Electric, water, gas, and telecommunications utilities operate as critical national infrastructure where cybersecurity failures translate directly into public safety impacts — and where the combination of legacy OT systems, geographic distribution, and third-party contractor access creates an attack surface that perimeter-based security cannot adequately defend. NERC CIP for bulk electric system operators, AWIA 2018 for water utilities, and TSA security directives for gas pipelines collectively mandate access-control and incident-response capabilities that Zero Trust architecture implements through continuous verification of operator identity and device posture.
Related: Energy · Pipelines · NERC CIP · Zero Trust for OT · SCADA