Zero Trust for OT in Manufacturing: A Practical Path to Modern Industrial Security

Introduction

Over the past decade, manufacturing has emerged as one of the most heavily targeted industries for cyberattacks. These environments are inherently complex, built on layers of specialized and often non-standard technologies that rarely align with traditional IT lifecycle practices.

Operational technology (OT) systems prioritize availability above all else, making essential cybersecurity activities like patching or routine maintenance far more challenging and potentially disruptive. Many plants also rely on third-party-owned systems that require remote vendor access, expanding the attack surface even further. In addition, organizations are often forced to retain legacy or end-of-life equipment long past their lifespan due to high replacement costs. The result is a vast, complicated, always-on ecosystem where a single misconfigured device or compromised vendor credential can bring operations to a standstill, resulting in costly downtime and lost revenues.

Despite these challenges, the broader technology industry has been slow to provide relevant and modern architectural best practices that could simplify how organizations support and secure OT environments. Traditional frameworks like the Purdue Model were written more than 30 years ago and were never designed for today’s hyper-connected factories. While useful for conceptual segmentation, they lack the prescriptive guidance and interoperability needed to address real-world complexities like hybrid IT/OT convergence, remote vendor access, real-time analytics, and modern identity frameworks. As a result, manufacturers are left to assemble fragmented solutions, retrofit aging models, and interpret broad guidelines on their own. This architectural gap has contributed to an increase in risk and a decrease in the ability to realize the benefits of a more connected world. 

This is exactly the type of environment where Zero Trust architectures stand to deliver the most value. Yet it’s also where Zero Trust is hardest to implement.

Zero Trust wasn’t designed with programmable logic controllers (PLCs) or Modbus in mind. Most OT systems can’t run agents, don’t support modern authentication, and operate in networks where availability often matters more than confidentiality. Despite this, organizations are proving Zero Trust is achievable in manufacturing. It just might look and feel a little different. 

Why Zero Trust Looks Different in OT

In traditional IT environments, Zero Trust works because we can centrally manage identities, authenticate devices, and inspect traffic without much hassle. OT environments flip those assumptions on their head. Many industrial systems are decades old and can’t support technology like TLS, signed firmware, or modern identity-based access controls. Adding new security layers can even introduce network latency, which can have the potential to impact physical safety if critical signals aren’t received in time.

Flat networks and broadcast protocols are still the norm in many facilities, and in some cases they’re required to keep machines running in real time. On top of that, vendor restrictions and third-party system certifications often limit how much you can change or harden a system. These constraints don’t invalidate Zero Trust, but they do require the reshaping of it. In OT, Zero Trust focuses on controlling behavior around and between devices, not modifying the devices themselves. 

Identity in OT

When you introduce Zero Trust principles into an OT environment, the first thing that changes is the definition of identity. In manufacturing, the most important identities aren’t only people, but also include machines, sensors, and applications. A Zero Trust approach has to account for three distinct groups, starting with non-human identities (NHIs). These include PLCs, engineering workstations, historians, safety systems, cameras, IIoT sensors, etc.  Because many of these devices can’t store certificates or actively authenticate, their identity has to be inferred through other means. Some common approaches to achieve this are through deterministic IP or MAC address bindings, switchport profiling, traffic fingerprinting, or, when supported, hardware roots of trust like TPM. The goal isn’t to achieve perfect identity, but instead identity that’s consistent, predictable, and enforceable.

Human identities come next. While leveraging shared accounts is an extremely common practice in manufacturing environments, Zero Trust instead calls for individual identities with strong authentication such as multifactor authentication (MFA). Access for vendors and technicians should also be time-bound and tied directly to specific tasks, rather than broad “remote access” privileges.

The third pillar involves application and service identities. As more manufacturing workloads extend into cloud-based platforms for elements like OEE dashboards, MES, and predictive maintenance services, Zero Trust requires least-privilege API permissions and continuous verification of any traffic moving between the cloud and the plant floor. Across all three groups, identity becomes the anchor that makes meaningful segmentation possible.

Segmentation for OT

Segmentation in OT requires a different mindset. Traditional micro-segmentation models often struggle in environments where network traffic and system communication requirements require a significant amount of structure. A better approach is adaptive segmentation. Here, policies are defined based on what the process is intended to do and using that as the baseline. This begins with grouping logical elements such as safety systems, HMI or SCADA servers, IIoT gateways, and vendor remote access infrastructure. Once grouped, it becomes much easier to define the expected communication flows within and between them. This is similar to the way the Purdue Model logically groups resources into levels/zones, but based on addressing risk in a more modern way. Once in place, any deviations in traffic flows might indicate a security concern, but not necessarily an automatic block that could interrupt production.

Segmentation must also be applied at the right technical layers. Many legacy devices can only be segmented at layer 2 using VLANs, while more modern systems can handle layer 3 enforcement. In some cases, application-aware controls at layer 7 can be used, particularly when dealing with industrial protocols that support deeper inspection. What’s important is avoiding aggressive inspection or filtering on latency-sensitive traffic unless the device or protocol is explicitly designed to support it. When in doubt, test to be sure.

Continuous Verification

Zero Trust depends on continuous verification, but in OT, aggressive enforcement can easily disrupt business operations or even create safety concerns. Instead of inline enforcement everywhere, OT environments benefit from a risk-based verification strategy that might include out of band (reactive) enforcement. This might include monitoring for abnormal message frequency, watching for configuration drift, or allowing vendor access only during approved time windows. Inline controls should be reserved for assets that can tolerate them such as engineering laptops, HMIs, and Windows servers. The more fragile systems and assets should be protected through monitoring and behavioral detection instead.

Securing IIoT

IIoT has exploded across modern manufacturing, powering everything from predictive maintenance to real-time OEE dashboards. Unlike traditional OT devices, most IIoT systems support modern security capabilities making them more suited to support Zero Trust architectures. This means it’s possible to apply strong identity and authentication from the start including TPM-backed certificates, secure boot, and mutual TLS, signed updates.

Rather than connecting IIoT devices directly into production networks, Zero Trust relies on gateway-based enforcement. These gateways act as policy control points that handle identity-based access, cloud connectivity, and threat detection. By isolating IIoT traffic and processing it at the edge, manufacturers can keep modern analytics capabilities flexible without exposing core OT systems to unnecessary risk.

Vendor & Remote Access

Remote vendor access continues to be one of the leading causes of industrial breaches. Zero Trust provides a way to dramatically reduce this risk by taking control of the technologies allowed, addressing shared logins, and addressing uncontrolled lateral movement. A mature approach uses Zero Trust access brokers or secure access gateways to manage all remote sessions. Each session is tied to an individual identity, with time-bound and context-specific access to only the systems and ports required. Least-privilege access ensures vendors can do their jobs without gaining visibility into the rest of the network, and full session recording creates an audit trail for engineering activities. This model helps protect the plant even if a vendor’s credentials are compromised in another environment.

Real-World Implementation: Five Practical Steps

Zero Trust for OT doesn’t have to seem unachievable, even when considering the typical constraints introduced by OT environments. The most successful manufacturers start small and build momentum. The first step is simply taking inventory of what you have followed by mapping and baselining critical communication flows. Third, focus on designing your network by prioritizing and containing high-value assets and securing remote access paths, particularly around safety systems, controller communications, and vendor connectivity. These areas generally provide the most immediate risk reduction. Next, implement your design ensuring strong identity and authentication for both human and non-human identity types have been established. This foundational step sets the stage for more advanced Zero Trust use cases to be achieved across the plant without disrupting operations. Finally, ensure continuous monitoring and control (re)evaluation occurs and improvements are iteratively made.

Conclusion

Zero Trust in OT is achievable when it’s tailored for manufacturing’s unique constraints. The key is balance which requires the enforcement of strong identity and segmentation around systems that support it, while using indirect controls and behavioral monitoring for fragile legacy equipment. The goal isn’t to rebuild the factory floor. It’s to ensure that every person, device, and connection is authenticated, authorized, and continuously validated, all without disrupting operations. Manufacturers that adopt this approach gain a hardened, resilient environment that can safely embrace improved cybersecurity outcomes, cloud analytics, and remote operations, while reducing the risk of catastrophic cyber incidents through Zero Trust.