Zero Trust principles are universal, but Zero Trust implementation is not. A control architecture that works for an enterprise IT environment cannot be applied directly to a SCADA system running Modbus RTU, a DCS managing a chemical process, or a building management system running BACnet over IP. Each OT technology category has its own protocol stack, vendor ecosystem, operational risk profile, and attack surface — and each requires a tailored approach to identity, device trust, network segmentation, application access, and data protection.
The system references below provide practitioner-level guidance for each major OT technology category: what it is, why its security challenges are distinct, how Zero Trust controls apply specifically, which regulatory frameworks govern it, and a brief note on its market scale and deployment context. These are not vendor evaluations — they are architecture and controls references for practitioners responsible for securing these environments.
SCADA
Supervisory Control and Data Acquisition — utilities, pipelines, water systems. Modbus/DNP3 protocol constraints and nation-state targeting.
→ Read referenceDCS
Distributed Control Systems — process industries, refineries, power generation. Historian connectivity as the primary IT/OT bridge.
→ Read referenceICS & Industrial Controls
PLCs, RTUs, HMIs broadly. 40% increase in internet-exposed ICS devices between 2024–2025.
→ Read referenceMES
Manufacturing Execution Systems — shop-floor to ERP integration. Real-time production data and application-layer access controls.
→ Read referenceBMS
Building Management Systems — BACnet/LonWorks environments. BMS as a lateral movement pathway into enterprise networks.
→ Read referenceEMS
Energy Management Systems — smart grid, demand response, microgrid controllers. NERC-CIP applicability and grid manipulation risk.
→ Read referenceCMMS
Computerized Maintenance Management Systems — often overlooked as a security surface. Vendor access for preventive maintenance.
→ Read reference