Flexible Zero Trust Architecture for the Cybersecurity of Industrial Iot Infrastructures

Abstract

The growing digitalization of industrial systems and the increasing adoption of cloud technologies pose significant challenges to the secure management of modern industrial infrastructures integrating Industrial Internet of Things (IIoT) characterized by different operational requirements. Existing cybersecurity solutions are oriented to manage uniform and centralized architectures of software-based systems, but are not designed to accommodate the constraints of heterogeneous IIoT systems, such as hard real-time operation, high reliability, and decentralization for distributed decision-making.We present a novel security architecture that is specifically designed to address the stringent requirements of IIoT systems. It is based on a combination of solutions: a network micro-segmentation that can be seamlessly integrated into existing environments, and two main components: a software-defined network (SDN) ensuring a unified abstraction layer for policy enforcement across diverse environments; a centralized security management layer that simplifies the policy execution of any architectural design. We demonstrate the feasibility and effects of this original combination through a prototype. It experimentally demonstrates that our peer-to-peer SDN coupled with an asynchronous policy distribution process guarantees resiliency to individual failures, enables fully decentralized operations, and ensures central management for a flexible definition of the network topology and security policies.