TL;DR: Critical infrastructure still relies on indirect connectivity, legacy software, and assumptions of isolation that fail under pressure, and ColorTokens argues for Zero Trust in OT to limit operational impact when breaches occur. The real issue is not whether compromise happens, but whether identity-aware containment can stop it from becoming mission failure.
NHIMG editorial — based on content published by ColorTokens: Securing our Critical Infrastructure with Zero Trust
Questions worth separating out
Q: What breaks when organisations assume OT environments are air-gapped?
A: When teams assume OT is air-gapped, they overlook indirect pathways such as vendor access, shared infrastructure, and remote monitoring tools.
Q: Why do Zero Trust principles matter in critical infrastructure?
A: Zero Trust matters because critical infrastructure cannot rely on perfect prevention or rapid patching alone.
Q: How do security teams know whether OT segmentation is actually working?
A: Segmentation is working when an incident in one zone cannot reach adjacent operations, and when access requests are narrow enough to match business need.
Practitioner guidance
- Map all indirect OT access paths Inventory vendor access, shared infrastructure, remote monitoring, and maintenance channels that can reach OT assets.
- Segment around mission criticality Build microsegmentation zones around safety-critical and business-critical assets so compromise in one zone does not spread laterally.
- Enforce explicit identity for remote and system access Require strong authentication, least privilege, and session logging for operators, vendors, service accounts, and remote tools that touch OT.
What's in the full article
ColorTokens' full post covers the operational detail this post intentionally leaves for the source:
- How the Zero Trust OT roadmap is sequenced around mission impact and public-safety dependency
- Where microsegmentation fits into containment for legacy systems that cannot be patched quickly
- Why vendor access, shared infrastructure, and remote monitoring create hidden trust paths into OT
- How the article frames recent Department of War Zero Trust OT guidance in a broader resilience context
👉 Read ColorTokens' analysis of Zero Trust for critical infrastructure →
Critical infrastructure and zero trust: where mission resilience breaks down?
Explore further
Mission resilience in OT is now an identity and access problem, not only a network design problem. The article correctly centres Zero Trust as a containment model, but the deeper governance issue is that OT trust paths often exist because access was granted for convenience and never fully rationalised. Vendor connectivity, shared infrastructure, and remote monitoring create standing pathways that undermine the idea of isolation. Practitioners should treat every persistent path into OT as an access-governance decision with operational consequences.
A question worth separating out:
Q: Who is accountable when indirect OT access creates operational risk?
A: Accountability usually spans infrastructure owners, OT operators, IAM teams, and third-party risk owners because indirect access is a governance issue as much as a technical one. NIST SP 800-207 is useful for framing least-privilege and continuous verification, but organisations still need named owners for access paths, review cycles, and resilience outcomes.
👉 Read our full editorial: Zero trust for critical infrastructure depends on identity-aware containment