New ISAGCA Report Explores Zero-Trust Outcomes in OT Cybersecurity

PRESS RELEASE

Durham, NC, August 14, 2024 – The ISA Global Cybersecurity Alliance (ISAGCA) has announced the release of a white paper discussing outcomes of the zero trust model for cybersecurity in the context of operational technology (OT) and industrial control systems (ICS). 

Zero trust has become a widely accepted cybersecurity strategy, with the idea that risk is internally and externally inherent. Zero trust strategy is becoming more relevant in OT and hybrid approaches can incorporate zero trust principles when appropriate. The new paper from ISAGCA, titled “Zero Trust Outcomes Using ISA/IEC 62443 Standards,” analyzes the use of the ISA/IEC 62443 series of standards for zero trust in OT.

OT security prioritizes safety as the utmost concern. The paper provides guidance on how ISA/IEC 62443 — the world’s leading consensus-based standards for control systems cybersecurity — can support concepts of zero trust. The paper recommends that the zero trust model should not be introduced for essential functions as defined in ISA/IEC 62443. It emphasizes the importance of never overriding or interrupting essential critical functions in zero trust architecture implementations, especially safety functions associated with fault-tolerant systems design.

The implementation of zero trust may involve additional upfront and maintenance costs as it elevates security dimensions and magnitude, but it also offers significant benefits in terms of understanding and organizing a security strategy. If certain zero trust principles are not feasible to achieve within an OT network, hybrid approaches can incorporate them where appropriate to enhance detection and response capabilities at scale. “Zero Trust Outcomes Using ISA/IEC 62443 Standards” is available for download on the ISAGCA website.

About ISAGCA

The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative forum to advance OT cybersecurity awareness, education, readiness, standardization and knowledge sharing. ISAGCA is made up of 50+ member companies and industry groups, representing more than $1.5 trillion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Learn more at www.isagca.org.

About ISA

The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA’s mission is to empower the global automation community through standards and knowledge sharing. ISA develops widely used global standards and conformity assessment programs; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world. Learn more at www.isa.org.