Part 11 in a 20 day series on Zero Trust for Rail – Some Drawbacks?
Some drawbacks before we go on. There is no common framework or vocabulary surrounding Zero Trust, so procurement requirements need to be well considered and articulated to avoid proprietary lock in. The market abounds with different acronyms and definitions of those acronyms. Best to seek expert advice and consult industry gurus like Forester and Gartner before decisions are made. Secondly ZTA may be applied to the defence of ICT data and applications but may not work with legacy or OT systems that rely on peer to peer data flow and commands. New systems need to incorporate Secure by Design. In addition, attackers may change their methods in the face of Zero Trust defence – they may attack the means of authentication through phishing campaigns or develop new man in the middle or impersonation compromises.