Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

We need a cybersecurity paradigm change

As the Massachusetts Institute of Technology’s Lincoln Laboratory has described:

“The core principles behind Z[ero]T[rust] are:

1) universal authentication of all users, devices, and services;

2) access segmentation, allowing no single entity access to more than a small portion of the organization’s resources;

3) minimal trust authorization, keeping access to resources only to those entities that “need-to-know” and can be trusted;

4) encryption everywhere to protect information in flight and at rest, whether inside or outside the organization’s networks; and

5) continuous monitoring and adjustment to detect issues early and adjust access accordingly.”

These are not the kinds of capabilities that a non-expert team can implement.