A new joint guide detailing how to apply zero-trust principles in operational technology (OT) environments has been released by US government agencies, outlining practical steps to secure critical infrastructure systems while meeting safety and uptime requirements.

The publication, Adapting Zero Trust Principles to Operational Technology, was developed by a multi-agency working group led by the US Cybersecurity and Infrastructure Security Agency (CISA) alongside federal partners.

Designed for security practitioners and OT operators, the document addresses the complexities of introducing zero trust architectures into environments that prioritize continuous operation and physical safety.

It emphasizes that traditional IT-centric approaches cannot be directly applied to OT due to legacy systems, limited visibility and strict availability requirements.

Addressing IT OT Convergence Risks

As industrial systems become increasingly connected, the attack surface has expanded, creating new pathways for threat actors. The report notes that adversaries are exploiting weak segmentation, compromised credentials and supply chain vulnerabilities to pivot from IT into OT networks.

Malware families such as CrashOverride and BlackEnergy, among others, demonstrate the ability to disrupt physical processes, while living-off-the-land (LOTL) techniques allow attackers to blend into normal operations. 

These developments have made perimeter-based defenses insufficient, prompting a shift toward zero-trust models that assume compromise and continuously verify access.

Read more on OT cybersecurity risks: IT and OT Are Not Equal. IT Can Fail. Your OT Cannot

The guidance stresses that cyber incidents in OT can lead to real-world consequences, including service disruption, equipment damage and safety hazards. As a result, risk assessments must consider both digital and physical impacts when prioritizing defenses.

Core Principles For Zero Trust in OT

Rather than prescribing a single solution, the agencies outline a layered approach tailored to operational environments. Key recommendations include:

• Establish comprehensive asset inventories using passive monitoring

• Enforce network segmentation and microsegmentation to limit lateral movement

• Implement identity and access controls adapted to legacy systems

• Secure remote access through jump hosts and multifactor authentication (MFA)

• Integrate supply chain risk management into procurement decisions

The document also highlights the importance of collaboration between IT, OT and security teams to balance protection with operational continuity.

Balancing Security With Operational Constraints

Applying zero trust in OT introduces challenges such as limited patching windows, minimal logging capabilities and long equipment lifecycles.

The guidance recommends compensating controls, including enhanced monitoring and strict access policies, where modern security features cannot be deployed.

Incident response planning and recovery processes are also central to the strategy. Organizations are advised to align cyber response with existing safety procedures and business continuity plans to minimize disruption during attacks.

The agencies conclude that zero-trust adoption in OT is not about eliminating risk entirely but about improving resilience through informed, context-aware decisions.