Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
Dive into six things that are top of mind for the week ending Nov. 1.
1 – Securing OT/ICS in critical infrastructure with zero trust
As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.
That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.
While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.
The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.
Among the topics covered are:
- Critical infrastructure’s unique threat vectors
- The convergence of IT/OT with digital transformation
- Architecture and technology differences between OT and IT
The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:
- Define the surface to be protected
- Map operational flows
- Build a zero trust architecture
- Draft a zero trust policy
- Monitor and maintain the environment
A zero trust strategy boosts t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: