
What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan
I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day.
Since the Colonial pipeline ransomware incident in 2021, it has become apparent that our industry has started posing different tones of “Are we zero trust yet?” I frequently witness its intense significance through auditing requests, TSA security directives and conversations around some control project’s goals.
One experience the zero trust role has changed is that it often feels misaligned with OT heavy environments. The NIST’s Zero Trust Archite...