ICYMI last week, here is my story on the new guidance from the Cybersecurity and Infrastructure Security Agency (CISA) about how to start adapting #ZeroTrust principles from IT to operational technology/industrial control systems (OT/ICS)
To be blunt, the reaction from most of the experts I spoke to was pretty "meh," about the document. Most found something to like there, but no one seemed really excited.
Why? As Dale Peterson put it, "The document is not bad or wrong, it's just not that helpful. It's overly broad, … It's high level, and this information is well known."
Tatyana Bolton of the Operational Technology Cybersecurity Coalition asked who was going pay to bring Zero Trust cybersecurity to the thousands of U.S. critical infrastructure providers below the cyber poverty line.
And both Claroty's Field CTO Sean Tufts and Nozomi Networks' Cybersecurity Director Chris Groves charged that the document dodged or fudged some big questions. Details in the story...