Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

George WilkesMarch 31, 2022

PODCAST: Zero Trust Security for Critical Infrastructure

Globally, cyberthreats against critical infrastructure are at an all-time high and breaches can lead to debilitating security, health and economic crises. So how can federal agencies and supporting public sector organizations use Zero Trust security to ensure continuity, consistency and efficiency to guard against cyberattacks on vital ecosystems comprising IT, IoT and OT technologies?

Share

As reported in a Feb. 9, 2022 joint cybersecurity advisory, in 2021 authorities in the U.S., Australia and the U.K. observed “an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors.”

Last year’s White House executive order on improving the nation’s cybersecurity called out critical infrastructure specifically and points to Zero Trust as the solution.

The unique challenges of securing critical infrastructure and how Zero Trust security can prevent catastrophic outcomes of cyberwarfare are discussed on this Zero Trust Thirty podcast episode featuring industry insiders Jim Anthony and Michael Friedrich. Listen below to learn:

  • The crux of critical infrastructure and why so many sectors qualify
  • How the cyberattack of a cream cheese manufacturer (yep, food supply chains are critical infrastructure) led to a months-long delay in stocking store shelves
  • Some of the unique challenges organizations that oversee critical infrastructure are facing and how Zero Trust can solve them

Listen Now:


Tips for securing critical infrastructure

Critical infrastructure involves a unique mixture of legacy operational technologies (OT) that weren’t previously internet-facing and new technology like Internet of Things (IoT) devices. According to The State of IoT/OT Cybersecurity in the Enterprise, 60% of respondents say IoT/OT devices are one of the least secured parts of their organizations’ IT/OT infrastructure. Between poor security and a complex environment, critical infrastructure administrators have a lot to tackle. Here are a few tips from Michael and Jim on how to think about security for critical infrastructure:

  • Separate OT from IT: When OT and IT are on the same network, threat actors can essentially get two for the price of one. Administrators of critical infrastructure need to recognize what is IT as opposed to OT and segment them to reduce the attack surface. In the Colonial Pipeline attack, the company disconnected the system that controls the physical pipeline for this very reason.
  • Zero Trust is about more than humans and OT devices: Data is the common thread running through systems connected to other networks. The principle of default deny access to anything or anyone connecting to networks and accessing data is the key to improving security and is the core of Zero Trust.
  • Start with identity. When applying the Zero Trust framework to critical infrastructure, defining identity is the first step of the journey. Identity-centric access control is about enforcing the principle of least privilege to reduce risk.

Additional Zero Trust for critical infrastructure resources

Webinar: Zero Trust for critical infrastructure
Blog: The CISA Zero Trust maturity model series – Part 1: Start with identity
Solution Brief: Zero Trust Network Security Purpose-Built for Federal Agency Critical Infrastructure

Receive News and Updates From Appgate