CISA issues zero trust OT guidance

Operational technology is the stuff that runs the real world — pumps, turbines, factory lines, substations, water systems. When attackers get into these environments, the risk is not just stolen data. It is disrupted physical processes, lost visibility, and in the worst cases safety problems. That is why CISA and a group of U.S. partners just published new guidance on how to apply zero trust to OT — a security model that starts by treating implicit trust as the bug, not the feature. (cisa.gov) ### What changed? On April 29, CISA released Adapting Zero Trust Principles to Operational Technology with the Department of War, Department of Energy, FBI, and Department of State. The point is practical, not theoretical. OT owners and operators have been told for years to “do zero trust,” but most zero-trust(cisa.gov)un ancient gear. (cisa.gov) ### Why is OT the hard version? Because OT was never built around modern identity checks and dynamic access decisions. A lot of these environments grew up around uptime, determinism, and safety. Some devices are old. Some cannot be patched easily. Some cannot tolerate the kind of scanning, authentication friction, (cisa.gov)lant or utility, the catch is making that work without interrupting the thing the network is there to control. (cisa.gov) ### What does the guide focus on? Three things carry most of the weight. First, asset visibility — you cannot protect what you cannot actually see, and many OT environments still lack a clean inventory of devices, software, communications paths, and dependencies. Second, supply-chain risk — vendors, remote mainten(cisa.gov) paths. Third, identity and access management — the guide pushes stronger controls around who, what, and under what conditions gets access. (cisa.gov) ### What does “zero trust” mean here? Not “put MFA everywhere tomorrow.” Basically, it means stop assuming that being inside the network equals being trustworthy. Access should be continuously evaluated based on identity, context, and risk. The document also leans on layered controls — network segmentation, secure(cisa.gov)l. (cisa.gov) ### Why are agencies pushing this now? Because OT and IT are no longer neatly separated. Systems that used to be isolated are now interconnected, digitally monitored, and remotely operated. That brings efficiency and better data, but it also creates more paths for lateral movement. CISA explicitly tied the new gui(cisa.gov)aim to gain and maintain access inside critical infrastructure. (cisa.gov) ### So what should architects actually do? Map trust boundaries like they are attack surfaces — because they are. That means understanding every asset, every identity, every remote connection, and every bridge between enterprise IT and industrial networks. If a vendor account, jump host, engineering workstation, o(cisa.gov)d. In OT, the dangerous path is often not a flashy exploit. It is a normal connection that everyone got used to. (cisa.gov) ### Why does collaboration matter so much? Because OT security breaks when IT, plant operations, and cyber teams design in isolation. The guide is blunt about this — successful adoption needs collaboration across IT, OT, and cybersecurity teams. That sounds bureaucratic, but it (cisa.gov)th in the room. (ic3.gov) ### Bottom line This is not a call to forklift-replace industrial systems with a shiny zero-trust stack. It is a roadmap for tightening trust in places where trust has been too broad for too long. The message is simple — in modern OT, “inside the network” is no longer a meaningful security boundary. (cisa.gov)