Zero Trust: The Rules Are Different for Manufacturing

Industry Week
October 5, 2022
Download PDF


What is zero trust and how can it be practically applied to OT environments?

Zero trust is a well-known term in cybersecurity. With its origins in information technology the primary focus and guidance was constructed on a set of principles that not long ago would have been difficult, if not impossible, to implement in an operational technology (OT) environment. But today cybersecurity leaders in the OT realm are adapting zero trust for the unique requirements for their environments, as well.

The history of zero trust goes back to the mid 1970s, to the principle of least privilege (POLP), which simply states that only the authority required to perform the specific function should be granted. In other words, every entity must be able to access only the information and resources that are necessary for its legitimate purpose. While this principle is implemented in the privilege rings of the application stack, the general principle of limiting access to authorized and validated resources directly applies to zero trust.  

There are really only two primary goals of zero trust. First is to prevent unauthorized access to data, services and resources. Second is to make access as granular as possible by shrinking or eliminating explicit trust zones.

Read more here.

Industry Week
Industry Week

IndustryWeek is the only media brand dedicated to championing the people and companies that are making the U.S. manufacturing sector a global leader. We are the essential information source for the decision-makers and disruptors driving manufacturing’s latest transformation, the 4th Industrial Revolution, with a core focus on how companies develop and deploy talent and technology to achieve transformational leadership practices, revolutionary business models, state-of-the-art production systems, and next-generation products made possible by the convergence of maturing technologies.

Become a Member