The ISA Global Cybersecurity Alliance (ISAGCA) recently released a white paper that delves into the application of the zero trust model in the realm of operational technology (OT) and industrial control systems (ICS). This strategy has gained widespread acceptance in the cybersecurity community due to its acknowledgment that risk factors exist both internally and externally. The white paper, titled “Zero Trust Outcomes Using ISA/IEC 62443 Standards,” examines how the ISA/IEC 62443 series of standards can be leveraged to implement zero trust in OT environments.
In operational technology, security is paramount, with safety being the primary concern. The paper outlines how the ISA/IEC 62443 standards, which are recognized globally as the leading set of control systems cybersecurity standards, can be utilized to support the principles of zero trust. It cautions against introducing the zero trust model for essential functions as defined by ISA/IEC 62443, emphasizing the critical need to safeguard safety functions in fault-tolerant systems design.
While implementing zero trust may entail additional costs upfront and in terms of ongoing maintenance, it brings with it substantial benefits in terms of enhancing security strategies. Even if certain zero trust principles may not be feasible to fully implement within an OT network, hybrid approaches can be employed to incorporate these principles where appropriate, bolstering detection and response capabilities on a larger scale. Interested parties can access the white paper “Zero Trust Outcomes Using ISA/IEC 62443 Standards” on the ISAGCA website.
The ISA Global Cybersecurity Alliance (ISAGCA) serves as a collaborative platform aimed at advancing awareness, education, and standardization in OT cybersecurity. Comprising over 50 member companies and industry groups with collective revenues surpassing $1.5 trillion and a presence in over 2,400 locations worldwide, ISAGCA underscores the broad application of the ISA/IEC 62443 series of standards. The member companies span 31 diverse industries, highlighting the relevance and significance of these standards. For more information, visit www.isagca.org.
Established in 1945, the International Society of Automation (ISA) is a non-profit professional association committed to enhancing the automation community globally through the dissemination of standards and knowledge. With a focus on enabling the automation sector, ISA develops widely adopted global standards and certification programs, offers educational resources and training, publishes technical literature, hosts conferences, and provides networking opportunities and career development initiatives. To learn more about ISA’s activities and contributions, visit www.isa.org.
Overall, the release of this white paper by the ISA Global Cybersecurity Alliance sheds light on the importance of implementing a zero trust model in OT and ICS environments, utilizing industry-leading standards to bolster security measures and protect critical functions in the ever-evolving landscape of cybersecurity threats.