Applying Zero Trust in ICS: Where It Works — and Where It Breaks
About This Session
Zero Trust has become the dominant paradigm in enterprise cybersecurity — but what happens when you try to apply its principles in Industrial Control System (ICS) environments? In OT networks where uptime trumps agility, devices predate identity controls, and changes can jeopardize safety, the promise of “never trust, always verify” runs headfirst into operational reality.
Complicating matters further, the boundary between IT and OT has become increasingly porous — often through years of ad hoc growth and digital transformation — expanding the attack surface and blurring security assumptions.
This session takes a grounded, practical look at how — and where — Zero Trust concepts can be adapted to ICS/OT networks. We’ll explore what works (like least privilege and segmentation), what doesn’t (like dynamic policy enforcement on legacy PLCs), and where hardware-enforced boundaries, such as data diodes, still offer unmatched assurance in environments where software-defined trust breaks down.
Attendees will walk away with a realistic view of how to translate Zero Trust into the language and limitations of OT, without introducing risk, fragility, or unnecessary complexity.
Complicating matters further, the boundary between IT and OT has become increasingly porous — often through years of ad hoc growth and digital transformation — expanding the attack surface and blurring security assumptions.
This session takes a grounded, practical look at how — and where — Zero Trust concepts can be adapted to ICS/OT networks. We’ll explore what works (like least privilege and segmentation), what doesn’t (like dynamic policy enforcement on legacy PLCs), and where hardware-enforced boundaries, such as data diodes, still offer unmatched assurance in environments where software-defined trust breaks down.
Attendees will walk away with a realistic view of how to translate Zero Trust into the language and limitations of OT, without introducing risk, fragility, or unnecessary complexity.
Speaker
Ralph Spada
Technical Fellow - Owl Cyber Defense
Ralph J. Spada is a 20+ year veteran in designing and deploying DoD-grade security solutions. He has architected four generations of secure processing products across the Defense Industrial Base (DIB), from low-SWaP systems to enterprise-class platforms requiring high-level Anti-Tamper and Cybersecurity.
His multidisciplinary leadership spans the full product lifecycle—from system architecture, secure SoC/ASIC design, and applied cryptography to full-system hardware and software qualification. Certified in EVM and SAFe, Ralph is a proven program driver and collaborator, dedicated to advancing technology for our nation's most critical security objectives.
His multidisciplinary leadership spans the full product lifecycle—from system architecture, secure SoC/ASIC design, and applied cryptography to full-system hardware and software qualification. Certified in EVM and SAFe, Ralph is a proven program driver and collaborator, dedicated to advancing technology for our nation's most critical security objectives.