1. Introduction
The convergence of information technology and operational technology networks has exposed previously air-gapped SCADA systems to a broader threat landscape, while perimeter-based security models remain the default in most industrial deployments. Zero trust principles, already established in enterprise IT, require adaptation for the latency and availability constraints of real-time control networks.
2. Methodology
A reference architecture was implemented on a hardware-in-the-loop testbed emulating a municipal water treatment SCADA system, comprising a historian, HMI, and six emulated PLCs. Continuous device attestation was enforced via TPM-backed certificates, and a policy engine mediated all Modbus/TCP and DNP3 requests against a least-privilege access matrix, with micro-segmentation implemented through software-defined networking flow rules.
3. Results
Reachability analysis showed a 71 percent reduction in the number of host pairs capable of lateral communication following segmentation, and simulated credential-theft attacks were contained to a single control zone in 9 of 10 trial runs, compared with full-network compromise in the baseline flat-network configuration. Control-loop round-trip latency increased by an average of 3.6ms, within acceptable bounds for the simulated process.
4. Conclusion
Zero trust principles can be adapted to SCADA environments with manageable latency overhead while substantially limiting lateral movement following an initial compromise. Future work will evaluate the architecture against a wider set of OT protocols including IEC 61850.
References
[1] Rose S. et al., Zero Trust Architecture, NIST Special Publication 800-207, 2020. [2] Stouffer K. et al., Guide to Industrial Control Systems Security, NIST SP 800-82, 2015. [3] Alcaraz C. and Zeadally S., Critical infrastructure protection: Requirements and challenges, IJCIP, 2015. [4] Knapp E. and Langill J., Industrial Network Security, Syngress, 2014.