Applying 'Zero Trust' to OT EnvironmentTwo Experts Discuss the Challenges Involved
Implementing the "zero trust" model in the OT environment can prove to be more difficult than in the IT environment because many OT systems are older, cannot easily be replaced and may be difficult to monitor, according to Manish Dave, head of cybersecurity for India-based Aarti Industries, and Amitava Mukherjee, director for cybersecurity at Siemens, India.
The challenges in implementing zero trust for OT include patch management, asset management, access control, physical security of devices and hardening of devices, Dave says. But these challenges can be addressed by applying principles of zero trust, he says, although recruiting those with expertise in applying the framework can be difficult.
In a video panel interview with Information Security Media Group, Dave and Mukherjee also discuss:
- Tips on implementing a zero trust approach in an OT environment;
- Technologies that can be leveraged for OT security;
- How OEMs are approaching "security by design."
Dave is head of cybersecurity at Aarti industries, a chemical manufacturing firm. Previously, he was head of IT security and compliance at LafargeHolcim. He has more than 30 years of experience in infrastructure and operations, networks and data center management. Dave spent more than 16 years working in information security and has implemented international security standards and frameworks.
Mukherjee is director, cybersecurity at Siemens, India. He has more than 20 years of cross-cultural experience in the areas of IT governance, cybersecurity, governance, risk management, IT-OT convergence and OT security.