惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Opinion

Op-Ed: The transaction was legitimate; the crime was hidden in the system Op-Ed: Why CISOs are drowning in alerts but missing the real threat Op-Ed: The reality of data-centric security and attribute-based access control Op-Ed: Australia’s cyber law is stuck in the past – the Slay Review is our chance to fix it Australian federal budget 2026: The industry perspective Op-Ed: Redefining performance in the AI-powered SOC Op-Ed: AI won’t patch the holes in your SOC Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities The industry speaks: World Identity Management Day 2026 The industry speaks: World Cloud Security Day 2026 The industry speaks: World Backup Day 2026 Op-Ed: Information sharing of cyber threats vital to national security Op-Ed: Building secure foundations for AI in the cloud Op-Ed: AI isn’t the threat, poor design is Op-Ed: Why Australia’s schools are becoming strategic targets for organised crime Op-Ed: Australia’s National AI Plan looks good on paper, but where are the teeth? Op-Ed: Australian organisations need federated authority to stay secure at scale Supply chain risk: Understanding the weakest link in cyber security
Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room
Christopher Rule, general manager – defence, security, and resil · 2026-04-10 · via Opinion

Zero trust has become the default answer to almost every cyber question in boardrooms and cabinet briefings alike – but is it being properly applied?

user icon Christopher Rule, general manager – defence, security, and resilience at GME, and Michael Blake, Technical Fellow at Owl Cyber Defense Fri, 10 Apr 2026 Security

Op-Ed: Why Zero Trust for OT should start at the boundary, not the boiler room

“Never trust, always verify” is a sound principle. But when organisations move from cloud workloads to operational systems, the theory quickly collides with reality.

In operational technology (OT) environments, zero trust remains a critical goal, but applying IT-style models uniformly across every system can introduce high cost and complexity without proportionate risk reduction.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

The way forward for Australian critical infrastructure is not a one-size-fits-all approach, but a staged, boundary‑based approach that acknowledges legacy constraints while still lifting resilience.

A boundary-first, staged approach

A more practical path is to treat zero trust as an architectural discipline, applied where it creates the greatest risk reduction, and to build from the inside out. That starts with hardening the enterprise applications and services that process OT data, where organisations can realistically enforce strong identity, continuous verification, and least privilege.

From there, operators can define clear security perimeters around critical data flows between OT and IT, rather than trying to make every field device “zero-trust native”. This boundary-first stance lends itself to incremental programs, allowing organisations to prioritise the highest-consequence systems, achieve visible milestones and avoid the all-or-nothing trap that paralyses many OT transformations.

Protecting legacy systems with targeted controls

Because many legacy devices cannot host agents or even produce logs, organisations must protect them indirectly using architectural controls. Hardware-enforced one-way data transfer is a prime example, where a data diode physically allows information to travel out of an OT segment but not back in, cutting off large classes of remote attack regardless of software misconfiguration.

GME’s work with Owl Cyber Defense applies this concept in the Australian critical infrastructure landscape. Through this partnership, one-way data transfer technology is combined with filtering and labelling. This set-up allows data from constrained OT and IoT devices to be safely ingested into modern, zero-trust-aligned environments.

By separating these devices behind diodes, operators can focus scarce engineering and certificate‑management effort on the more capable systems that analyse and act on the data, rather than trying to modernise every sensor in the field.

Plan for troubleshooting, talent and automation

A zero-trust program that looks good on a maturity heatmap but cannot be supported day‑to‑day is its own kind of vulnerability. Operators need to think through who will manage public key infrastructure, how certificate renewals will be automated, and how faults will be diagnosed across segmented networks and layered controls. These considerations belong in the initial architecture, not as afterthoughts once the first tools are deployed.

For many Australian organisations, the answer will be a blend of internal capability and trusted partners – whether that is managed services for boundary technologies like data diodes and next‑generation gateways, or specialist support for designing around leading zero trust frameworks. What matters is not owning every skill in‑house, but ensuring that when something breaks, the right expertise and telemetry exist to find and fix the problem quickly.

Turning principles into action: 5 next steps

Once organisations have aligned on a boundary‑based strategy and accepted that OT zero trust is a journey, the challenge becomes where to start.

A pragmatic set of steps helps convert strategy into execution without overwhelming teams.

  • Know what is really on the network: Discover every device, system, and “shadow IT” asset, including legacy hardware hiding in closets or behind walls, and validate automated scan results with physical inspection. In doing so, organisations should expect to uncover unclaimed, unpatched equipment performing critical functions, and plan a budget accordingly to modernise what’s needed for zero trust.

  • Segment to shrink the blast radius: Create micro-segments so users, servers, and applications can only communicate with what they need, containing any breach to a small area instead of the entire network. This is achieved through mechanisms like VLANs, enforced controls, next-generation firewalls, and, in high-risk cases, one-way diodes (for IoT, backups, etc.).

  • Tighten access management and roles: Regularly audit and clean up privileges for both people and machines, eliminating “privilege creep” as staff move roles and temporary connections between segments become permanent. These audits ensure intended isolation and role separation still match reality.

  • Scope and budget realistically: Leaders need to assess business risk, identify crown‑jewel assets and highest‑impact attack paths, and then estimate what it will take in both technology and skills to harden those first. Using maturity models to set achievable milestones allows boards to understand trade‑offs, rather than funding an open‑ended, enterprise‑wide rebuild.

  • Invest in talent and sustainment: Mature zero-trust environments often rely on dozens of specialised tools and tightly segmented domains. Without people who understand how those pieces fit together, organisations risk creating architectures that are secure on paper but fragile in practice. Some will build these capabilities in‑house, while others will lean on trusted partners or fractional cyber leadership, but all need a clear plan for ongoing operation, not just initial rollout.

Zero trust as an OT resilience journey

For critical infrastructure operators, zero trust should be viewed less as a compliance checklist and more as an ongoing journey to reduce the impact of inevitable failures and intrusions. That journey starts with honest visibility into legacy constraints, then draws smart boundaries. From there, using hardware-enforced one-way transfer where it counts and concentrates advanced controls where they can be fully applied.

By taking a manageable, boundary‑based approach, Australian organisations can materially lift cyber resilience without bringing operations to a standstill or attempting an impossible and immediate upgrade of every device in the field.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.