How secure digital identities and zero touch onboarding are unlocking the future of OT cybersecurity
In today’s digital economy, Operational Technology (OT) is the unseen engine that keeps vital industries running — from power plants and manufacturing lines to transportation networks and water treatment facilities. But as these systems evolve, they also face a mounting threat: cyberattacks.
At Eviden, an Atos business, we’ve seen firsthand how legacy OT environments, often designed decades ago with uptime, not security, as the top priority, are now dangerously exposed. Fast forward to today, where those same industrial systems grow more connected and increasingly converge with IT networks. This means their vulnerability to cyber threats grows exponentially.
A growing threat to critical infrastructure
We’re past the point of “what if”. Real-world cyber incidents have already disrupted automobile factories, grounded flights, halted production in mining and food industries, and even caused physical damage to equipment.
These aren’t isolated incidents. Recent research projects, more than 15,000 industrial shutdowns by 2027 due to OT-targeted cyberattacks. We expect a 9900% increase in OT attacks between 2022 and 2027.
OT Attacks: Present and Future
+9900%
15,000
74%
Fig 1. Security predictions for 2027
Nearly 3 out of 4 of these OT-related breaches are financially motivated. Whether it’s ransomware, sabotage, or data theft, attackers are also leveraging the same tools and techniques used in IT breaches but against infrastructure where downtime can have far more serious consequences.
Keeping up with regulations
Governments and regulatory bodies are taking notice. Standards like IEC 62443, the EU’s NIS2 Directive, and the upcoming Cyber Resilience Act (CRA) now place clear cybersecurity obligations on operators of essential services. These include managing risks, reporting incidents, and securing systems throughout their lifecycle. What do all these frameworks have in common? A focus on identity, authentication, and secure communications. In short: if a device can’t prove it’s trustworthy, it shouldn’t be on the network.
This is where digital identities come into play.
Digital identities: The bedrock of OT security
Each device in an OT network needs a digital identity: a cryptographic certificate tied to a public/private keypair. This identity enables encrypted communication, mutual authentication, and data integrity checks between systems. Think of it as a digital passport. If your control valve, PLC, or sensor doesn’t have one, it shouldn’t be allowed to “travel” across your network.
But there’s the challenge: Deploying and managing these digital identities at an industrial scale is a complicated and resource-intensive task.
Manual processes. Messy processes.
Currently, many OT environments still rely on manual processes for onboarding and managing digital certificates. Shipping control, device registration, and certificate installation often involve pen-and-paper records and on-site engineering workstations. Worse yet, when a certificate expires, usually after two years, it can cause critical service outages due to failed authentication.
Limited remote access and the need for physical intervention mean that renewing certificates becomes an expensive and error-prone process. Operational teams are already stretched thin, and the global shortage of experienced OT security professionals is only making things harder.
There has to be a better way.
Automating security at scale
Zero Touch Onboarding (ZTO) offers a modern, scalable solution to these challenges. By automating the process of assigning and managing digital identities, ZTO eliminates the need for manual intervention, speeding up deployment and reducing the risk of human error.
With ZTO, new devices can be securely introduced into a network, without a technician manually configuring or verifying them. Using standardized protocols like BRSKI, EST, and FIDO Device Onboarding (FDO), devices authenticate themselves and receive certificates automatically. This forms the foundation for encrypted communication and long-term identity management.
Benefits for operators and manufacturers
For operators
- Drastically reduced onboarding times
- Lower risk of misconfigurations or expired certificates
- Streamlined compliance with regulations like IEC 62443 and NIS2
- Enhanced uptime and reduced operational costs
For manufacturers
- ZTO-ready devices, making them more attractive to customers
- Increased customer satisfaction and brand loyalty
- Simplified support and integration processes
By adopting ZTO technologies, manufacturers position themselves as leaders in secure, future-ready industrial solutions.
Making OT devices ZTO-ready
Unfortunately, many existing IoT and OT devices are not yet compatible with ZTO standards. But there’s a straightforward path to get there: Eviden’s ZTO Client.
ZTO offers a comprehensive suite of ZTO products and services:
- Eviden ZTO Client – Easily embedded into devices to make them ZTO-capable
- Eviden Manufacturer Authorized Signing Authority (MASA) – Issues initial identities at the manufacturing stage
- Eviden Domain Registrar – Facilitates secure registration and certificate issuance onsite
These tools are built to work with any X.509-compliant PKI and are supported by IDnomic PKI, Eviden’s proven platform for custom public key infrastructure deployments. With over 20 years of experience, Eviden also provides expert consulting to help operators and system integrators roll out ZTO solutions at scale.
Gear up to future-proof your OT environment
As the cyber threat landscape continues to evolve, OT operators must take proactive steps to secure their infrastructure. ZTO is not just a technical upgrade — it’s a strategic advantage. By automating identity management, businesses can increase resilience, reduce operating costs, and ensure compliance with an expanding set of cybersecurity regulations.
Whether you’re an OT operator, a device manufacturer, or a system integrator, now is the time to explore what ZTO can do for your business.