The stakes for industrial cybersecurity have never been higher. For security and risk leaders in energy, transportation, manufacturing, and other critical sectors, protecting operational technology (OT) is vital for safety, uptime, and resilience.
As threats evolve, traditional perimeter defenses and airgaps are no longer enough. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently emphasized the critical need for zero trust micro-segmentation to protect systems, assets and data. Additionally, CISA highlighted how accurate OT asset inventory is crucial for OT network segmentation.
Zero trust architecture offers clear benefits for OT environments – it reduces attack surfaces and limits lateral movement that can have a significant negative impact on operations and uptime – as demonstrated in 2021 Colonial Pipeline attack, which disrupted fuel operations across the US East Coast for several weeks.
Discover why zero trust should be the foundation of your industrial security strategy and how Cisco can help you implement it at scale, without disrupting production.
Zero Trust in Industrial Settings
Zero trust follows a simple yet powerful concept: Never trust, always verify. It assumes that threats exist both outside and inside your network. Instead of giving users and devices broad access, zero trust uses “deny by default,” requiring administrators to configure explicit access policies.
However, this “deny by default” approach creates operational challenges in industrial environments. Granting explicit permissions without disrupting production requires a precise, real-time inventory of every asset and its communication patterns. Most organizations lack this capability due to the organic growth of OT networks, which often comprise thousands of assets on flat networks.
Remote access presents another challenge. Traditional VPNs aren’t suitable for managing granular access policies at OT scale. VPNs provide broad network access and require additional tools and IT skills to restrict access. This creates difficulties when operations need quick access rights. The challenge is compounded by frequent changes in remote users and numerous assets requiring access.
As digitization accelerates and organizations prepare for industrial AI, the need for new OT security approaches becomes more urgent. Organizations need zero trust solutions that enable friction-free management by OT teams while maintaining policy-bound security. This requires strong IT and OT collaboration. The ideal technologies let OT teams influence security policy characteristics, reducing risks while enabling secure and efficient operations.
CISA & Standards Alignment
CISA’s guidance on implementing zero trust in OT environments significantly improves security posture, while, at the same time ensuring compliance with standards such as NERC CIP, NIS2 and IEC 62443.
- NERC CIP: Mandates that power utilities in North America isolate critical cyber assets
- NIS2: Requires critical European industries enforce zero-trust controls
- IEC 62443: Defines the “zones and conduits” model for granular security controls.
How Cisco Can Help
Cisco’s industrial networking and cybersecurity portfolio delivers an integrated platform purpose-built for secure, zero trust-based industrial networks:
1. Define Zero Trust Policy with Cisco Cyber Vision:
Embedded in Cisco’s switches, Cyber Vision provides a comprehensive asset inventory. This enables OT teams to virtually segment networks by grouping OT assets into logical zones. It highlights all communication activities, ensuring virtual segments will not block legitimate traffic and cause downtime. The user-friendly interface empowers OT teams to easily modify asset groups and update security policies as industrial processes change.
2. Enforce Zero Trust Policy from your Industrial Switch:
The same switch connecting your assets provides visibility. Cisco TrustSec technology with Cisco Identity Services Engine (ISE) implements macro or micro segmentation. New or rogue assets cannot access the network until OT teams place them in an appropriate Cyber Vision group.
3. Control Zero Trust Remote Access with Cyber Vision Secure Equipment Access:
Cyber Vision’s Secure Equipment Access enables secure, policy-based remote access that operates on deny-by-default principles. It uses multifactor authentication and enforces just in time and least privilege access. The system also performs posture checks of all remote access activities, highlighting risky events such as access from unusual geolocations. Unlike traditional VPNs, SEA grants temporary, just in time and least privileged access to specific assets based on user identity.
4. Stay Ahead of Threats with Splunk:
Integrating with Splunk gives security analysts unified visibility across OT and IT security events, significantly improving Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
5. Industry Leading Threat Intelligence with Talos:
Cisco Talos provides real-time threat intelligence, powering all Cisco security products with the latest malware, vulnerability and malicious traffic detection capabilities, to keep ahead of emerging industrial cyber threats.
Your Path to Improved Cyber Resilience
Following CISA’s guidance, adopt a phased approach. Start by developing a comprehensive asset inventory and a detailed communication requirements map. This enables you to implement macro- and micro-segmentation in your industrial networks.
It’s important to note that not all OT security solutions are equal. Cisco combines visibility, zero trust segmentation enforcement, and zero trust remote access into industrial switching and routing products. This provides detailed and accurate asset inventory essential for network segmentation and security policy enforcement at scale. The approach eliminates downtime risks and creates an industrial security strategy that OT teams can embrace.
Ready to strengthen your industrial network?
Connect with a Cisco industrial cybersecurity expert to learn how we can help you on your zero trust journey.
