# CISA Urges Zero Trust Architecture for Operational Technology as IT-OT Convergence Creates Critical Security Gap


## The Threat


Operational technology systems—the industrial controllers, SCADA networks, and physical infrastructure that power manufacturing, energy, water treatment, and critical infrastructure—have historically relied on air-gapped networks and implicit trust models for security. But that isolation is rapidly disappearing. As organizations digitize OT environments with remote monitoring, cloud connectivity, and IT-OT integration, they're inadvertently exposing critical physical systems to cyberattacks designed for IT networks.


CISA, in coordination with the Departments of Defense, Energy, State, and the FBI, has released comprehensive guidance warning that traditional perimeter-based defenses are no longer adequate for protecting OT systems. The joint advisory, *Adapting Zero Trust Principles to Operational Technology*, makes clear that the convergence of IT and OT infrastructure is introducing cybersecurity risks that legacy security models cannot address.


The core problem: OT systems that were once isolated or manually operated are now increasingly interconnected, digitally monitored, and remotely controlled—yet they often run on decades-old hardware and software that was never designed with networked security in mind. This creates a uniquely dangerous gap where organizations must protect critical physical processes (manufacturing lines, power grids, water systems) with technologies designed for both modern infrastructure and legacy systems that cannot easily be patched or replaced.


## Severity and Impact


| Aspect | Details |

|--------|---------|

| Threat Type | Architectural guidance for operational technology security |

| Risk Category | IT-OT convergence, legacy infrastructure exposure, supply chain vulnerabilities |

| Scope | All critical infrastructure sectors (energy, water, manufacturing, transportation) |

| Primary Concern | Inadequate perimeter defenses and implicit trust models in digitized OT environments |

| Key Gaps Identified | Asset visibility, supply chain risk management, identity/access controls, network segmentation |

| Attack Surface | Remote access points, cloud connectivity, integrated IT systems, third-party vendors |

| Guidance Authority | CISA (Cybersecurity & Infrastructure Security Agency) with FBI, DoD, DoE, State Department |


## Affected Products


This guidance applies across all operational technology environments, including:


Energy Sector

  • Power generation and distribution systems
  • SCADA networks for grid management
  • Renewable energy control systems
  • Smart grid infrastructure

    • Water and Wastewater

  • Treatment control systems
  • Distribution network monitoring
  • Remote sensor networks

    • Manufacturing

  • Industrial control systems (ICS)
  • Programmable logic controllers (PLCs)
  • Manufacturing execution systems (MES)
  • Robotics and automation platforms

    • Transportation

  • Traffic management systems
  • Railway signaling systems
  • Port operations infrastructure

    • Healthcare

  • Medical device networks
  • Biomedical equipment systems
  • Hospital infrastructure controls

    • Telecommunications

  • Network infrastructure controllers
  • Backup power systems
  • Environmental monitoring

    • The guidance is agnostic to specific vendors and applies to both legacy OT platforms and modern industrial IoT systems from all manufacturers.


    ## Mitigations


    CISA's guidance recommends a phased approach to implementing zero trust principles in OT environments, accounting for the unique constraints of operational technology:


    1. Establish Comprehensive Asset Visibility


    Organizations must first inventory and map all OT assets, including legacy systems, networked devices, and their interdependencies. This foundational step enables threat detection, vulnerability management, and segmentation strategies. Many organizations lack basic visibility into what's connected to their OT networks—a prerequisite for any security improvement.


    2. Address Supply Chain Risks Proactively


    OT systems depend heavily on third-party vendors, integrators, and components. Zero trust in OT requires:

  • Vetting suppliers and assessing their security practices
  • Implementing secure procurement processes
  • Monitoring vendor access to critical systems
  • Requiring suppliers to follow zero trust principles
  • Managing firmware and software update chains securely

    • 3. Implement Robust Identity and Access Management


    Rather than trusting any user or system within the OT network:

  • Authenticate all users and systems attempting to access OT resources
  • Implement multi-factor authentication where technically feasible
  • Enforce least-privilege access based on actual job requirements
  • Maintain detailed logs of who accessed what and when
  • Regularly audit access rights and remove unnecessary permissions

    • 4. Deploy Layered Security Measures


    A zero trust OT architecture requires multiple overlapping defenses:

  • Network segmentation: Isolate critical OT systems into separate security zones; prevent lateral movement between zones
  • Secure communication protocols: Encrypt data in transit; authenticate communication endpoints
  • Vulnerability management: Identify and prioritize vulnerabilities; balance patching schedules with operational safety requirements
  • Continuous monitoring: Detect anomalous behavior, unauthorized access attempts, and potential attacks in real time

    • 5. Account for Operational Constraints


    Unlike IT systems, OT infrastructure cannot always be taken offline for patching or updates. The guidance emphasizes:

  • Accepting that some legacy systems cannot be patched and require compensating controls
  • Designing zero trust systems that don't disrupt ongoing operations
  • Testing security changes in development environments before deployment
  • Maintaining safety interlocks that protect physical processes even if cyberdefenses are breached

    • 6. Plan for Gradual Transition


    Zero trust cannot be implemented overnight in legacy OT environments. Organizations should:

  • Start with the highest-risk assets and connections
  • Pilot zero trust controls in isolated network segments
  • Build expertise and tools gradually
  • Engage vendors to support zero trust architectures in OT products

    • ## References


    Official CISA Guidance:

  • [CISA – Adapting Zero Trust Principles to Operational Technology](https://www.cisa.gov/zero-trust)
  • [CISA Zero Trust Architecture Guide](https://www.cisa.gov/zero-trust)

    • Supporting Resources:

  • NIST Cybersecurity Framework (CSF)
  • NERC CIP standards for energy sector OT
  • IEC 62443 Industrial Automation and Control Systems Security

    • ---


    ## The Bottom Line


    The shift toward zero trust in operational technology isn't optional—it's essential. As critical infrastructure becomes increasingly digital and connected, organizations that continue relying on air-gap isolation and implicit trust are building security on assumptions that no longer hold. CISA's joint guidance provides a roadmap, but implementation requires sustained investment in asset visibility, vendor management, access controls, and layered defenses.


    For OT owners and operators, the path forward is clear: assess your current state, prioritize the highest-risk systems and connections, and begin implementing zero trust principles now. The physical systems you protect—and the communities that depend on them—are worth the effort.