A UNIFIED CONCEPTUAL FRAMEWORK FOR ZERO‑TRUST SECURITY IN CLOUD AND INDUSTRIAL CONTROL SYSTEMS

Authors

  • Rajdeep Sharma Department of Computer Science, Global Institute of Technology, London, UK

Keywords:

Zero-Trust Architecture, Cloud Security, Industrial Control Systems

Abstract

The rapid proliferation of cloud computing and microservices, alongside the increasing convergence of Industrial Control Systems (ICS) with networked infrastructures, has amplified cybersecurity risks across multiple layers of IT and operational technologies. Traditional perimeter-based security models are proving inadequate to address the dynamic threat landscape marked by advanced persistent threats, ransomware, phishing, and insider attacks. This article proposes a unified conceptual framework that integrates principles of Zero‑Trust Architecture (ZTA) with cloud security best practices and industrial control system protections, aiming to provide a resilient, adaptive, and scalable security posture. Leveraging an extensive review of existing standards, surveys, domain-specific incident analyses, and emerging orchestration methodologies, we critically evaluate how a Zero‑Trust paradigm can be effectively operationalized across cloud environments and ICS contexts. Through qualitative analysis and scenario-based reasoning, we identify potential resilience gains, challenges in deployment, and infrastructural gaps. Our findings suggest that while Zero‑Trust adoption can significantly improve both confidentiality and integrity protections for cloud services and ICS assets, significant obstacles remain—particularly in identity and access management scaling, legacy ICS integration, and automation orchestration. The paper concludes with detailed recommendations for phased implementation, automation strategies, and future empirical validation.

References

Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture, NIST Special Publication 800-207.

Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing, NIST Special Publication 800-145.

Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. Journal of Supercomputing, 63(2), 561–592.

Chandramouli, R. (2011). Security recommendations for cloud computing providers. NIST Special Publication 800-144.

Hogan, M., Liu, F., Sokol, A., & Tong, J. (2013). NIST Cloud Computing Standards Roadmap, NIST Special Publication 500-291.

Kindervag, J. (2010). Build security into your network’s DNA: The Zero Trust network architecture. Forrester Research.

Cloud Security Alliance. (2019). Software‑Defined Perimeter (SDP) and Zero Trust, CSA White Paper.

Jericho Forum. (2009). Jericho Forum Commandments. The Open Group.

Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3), 224–274.

Cao, Y., Pokhrel, S. R., Zhu, Y., Doss, R., & Li, G. (2024). Automation and Orchestration of Zero Trust architecture: Potential solutions and challenges. International Journal of Networks and Security, 5(01), 202–214.

Kesarpu, S. (2025). Zero‑Trust Architecture in Java Microservices. International Journal of Networks and Security, 5(01), 202–214.

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing Attacks: a recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3.

Sharma, A., Sharma, S., & Dave, M. (2015). Identity and access management–a comprehensive study. Proceedings of the 2015 International Conference on Green Computing and Internet of Things (ICGCIoT), 1481–1485.

Zhang, Y., Sun, Z., Yang, L., Li, Z., Zeng, Q., He, Y., & Zhang, X. (2020). All your PLCs belong to me: ICS ransomware is realistic. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 502–509.

Buchanan, S. S. (2022). Cyber-Attacks to Industrial Control Systems since Stuxnet: A Systematic Review. Thesis, Capitol Technology University.

Dudley, R., & Golden, D. (2021). The Colonial Pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms. ProPublica.

Gawazah, L., Rondla, A., & Balhareth, M. S. A. (2024). To Pay or Not to Pay: The US Colonial Pipeline Ransomware Attack. Thunderbird School of Global Management.

Daly, P. (2022). Writing on a curved surface: The operational response to the cyber-attack on the Irish health service. Médecine De Catastrophe - Urgences Collectives, 6(4), 275–277.

Tunc, C., Hariri, S., Merzouki, M., Mahmoudi, C., De Vaulx, F. J., Chbili, J., Bohn, R., & Battou, A. (2017). Cloud Security Automation Framework. In 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W), 307–312.

Downloads

Published

2025-08-31

How to Cite

Rajdeep Sharma. (2025). A UNIFIED CONCEPTUAL FRAMEWORK FOR ZERO‑TRUST SECURITY IN CLOUD AND INDUSTRIAL CONTROL SYSTEMS. Ethiopian International Journal of Multidisciplinary Research, 12(08), 178–185. Retrieved from https://eijmr.org/index.php/eijmr/article/view/4040

Issue

Vol. 12 No. 08 (2025): Ethiopian International Journal of Multidisciplinary Research

Section

Articles