Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

OT Zero Trust and the air gap gap: what practitioners need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: CISA’s OT Zero Trust guidance argues that air gaps are no longer a reliable security assumption because remote access, cloud-connected interfaces and IT/OT integration create unavoidable paths into critical systems, according to Appgate’s analysis of the guide. Logical segmentation, identity-centric access and continuous validation now define practical OT defence, not perimeter myths.

NHIMG editorial — based on content published by Appgate: CISA guidance on Zero Trust for OT environments and AppGate ZTNA’s response

By the numbers:

Questions worth separating out

Q: What fails when organisations treat OT as air-gapped in practice?

A: The failure mode is assuming that physical or logical separation still exists after remote support, cloud integration and vendor connectivity are added.

Q: Why do OT environments need identity-aware access controls?

A: OT systems need identity-aware controls because network location alone no longer tells you whether access is legitimate, necessary or safe.

Q: How do security teams know whether OT segmentation is actually working?

A: Look for whether access is limited to the exact assets, protocols and sessions required, and whether unused routes remain invisible when not in use.

Practitioner guidance

  • Map all OT entry paths Inventory every remote vendor, administrator, service account and integration that can reach OT, then classify each path by asset, protocol and business purpose.
  • Enforce identity-gated OT access Require strong authentication, device verification and least-privilege policy before any OT session is established.
  • Move segmentation into policy enforcement Treat segmentation as a dynamic control with change review, monitoring and revocation, rather than a one-time network design choice.

What's in the full article

Appgate's full article covers the operational detail this post intentionally leaves for the source:

  • How AppGate ZTNA is positioned to enforce per-session OT access without exposing broad subnet reach
  • The direct-routed and infrastructure-cloaking design choices described for constrained industrial environments
  • The DDIL resilience discussion and how the vendor maps its architecture to disconnected or degraded conditions
  • The federal deployment context the article uses to support its operational claims

👉 Read Appgate’s analysis of Zero Trust access for OT environments →

OT Zero Trust and the air gap gap: what practitioners need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Air-gap thinking is now a liability when OT connectivity is operationally unavoidable. Once vendors, cloud services and remote engineers require access, the question becomes how to govern the route, not whether to pretend it does not exist. That shifts OT from a perimeter conversation into a privilege and verification conversation. For identity teams, this means OT access is part of the enterprise access model, not a separate exception.

A question worth separating out:

Q: Who is accountable when remote access into OT is mismanaged?

A: Accountability should sit with the owners of privileged access, OT operations and security governance together, because OT connectivity now blends network, identity and operational risk. The relevant frameworks are those that require least privilege, strong access control and continuous monitoring. In practice, accountability must include both the team approving access and the team operating the boundary.

👉 Read our full editorial: Zero Trust for OT is replacing the air gap assumption



   
ReplyQuote
Share: