ANALYSIS OF THE FEASIBILITY AND BENEFIT OF APPLYING ZERO TRUST PARADIGM TO OPERATIONAL TECHNOLOGY SYSTEMS
Loading...
Authors
Song, Meng Wee
Subjects
zero trust
operational technology
industrial control systems
remote access
bring-your-own-device
BYOD
operational technology
industrial control systems
remote access
bring-your-own-device
BYOD
Advisors
Irvine, Cynthia E.
Nguyen, Thuy D.
Date of Issue
2023-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
In response to evolving business demands, modern operational technology (OT) systems are increasingly exposed to external information technology (IT) environments. Consequently, their vulnerability to contemporary cybersecurity threats from legacy software and hardware necessitates proactive measures. While the Zero Trust (ZT) paradigm, outlined in NIST SP 800 207, has been embraced within IT systems, its use in OT systems remains largely uncharted. This work assessed the applicability of the ZT architectural model to modernize and secure critical OT systems. Our methodology commenced by defining requirements for OT systems, focusing on enabling remote access and bring your own device (BYOD). We then conducted threat modelling to identify potential vulnerabilities and formulated a cybersecurity policy for a water treatment plant. We designed the ZT-OT architecture, which applies the ZT tenets to protect a water treatment OT system. This architecture was evaluated against real-world use cases and preliminary results showed that a ZT approach can help mitigate vulnerabilities associated with remote access and BYOD threats in specific cases. Yet, limitations surfaced concerning legacy components and ZT effects on normal operation. This research advances security in water treatment OT systems across governmental and industrial domains, offering insights into ZT potential and challenges.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
Copyright is reserved by the copyright owner.