In today’s climate of breaches and ransomware attacks, critical infrastructures are becoming more vulnerable, with more exposed attack surfaces than ever intended. The level of sophistication of attackers has grown, as they are breaching even air-gapped systems.

To counter these challenges, the age-old Purdue Model needs to be augmented with Zero Trust principles. In this short whitepaper, we examine these concepts and explore how their integration can provide a robust and comprehensive security framework for OT environments, particularly in the E&U sector, which forms a critical part of every nation's industrial infrastructure.

Zero Trust, the rejuvenated concept in security models, operates under the mantra of "never trust, always verify.” It treats everyone and everything — users, devices, applications — as potential villains, no matter their source. Zero Trust is also known as ’perimeterless’ security.

As part of the nation’s critical infrastructure, E&U is widely regarded as needing special protection because its vast network of interconnected systems and devices are prime targets for cyberattacks. As a result, the integration of Zero Trust with a software-defined perimeter (SDP) and the Purdue Model is particularly crucial.

With that in mind, strengthening the Purdue Model with Zero Trust principles will help address the shortcomings in the model and address modern threats. Blending the two involves integrating the principles of both models to create a more secure network architecture.