Zero-Trust Model for Smart Manufacturing Industry

Abstract

Traditional security architectures use a perimeter-based security model where everything internal to the corporate network is trusted by default. This type of architecture was designed to protect static servers and endpoints; however, we need to adapt to emerging technologies where serverless applications are running on containers, mobile endpoints, IoT, and cyber-physical systems. Since the beginning of the fourth industrial revolution (Industry 4.0), there has been a massive investment in smart manufacturing which responds in real-time to the supply chain and connects the digital and physical environments using IoT, cloud computing, and data analytics. The zero-trust security model is a concept of implementing cybersecurity techniques considering all networks and hosts to be hostile irrespective of their location. Over the past few years, this model has proven to be a remarkably effective security solution in conventional networks and devices. In this paper, the zero-trust approach will be fully explored and documented explaining its principles, architecture, and implementation procedure. It will also include a background of the smart manufacturing industry and a review of the existing cyber security solutions followed by a proposed design of the zero-trust model along with all the enabling factors for on-premises and cloud-hosted infrastructure. Various security solutions such as micro-segmentation of the industrial network, device discovery, and compliance management tools that are essential in achieving complete zero-trust security are considered in the proposed architecture.