It all started with a support call. A customer reached out, frustrated that after installing
their new HMI software they couldn’t do anything. “Everything’s locked down. I can’t
access any configuration or features,” they said.
At first, it sounded like a typical installation issue—maybe a licensing problem or some
misconfigured settings. But after a few questions, it became clear that they had chosen the
"Secure Installation Option" during setup, unknowingly activating a zero-trust
configuration.
As we walked the customer through their installation, it became apparent this wasn’t just a
fix-it situation; it was a much larger conversation about zero trust security. What initially
seemed like a hindrance was actually a feature designed to ensure security from the very
first moment the software was installed. This led to a deeper dialogue about the
importance of intentional security in industrial control system environments and how zero
trust principles are fundamentally changing the game.
What is zero trust?
At its core, zero trust is a cybersecurity model based on the idea of "never trust, always
verify." In industrial control systems (ICS), where openness and accessibility have long
been the default, this concept feels foreign. Historically, ICS software installations were
open by design, relying on perimeter-based security. Once inside the network, however,
users often had unfettered access. But zero trust flips this model, limiting access and
enforcing security from the inside out.
Zero trust requires continuous verification of both users and devices, granting access only
when conditions are met. For ICS environments, this means that users must authenticate
their identity and prove their device’s security posture before they can access specific
systems or applications. No broad network access, no shortcuts—everything is intentional
and deliberate.
The idea of zero trust isn’t confined to local systems; it’s critical when extending remote
access to industrial systems, which has traditionally been achieved through VPNs and
remote desktop protocol. These methods often provide excessive access to the network if
not managed properly. Once someone (or something, such as malware) gets through, they
have access to a wide range of systems creating significant vulnerabilities, as any breach of
the perimeter can result in unrestricted lateral movement within the network. A zero-trust
approach, specifically zero trust network access (ZTNA), significantly mitigates these risks
by only granting access to specific applications or services based on identity and device
posture.
Simplifying security
The zero-trust approach often relies on a cloud/agent architecture to dynamically manage
security and control access. Here’s how it works:
- Agent deployment: A lightweight agent is installed on the target remote system.
- Cloud-based management: The cloud component serves as a centralized access
manager, often integrated with an identity provider like Office365, to authenticate
users (including multifactor authentication) and verify devices in real time before
granting access.
- Secure tunnels: Rather than providing broad network access, secure tunnels are
created between the user’s device and the agent, brokering connections with only
specific endpoints.
- Dynamic policy enforcement: Access policies adapt in real time based on factors like
location and device security, constantly adjusting to ensure only the right people
and devices can connect.
Zero trust as the new standard
By the end of our conversation, the customer not only had their ICS software up and
running but also understood they had been introduced to a more secure way of thinking
about network and application security. Their initial frustration of being “locked out”
transformed into an appreciation for the built-in zero trust measures, which would help
protect their industrial operations from an evolving range of cyber threats.
But the story didn’t end there. Inspired by the security advantages they were seeing, the
customer also opted for a ZTNA remote access solution to further safeguard their
operations. We worked closely with their team to deploy the system, ensuring that remote
users had secure, limited access to only what they needed. This additional layer of
protection secured their network and allowed them to retire less secure VPN-based remote
access methods.
The successful deployment led to even deeper conversations around IT/OT convergence,
particularly in aligning security policies across both realms. We helped pull in their cyber
and identity management teams, guiding discussions that unified security efforts between
IT and OT, strengthening their overall cybersecurity posture.
What began as a simple support call turned into a broader initiative, demonstrating how
adopting zero trust not only mitigates risks but facilitates long-term security strategies. So,
the next time you’re faced with a “Secure Installation Option” remember that it could be
your first step toward becoming the security hero your organization needs—ushering in a
stronger, more resilient approach to protecting critical infrastructure.
Dan Malyszko is vice president at Malisko Engineering, a certified member of the Control
System Integrators Association (CSIA). See Malisko Engineering’s profile on the CSIA
Industrial Automation Exchange.
