The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Cut the cards: Zero Trust in the Critical Infrastructure.
June 25, 2020 | Robert Bergman
“Trust everyone — but cut the cards,” is essentially the premise of Zero Trust cyber security. Zero Trust assumes that everyone or everything with access to your digital systems has inappropriate intent and provides guidance for you to protect yourself accordingly. As Aera CIO Alec Wilder, who has recently implemented a Zero Trust cyber security policy puts it:
“Zero Trust doesn’t mean we don’t trust you as an individual. It means we must verify everyone’s credentials and make sure individuals are who they say they are before they have access to the requested information. A defensive perimeter is no longer adequate,” he says.
Palo Alto Networks Field CTO and blogger John Kindervag invented the Zero Trust approach while an analyst at Forrest Group. It grew from his realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be trusted.
“Under this broken trust model, it is assumed that a user’s identity is not compromised and that all users act responsibly and can be trusted. The Zero Trust model recognizes that trust is a vulnerability. Once on the network, users – including threat actors and malicious insiders – are free to move laterally and access or exfiltrate whatever data they are not limited to. Remember, the point of infiltration of an attack is often not the target location,” he says.
Most of Zero Trust as Kindervag describes it takes place at the IT network level. In an introductory video in which he cleverly explains Zero Trust using a deck of cards, he identifies the key steps in designing a Zero Trust architecture, including identifying the areas that need to be protected, which he calls “protect surfaces.” Protect surfaces include data, applications, and assets. ICS, SCADA, and IoT, in his example, fall under the category of assets.
To industrial cyber security authority Joe Weiss, however, protection at the network level is insufficient for industrial assets. In his recent podcast with Control magazine executive editor Jim Montague, Weiss says that in the industrial world, the focus has shifted to protecting the network itself rather than the devices and the processes needing to be monitored and controlled.
Reflecting Weiss’ concern for deeper protection, where Kindervag says: “Once on the network, users – including threat actors and malicious insiders – are free to move laterally and access or exfiltrate whatever data they are not limited to,” we would replace the word “network” with “control hardware” and say that to achieve the 100-percent trust that Weiss says is essential requires designing it so that if an intruder does get in, there would be no place for them to go.
This is accomplished by validating all signals against a root of trust, a hierarchy of digital certificates and encryption strategies that confirm unequivocally the integrity of the data and validate the authenticity of the sender. Ecommerce applications have long relied on roots of trust maintained by trusted organizations such as Verisign, but these had not yet been adapted for mainstream industrial control applications, because too much had been invested in automation digital architectures before cyber security was an issue.
For more details on how Bedrock Automation has implemented an industrial root of trust, read our white paper, Chapter 3: Intrinsic Cyber Security Fundamentals.
For more detail on the technical underpinnings of cyber security roots of trust in the context of public key cryptography in general, see the following white papers from Maxim Integrated.