Securing Critical Infrastructure with Zero Trust

By Anand Oswal, Senior Vice President and GM at cyber security leader Palo Alto Networks

Critical infrastructure forms the fabric of our society, providing power for our homes and businesses, fuel for our vehicles, and medical services that preserve human health.

With the acceleration of digital transformation spurred by the pandemic, larger and larger volumes of critical infrastructure and services have become increasingly connected. Operational technology (OT) serves a critical role as sensors in power plants, water treatment facilities, and a broad range of industrial environments.

Digital transformation has also led to a growing convergence between OT and information technology (IT). All of this connection brings accessibility benefits, but it also introduces a host of potential security risks.

Cyberattacks on critical infrastructure threaten many aspects of our lives

It’s a hard fact that there isn’t an aspect of life today free from cyberthreat. Ransomware and phishing attacks continue to proliferate, and in recent years, we’ve also seen an increasing number of attacks against critical infrastructure targets. Even in environments where OT and IT have been traditionally segmented or even air-gapped, these environments have largely converged, presenting attackers with the ability to find an initial foothold and then escalate their activities to more serious pursuits, such as disrupting operations.

Examples are all around us. Among the most far-reaching attacks against critical infrastructure in recent years was the Colonial Pipeline incident, which triggered resource supply fears across the US as the pipeline was temporarily shut down. Automobile manufacturer Toyota was forced to shut down briefly after a critical supplier was hit by a cyberattack. Meat processing vendor JBS USA Holding experienced a ransomware cyberattack that impacted the food supply chain. The Oldsmar water treatment plant in Florida was the victim of a cyberattack that could have potentially poisoned the water supply. Hospitals have suffered cyberattacks and ransomware that threaten patients’ lives, with the FBI warning that North Korea is actively targeting the US healthcare sector. The list goes on and on.

Global instability complicates this situation further as attacks against critical infrastructure around the world spiked following Russia’s invasion of Ukraine, with the deployment of Industroyer2 malware that is specifically designed to target and cripple critical industrial infrastructure.

Today’s challenges place an increasing focus on operational resiliency

With all of these significant challenges to critical infrastructure environments, it’s not surprising that there is a growing focus on operational resiliency within the sector. Simply put, failure is not an option. You can’t have your water or your power go down or have food supplies disrupted because an outage of critical infrastructure has a direct impact on human health and safety. So, the stakes are very high, and there is almost zero tolerance for something going the wrong way.

Being operationally resilient in an era of increasing threats and changing work habits is an ongoing challenge for many organizations. This is doubly true for the organizations, agencies, and companies that comprise our critical infrastructure.

Digital transformation is fundamentally changing the way this sector must approach cybersecurity. With the emerging hybrid workforce and accelerating cloud migration, applications and users are now everywhere, with users expecting access from any location on any device. The implied trust of years past, where being physically present in an office provided some measure of user authenticity simply no longer exists. This level of complexity requires a higher level of security, applied consistently across all environments and interactions.

Overcoming cybersecurity challenges in critical infrastructure

To get to a state of resiliency, there are a number of common challenges in critical infrastructure environments that need to be overcome because they negatively impact security outcomes. These include:

Legacy systems: Critical infrastructure often uses legacy systems far beyond their reasonable lifespan from a security standpoint. This means many systems are running older, unsupported operating systems, which often cannot be easily patched or upgraded due to operational, compliance, or warranty concerns.

IT/OT convergence: As IT and OT systems converge, OT systems that were previously isolated are now accessible, making them more available and, inherently, more at risk of being attacked.

A lack of skilled resources: In general, there is a lack of dedicated security personnel and security skills in this sector. There has also been a shift in recent years toward remote operations, which has put further pressure on resources.

Regulatory compliance. There are rules and regulations across many critical infrastructure verticals that create complexity concerning what is or isn’t allowed.

Getting insights from data: With a growing number of devices, it’s often a challenge for organizations to get insights and analytics from usage data that can help to steer business and operational outcomes.

The importance of Zero Trust in critical infrastructure

A Zero Trust approach can help to remediate a number of the security challenges that face critical infrastructure environments and also provide the level of cyber resilience that critical infrastructure needs now.

How come? The concept of Zero Trust, at its most basic level, is all about eliminating implied trust. Every user needs to be authenticated, every access request needs to be validated, and all activities continuously monitored. With Zero Trust authentication, access is a continuous process that helps to limit risk.

Zero Trust isn’t just about locking things down; it’s also about providing consistent security and a common experience for users, wherever they are. So, whether a user is at home or in the office, they get treated the same from a security and risk perspective. Just because a user walked into an office doesn’t mean they should automatically be granted access privileges.

Zero Trust isn’t only about users: the same principles apply to cloud workloads and infrastructure components like OT devices or network nodes. There is still a need to authenticate devices and access to authorize what the device is trying to do and provide control, and that’s what the Zero Trust Model can provide.

All of these aspects of Zero Trust enable the heightened security posture that critical infrastructure demands.

Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of implicit trust from an organization’s network architecture. The most important objectives in CI cybersecurity are about preventing damaging cyber physical effects to assets, loss of critical services, and preserving human health and safety. Critical infrastructure’s purpose-built nature and correspondingly predictable network traffic and challenges with patching make it an ideal environment for Zero Trust.

Applying a Zero Trust approach that fits critical infrastructure

It’s important to realize that Zero Trust is not a single product; it’s a journey that organizations will need to take.

Going from a traditional network architecture to Zero Trust, especially in critical infrastructure, is not going to be a “one-and-done” effort that can be achieved with the flip of a switch. Rather, the approach we recommend is a phased model that can be broken down into several key steps:

1. Identifying the crown jewels. A foundational step is to first identify what critical infrastructure IT and OT assets are in place.

2. Visibility and risk assessment of all assets. You can’t secure what you can’t see. Broad visibility that includes behavioral and transaction flow understanding is an important step in order to not only evaluate risk but also to inform the creation of Zero Trust policies.

3. OT-IT network segmentation. It is imperative to separate IT from OT networks to limit risk and minimize the attack surface.

4. Application of Zero Trust policies. This includes:

• Least-privileged access and continuous trust verification, which is a key security control that greatly limits the impact of a security incident
• Continuous security inspection that ensures the transactions are safe by stopping threats — both known and unknown, including zero-day threats — without affecting user productivity

By definition, critical infrastructure is vital. It needs to be operationally resilient, be able to reduce the potential attack surface, and minimize the new or expanding risks created by digital transformation. When applied correctly, a Zero Trust approach to security within critical infrastructure can play a central role in all of this — ensuring resilience and the availability of services that society depends on every day.

Learn more about our Zero Trust approach.

About Anand Oswal:

Anand serves as Senior Vice President and GM at cyber security leader Palo Alto Networks. Prior to this Anand, was Senior Vice President of Engineering for Cisco’s Intent-Based Networking Group. At Cisco he was responsible for building the complete set of platforms and solutions for the Cisco enterprise networking portfolio. The portfolio spans enterprise products across routing, access switching, IoT connectivity, wireless, and network and cloud services deployed for customers worldwide.

Anand is a dynamic leader, building strong, diverse, and motivated teams that continually excel through a relentless focus on execution. He holds more than 50 U.S. patents and is focused on innovation and inspiring his team to build awesome products and solutions.