Cyber resilience in Operational Technology (OT) environments is paramount, yet a fundamental conflict exists between traditional safety-driven "fail open" requirements and Zero Trust principles. While fail-open designs are mandated to ensure continuous operation and prevent catastrophic shutdowns in critical infrastructure, this paradigm fundamentally undermines the security tenets of Zero Trust. Zero Trust operates on the principle of "never trust, always verify," demanding explicit authorization for every access attempt and assuming compromise. However, when an OT system or control fails, failing open essentially grants unverified, implicit trust, allowing traffic or operations to proceed without security validation.
This inherent contradiction eliminates the core protective mechanisms of Zero Trust, exposing critical industrial processes to significant cyber risks. This presentation will explore how "fail open" paradigms create bypasses for microsegmentation, continuous authentication, and least privilege enforcement. We will demonstrate how attackers can exploit these design choices, turning safety features into vectors for unhindered lateral movement and data exfiltration within OT networks. Understanding this paradox is crucial for practitioners aiming to implement robust cyber resilience. We argue that achieving true security in OT requires a fundamental re-evaluation of fail-open mandates, proposing alternative architectural approaches that reconcile safety with the imperative of Zero Trust. This session offers insights into bridging this critical gap, advocating for innovative strategies to secure industrial control systems without compromising operational integrity.