Privacy policy

Our website uses cookies to enhance your online experience by; measuring audience engagement, analyzing how our webpage is used, improving website functionality, and delivering relevant, personalized marketing content.
Your privacy is important to us. Thus, you have full control over your cookie preferences and can manage which ones to enable. You can find more information about cookies in our Cookie Policy, about the types of cookies we use on Atos Cookie Table, and information on how to withdraw your consent in our Privacy Policy.

Our website uses cookies to enhance your online experience by; measuring audience engagement, analyzing how our webpage is used, improving website functionality, and delivering relevant, personalized marketing content. Your privacy is important to us. Thus, you have full control over your cookie preferences and can manage which ones to enable. You can find more information about cookies in our Cookie Policy, about the types of cookies we use on Atos Cookie Table, and information on how to withdraw your consent in our Privacy Policy.

Skip to main content

How secure digital identities and zero touch onboarding are unlocking the future of OT cybersecurity

 

In today’s digital economy, Operational Technology (OT) is the unseen engine that keeps vital industries running — from power plants and manufacturing lines to transportation networks and water treatment facilities. But as these systems evolve, they also face a mounting threat: cyberattacks.

At Eviden, an Atos business, we’ve seen firsthand how legacy OT environments, often designed decades ago with uptime, not security, as the top priority, are now dangerously exposed. Fast forward to today, where those same industrial systems grow more connected and increasingly converge with IT networks. This means their vulnerability to cyber threats grows exponentially.

A growing threat to critical infrastructure

We’re past the point of “what if”. Real-world cyber incidents have already disrupted automobile factories, grounded flights, halted production in mining and food industries, and even caused physical damage to equipment.

These aren’t isolated incidents. Recent research projects, more than 15,000 industrial shutdowns by 2027 due to OT-targeted cyberattacks. We expect a 9900% increase in OT attacks between 2022 and 2027.

OT Attacks: Present and Future

+9900%

Growth rate
of OT attacks between 2022 and 2027. According to the Gartner market guide for OT cybersecurity.

15,000

Industrial shutdowns
caused by OT attacks expected for 2027. According to ICSStrive annual threat report, 2023. 

74%

Proportion of OT attacks
with commercial background. According to the Gartner market guide for OT cybersecurity.

Fig 1. Security predictions for 2027

Nearly 3 out of 4 of these OT-related breaches are financially motivated. Whether it’s ransomware, sabotage, or data theft, attackers are also leveraging the same tools and techniques used in IT breaches but against infrastructure where downtime can have far more serious consequences.

Keeping up with regulations

Governments and regulatory bodies are taking notice. Standards like IEC 62443, the EU’s NIS2 Directive, and the upcoming Cyber Resilience Act (CRA) now place clear cybersecurity obligations on operators of essential services. These include managing risks, reporting incidents, and securing systems throughout their lifecycle. What do all these frameworks have in common? A focus on identity, authentication, and secure communications. In short: if a device can’t prove it’s trustworthy, it shouldn’t be on the network.

This is where digital identities come into play.

Digital identities: The bedrock of OT security

Each device in an OT network needs a digital identity: a cryptographic certificate tied to a public/private keypair. This identity enables encrypted communication, mutual authentication, and data integrity checks between systems. Think of it as a digital passport. If your control valve, PLC, or sensor doesn’t have one, it shouldn’t be allowed to “travel” across your network.

But there’s the challenge: Deploying and managing these digital identities at an industrial scale is a complicated and resource-intensive task.

Manual processes. Messy processes.

Currently, many OT environments still rely on manual processes for onboarding and managing digital certificates. Shipping control, device registration, and certificate installation often involve pen-and-paper records and on-site engineering workstations. Worse yet, when a certificate expires, usually after two years, it can cause critical service outages due to failed authentication.

Limited remote access and the need for physical intervention mean that renewing certificates becomes an expensive and error-prone process. Operational teams are already stretched thin, and the global shortage of experienced OT security professionals is only making things harder.

There has to be a better way.

Automating security at scale

Zero Touch Onboarding (ZTO) offers a modern, scalable solution to these challenges. By automating the process of assigning and managing digital identities, ZTO eliminates the need for manual intervention, speeding up deployment and reducing the risk of human error.

With ZTO, new devices can be securely introduced into a network, without a technician manually configuring or verifying them. Using standardized protocols like BRSKI, EST, and FIDO Device Onboarding (FDO), devices authenticate themselves and receive certificates automatically. This forms the foundation for encrypted communication and long-term identity management.

Fig. 2 Device workflow from the manufacturer to the target site

Benefits for operators and manufacturers

For operators

  • Drastically reduced onboarding times
  • Lower risk of misconfigurations or expired certificates
  • Streamlined compliance with regulations like IEC 62443 and NIS2
  • Enhanced uptime and reduced operational costs

For manufacturers

  • ZTO-ready devices, making them more attractive to customers
  • Increased customer satisfaction and brand loyalty
  • Simplified support and integration processes

By adopting ZTO technologies, manufacturers position themselves as leaders in secure, future-ready industrial solutions.

Making OT devices ZTO-ready

Unfortunately, many existing IoT and OT devices are not yet compatible with ZTO standards. But there’s a straightforward path to get there: Eviden’s ZTO Client.

ZTO offers a comprehensive suite of ZTO products and services:

  • Eviden ZTO Client – Easily embedded into devices to make them ZTO-capable
  • Eviden Manufacturer Authorized Signing Authority (MASA) – Issues initial identities at the manufacturing stage
  • Eviden Domain Registrar – Facilitates secure registration and certificate issuance onsite

These tools are built to work with any X.509-compliant PKI and are supported by IDnomic PKI, Eviden’s proven platform for custom public key infrastructure deployments. With over 20 years of experience, Eviden also provides expert consulting to help operators and system integrators roll out ZTO solutions at scale.

Gear up to future-proof your OT environment

As the cyber threat landscape continues to evolve, OT operators must take proactive steps to secure their infrastructure. ZTO is not just a technical upgrade — it’s a strategic advantage. By automating identity management, businesses can increase resilience, reduce operating costs, and ensure compliance with an expanding set of cybersecurity regulations.

Whether you’re an OT operator, a device manufacturer, or a system integrator, now is the time to explore what ZTO can do for your business.

Share this article

X IconLinked-in Icon

Klaus Schmeh

Chief Editor Marketing, Eviden

View detailsof Klaus Schmeh >
  • Follow Klaus Schmeh on LinkedIn
 

Subscribe for regular insights

Thank you for your interest. You can download the report here.
A member of our team will be in touch with you shortly

More on Digital supply chains

The anatomy of modern IT supply chain attacks

The hidden supply chain risks of AI workloads in the cloud

Threat actor playbooks: Who is targeting the IT supply chain & how

Three steps to managing secure third-party access in your supply chain

Unifying and securing the software supply chain with ASPM