Abstract

Techniques are presented herein that support a zero trust architecture for (e.g., legacy) devices in an operational technology (OT) and industrial internet of things (IIoT) environment. The presented techniques support granular segmentation and access control to critical assets based on a network equipment vendor’s ability to host applications (in this instance a proxy) on network components such as switches. Aspects of the presented techniques comprise three key components or artifacts. A first artifact encompasses a proxy component that is hosted as part of a control system. A second artifact encompasses a proxy component – i.e., a zero trust agent (ZTA) – that is hosted on a switch, and which enforces the (e.g., role-based access control (RBAC)) security of a cabinet which will be considered a resource enclave, and which may be assigned a cryptographically-based identity. A third artifact encompasses a policy administration and authentication server.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Seewald, Maik; Hausermann, Laurent; and Guerard, Andre, "NETWORK-EMBEDDED ZERO TRUST AGENT FOR AUTOMATION AND CONTROL SYSTEMS", Technical Disclosure Commons, (June 13, 2022)
https://www.tdcommons.org/dpubs_series/5196

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

NETWORK-EMBEDDED ZERO TRUST AGENT FOR AUTOMATION AND CONTROL SYSTEMS

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

NETWORK-EMBEDDED ZERO TRUST AGENT FOR AUTOMATION AND CONTROL SYSTEMS

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information