(TLP:CLEAR) CISA Guidance – Adapting Zero Trust Principles to Operational Technology
Created: Thursday, April 30, 2026 - 14:29
Categories: Cybersecurity, Federal & State Resources, OT-ICS Security
Summary: Yesterday, CISA, in coordination with federal partners, released the guidance “Adapting Zero Trust Principles to Operational Technology,” which provides recommendations or applying Zero Trust (ZT) architecture to ICS/OT environments. The guidance emphasizes eliminating implicit trust and continuously validating access based on identity, context, and risk. It highlights increasing cybersecurity risks associated with IT/OT convergence and provides best practice for improving asset visibility, identity and access management, network segmentation, and layered security control within OT environments.
Analyst Note: This guidance is directly relevant to water and wastewater utilities as OT environments continue to become interconnected and reliant on remote access and digital monitoring. CISA notes that traditional perimeter-based defenses are no longer sufficient to protect critical systems, particularly as utilities adopt technologies that increase connectivity across treatment, distribution, and remote sites.
The Zero Trust model reinforces several core practices already emphasized for the water sector:
- Maintain comprehensive visibility into OT assets
- Enforce strong identity and access controls
- Segment networks to limit lateral movement
These principles are particularly important for utilities managing distributed infrastructure and third-party access, where implicit trust and broad network access can introduce risk.
WaterISAC encourages members to review CISA’s guidance and consider how ZT principles can be adapted to their OT environments, particularly by strengthening authentication controls, limiting unnecessary access, and improving monitoring of user and system activity.
Original Source: https://www.cisa.gov/resources-tools/resources/adapting-zero-trust-principles-operational-technology
Additional Reading:
- Fundamentals 2, 4, & 5: WaterISAC’s 12 Cybersecurity Fundamentals for Water and Wastewater Utilities
Related WaterISAC PIRs: 6, 8, 12