The US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to stop assuming their networks are safe, and has released joint guidance to adapt zero trust principles for industrial systems that support US power, water, transportation, building automation, and weapons-support infrastructure. OT owners should design controls on the assumption that adversaries are already inside the network, and validate every access request based on identity, context, and risk rather than network location, CISA and four partner agencies wrote in a 28-page document titled Adapting Zero Trust Principles to Operational Technology. The guide was developed ...