Cybersecurity Experts Unimpressed With CISA OT Guidance
Cybersecurity Experts Unimpressed With CISA OT Guidance
https://www.bankinfosecurity.com/cybersecurity-experts-unimpressed-cisa-ot-guidance-a-31575
Publish Date: 2026-05-01 23:33:00
Source Domain: www.bankinfosecurity.com
Governance & Risk Management
,
Operational Technology (OT)
Zero Trust Is ‘Essential’ – But Who Pays for It?
Image: Andrey Popov/Shutterstock
New guidance from the U.S. Cybersecurity and Infrastructure Security Agency on adapting zero trust security principles for operational technology is fine as far as it goes, but is pretty high-level and ignores or fudges a couple of key questions, say executives and experts.
See Also: Airlines and Airports: Visibility Across OT, IoT, and IT
“This is a great guide that takes the right direction, but it dodges the hardest question, which is who pays for it?” said Tatyana Bolton, executive director of the Operational Technology Cybersecurity Coalition, an industry group that represents OT equipment makers, owners and operators and security vendors.
“The technical thinking is sound,” she told ISMG, “But the vast majority of critical infrastructure owners and operators like water utilities, rural [electricity] co-ops, or small ports simply can’t afford to implement.”
Zero trust is a based on the proposition that the perimeter will not hold. Systems must therefore be protected-through measures such as continuous security monitoring, network segmentation and limited user access.
Under a zero trust approach, “resilience comes not from assuming adversaries can be kept out, but from designing systems that can detect intrusions, continue to operate safely, contain disruptions and recover…
