Techniques are presented herein that support a zero trust architecture for (e.g., legacy) devices in an operational technology (OT) and industrial internet of things (IIoT) environment. The presented techniques support granular segmentation and access control to critical assets based on a network equipment vendor’s ability to host applications (in this instance a proxy) on network components such as switches. Aspects of the presented techniques comprise three key components or artifacts. A first artifact encompasses a proxy component that is hosted as part of a control system. A second artifact encompasses a proxy component – i.e., a zero trust agent (ZTA) – that is hosted on a switch, and which enforces the (e.g., role-based access control (RBAC)) security of a cabinet which will be considered a resource enclave, and which may be assigned a cryptographically-based identity. A third artifact encompasses a policy administration and authentication server.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Seewald, Maik; Hausermann, Laurent; and Guerard, Andre, "NETWORK-EMBEDDED ZERO TRUST AGENT FOR AUTOMATION AND CONTROL SYSTEMS", Technical Disclosure Commons, (June 13, 2022)