The Zero Trust Hub

When a cyberattack hits a factory floor, it doesn’t announce itself.  

Systems just stop responding. Outputs drift, and operators scramble to find out why.  

By the time they find the breach, the attacker has spent weeks inside the network, moving freely through systems that were never built to stop them.

This is the reality security teams across every industry, including critical manufacturing, face today. While the new EU Cyber Resilience Act (CRA) has raised the security bar for connected industrial devices, it only tells you whether your devices are secure. It can’t tell you whether your system can survive a breach, something that’s more critical than ever before.

Closing that gap is what Zero Trust was designed to do. But most manufacturing environments simply aren’t there yet.

Compliant devices don’t make secure systems

The CRA requires manufacturers to build security into their devices from the start, manage known flaws across the product’s lifecycle, and ship regular updates. For a sector long defined by old firmware and unpatched programmable logic controllers (PLCs), that’s a real step forward.

The problem is that compliance at the device level does nothing to change how those devices are set up or how the network around them is built.

Most legacy OT networks grant trust based on two things: where a device sits and what job it does. If it’s in the right place doing the right thing, it gets trusted — broadly, and without question.  

Zero Trust rejects that entirely.  

A Zero Trust security strategy requires tight segmentation, verified identity for every connection, and policy that adapts as things change. Applying those standards to an environment built on the opposite logic isn’t a small update. It requires rethinking how the whole system works.

Air gaps are gone, but the old OT security model remains

For years, keeping factory systems cut off from outside networks was seen as a solid security strategy. If attackers couldn’t reach a system, they couldn’t compromise it.  

That logic made sense when the isolation was real. But it’s not real anymore.  

Today, manufacturing systems connect to IT networks, cloud platforms, and third-party vendors as a matter of routine. The air gap is gone in most environments.

What hasn’t gone is the old way of thinking. OT systems were built for uptime and safety, not for the continuous checks that Zero Trust demands.  

This puts organizations in a risky middle ground: connected to modern networks but still relying on security logic designed for isolated ones.  

That’s exactly the kind of gap attackers look for. It gives them a path and room to move once they’re inside your network.

Zero Trust in OT starts with visibility instead of enforcement

The most common gap I see in closed manufacturing environments is a lack of visibility.  

Many OT devices were never built to share the data that security teams need, such as identity context, traffic patterns, and behavioral signals. Without that data, large parts of the OT network are dark.  

You can’t protect what you can’t see. Trying to enforce Zero Trust on systems you don’t fully understand creates both security gaps and operational risk.

The right starting point is a full map of every device, connection, and data flow, including the ones that were never meant to be there. From that base, you can set least-privilege policy at the device level and roll out microsegmentation step by step, checking the effect on operations at each stage before going further.

This is also how you handle potential pushback from other teams that Zero Trust will disrupt production. It can if you enforce controls before you understand what’s running. But that’s why you start with visibility.  

Use tools built for OT that understand industrial traffic. That way, you can enforce Zero Trust policy without cutting off the connections that keep the plant running.

The window for gradual progress is narrowing

The threat to manufacturing has grown faster than the defenses built to stop it.  

Ransomware groups now run polished OT attack operations. Nation-state actors sit inside critical infrastructure for years before they act. AI-driven attack tools can map networks and find weak points faster than any analyst can track.  

The security models most OT environments rely on weren’t built for any of this.

CISOs who’ve met CRA requirements and called it done are carrying more risk than they know. Meeting the rules isn’t the same as being resilient. The space between those two things is where attacks succeed.  

The path forward is to treat Zero Trust as an operating model, not a project. Build visibility first, and use microsegmentation to stop attackers from moving freely once they get in.

The factory floor can’t afford the silence that follows a breach. The work to prevent it needs to start now.