of zero trust across the ICS environment. From one console, your security team or MSP, can see at-a-glance any suspicious user behavior for further investigation.
For more information on ICS security and zero trust, check out the following resources: