Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations.
A zero trust security architecture is the gold standard for blocking and containing threats, but there’s been heavy skepticism around the practicality of implementing zero trust in operational technology (OT) environments with the mix of legacy and modern equipment. A study from Wakefield Research suggests that despite this skepticism, industrial cybersecurity leaders are making significant progress.
The survey conducted among 250 cybersecurity professionals in energy, aerospace, port operations, transportation, pipeline operations, utilities, and retail supply chain & warehousing found that 88% of OT cybersecurity leaders have already taken steps to adopt zero trust. Notably, 58% have found a path to zero trust that doesn’t require an equipment overhaul—an otherwise daunting, disruptive and costly undertaking for any industrial operation.
“OT, IT, and cybersecurity leaders have had a challenging few years. Being forced to rethink how they approach cybersecurity for operations is not easy, and thinking they need to rip and replace equipment only makes matters worse. Fortunately, this long-running misconception seems to be tailing off,” said Duncan Greatwood, CEO of Xage.
“Over half of the industrial sector is realizing that there are better ways forward, but that leaves the other half at risk of falling behind on implementation timelines. Continuing to close this knowledge gap over the most practical ways to implement zero trust will put infrastructure operators, and our nation’s most vulnerable infrastructure, in a much better position.”
A recap of the study’s key findings is below:
Zero trust in operations is doable, and inevitable
It’s abundantly clear that operational environments are moving towards zero trust. Some are moving faster than others, with nearly half still viewing a full rip and replace of their existing systems as the only way forward.
- 100% of OT cybersecurity leaders have plans to adopt zero trust.
- 58% have found paths to zero trust that don’t require an equipment overhaul, leaving 42% at risk of slower implementation timelines and higher costs.
- 93% claim that zero trust adoption is “inevitable.”
- 88% have already taken steps to adopt a zero trust security posture.
Digital transformation, user experience among the unexpected benefits of zero trust
The movement to zero trust represents a paradigm shift in this sector’s approach to cybersecurity: from a reactive to a proactive security posture. The benefits of this shift extend beyond security.
- 61% of respondents agree that reactive attack-detection-centric strategies for OT are not enough to prevent breaches.
- 64% indicate that they’ve already moved to a proactive security approach to block and contain attacks before they can spread.
- 55% agree that adopting zero trust accelerates digital transformation.
- Other top benefits include improved user experience (60%), more efficient operations (52%), and saving time or money (42%).
Helping the zero trust laggards catch up
Nearly half (46%) of all respondents still view zero trust as an aspiration to be pursued over many years. Fortunately, several tactics are proving helpful for accelerating buy-in and avoiding unnecessary delays.
- Factors delaying zero trust implementation include lack of internal knowledge (52%), conflicting direction from leadership (46%), and a lack of resources (39%).
- Tactics for accelerating implementations include integrating zero trust into organizational culture (68%); incorporating Identify and Access Management (IAM) practices or tools (66%), while avoiding “rip and replace” of existing networks and systems; setting a formal process to define zero trust goals (60%); assessing weakness in existing OT security architecture (60%).