How manufacturers can rethink and reshape cybersecurity strategies to protect production operations—without compromising uptime or disrupting the plant floor.
Zero-trust insights
- Traditional zero-trust models fail in OT environments because they conflict with manufacturing priorities like uptime and availability.
- Operational environments require an OT-specific approach to zero trust, including bottom-up segmentation, asset visibility and rapid-change workflows.
- Successful implementation depends on cross-functional collaboration between IT, OT and operations teams, with shared responsibility, funding and field-level understanding.
Applying zero-trust architectures and frameworks to operational technology (OT) environments creates significant challenges for manufacturing and critical infrastructure.
Forcing IT-developed zero-trust frameworks into industrial environments often leads to operational disruptions and security failures. Manufacturing operations are focused on production. When implementation causes downtime, OT teams inevitably find workarounds that create even greater vulnerabilities.
The zero-trust collision in manufacturing
The zero-trust principle of “trust, but verify” fundamentally conflicts with OT environments that prioritize availability and production continuity above everything else.
When zero-trust implementation disrupts remote access during equipment failures, many manufacturers can face hundreds of thousands, if not millions, of dollars a day in downtime costs. This is one reason IT-OT convergence often becomes an IT-OT collision.
Why traditional zero-trust approaches fail in OT
Top-down vs. bottom-up implementation
IT environments are well defined with consistent applications and clear traffic segmentation. OT systems are a “melting pot” of diverse technologies, protocols and legacy equipment. Zero trust in industrial environments requires a bottom-up approach focused on understanding what’s actually in each “bucket” of systems rather than imposing uniform rules from above.
Super flat network realities
Many manufacturing facilities operate with “super flat” networks, where critical production equipment shares network space with business systems. Implementing zero-trust segmentation in these environments can be compared to putting a 16-year-old behind the wheel of a Formula One race car — technically possible but dangerously impractical without substantial preparation.
Identity management conflicts
Zero trust demands robust identity verification, but industrial systems often use shared credentials or lack authentication capabilities entirely. Plant floor operators wanting to avoid authentication delays will find ways around these controls.
Five recommendations for zero trust in manufacturing
1. Implement an asset-first approach
Before pursuing zero-trust initiatives, deploy OT-specific tools that provide continuous visibility into the 20/25-to-1 ratio of OT assets compared to IT assets on your plant floor. These tools should track both inventory and process integrity changes to deliver operational value plus security.
2. Adopt the “bucket approach” to segmentation
Instead of comprehensive segmentation, identify targeted “buckets” of critical systems. Move assets incrementally from unsecured buckets to secured ones without disrupting operations. This evolutionary approach accommodates the reality that, “It took decades to get here, and it’s going to take some time to get out of it.”
3. Establish OT-specific change management
Standard IT change processes that require a week to get somebody onboarded for remote access are incompatible with production needs. Create OT-specific change processes that maintain security while accommodating manufacturing’s rapid response requirements.
4. Build field experience among security teams
Security teams must experience production operations firsthand. If you’re an IT security professional and either don’t know your OT counterparts or don’t visit the manufacturing plants on a regular basis, you’re at a disadvantage. The IT and OT team members responsible for security should be on the same page. It will be difficult to develop an all-encompassing, detailed cybersecurity scope for your manufacturing environments without this collaboration.
5. Create cross-functional funding models
Zero-trust initiatives must be funded from both IT and OT budgets, with input from plant managers, engineering teams and operations management executives. Without this shared investment, progress and commitment toward securing the industrial plant environment will be slow going or not going at all. By cross-referencing the value of not only cybersecurity, but operational resiliency benefits from minimizing unexpected and unplanned downtime, funding can become easier and the financial benefits self-evident.
Zero trust as a journey, not a destination
Zero trust remains a valuable strategy and target to keep moving toward, but manufacturing leaders must recognize it as an evolutionary journey requiring OT-specific approaches. Organizations that successfully implement zero-trust principles in industrial environments understand that security cannot come at the expense of operational resilience. By balancing zero-trust principles with operational realities, organizations can incrementally improve security while maintaining the production capacity that drives business success.
AUTHOR
Dino Busalachi, Director, BW Design Group, Busalachi has more than three decades of global experience across information technology (IT), engineering and industrial control systems (ICS) with multiple globally recognized brands including Rockwell Automation, Anheuser Busch, American Standard, General Motors and more.
LEARNING OBJECTIVES
- Understand why traditional IT-based zero-trust frameworks often fail when applied directly to operational technology (OT) environments.
- Identify key challenges in implementing zero trust in manufacturing, including network architecture, identity management and organizational misalignment.
- Learn five practical, OT-specific strategies for successfully adapting zero-trust principles without compromising uptime or operational continuity.
CONSIDER THIS
How can we tailor our cybersecurity strategy to align with the unique operational realities of our plant floor, so that we enhance security without jeopardizing uptime or production efficiency?
