Zero Trust Architecture and Digital Twin to Improve the Cybersecurity Posture of Distributed Smart Factory Environments

The advent of the Industrial Internet Of Things (IIoT) has pushed the integration of Information Technology (IT) and Operational Technology (OT). In Distributed Smart Factory environments, this has enabled novel Industry 4.0 applications, with software components deployed in the Cloud-toedge continuum and Digital Twins (DTs) adopted as bridges towards industrial machines. However, the IT/OT convergence has also raised serious cybersecurity challenges, making obsolete traditional defense approaches typically based on the assumption that plant topology borders clearly split among trust and untrust devices. Based on these considerations, the paper proposes the adoption of the Zero Trust Architecture (ZTA) to improve the cybersecurity posture of Distributed Smart Factory environments. In particular, we identify original design guidelines to support the development and management of ZTA-aware Industry 4.0 applications accessing industrial machines via their DTs in a selective and configurable manner. The developed prototype has been tested both in a real-world industrial environment and in a virtualized testbed, with the twofold goal of demonstrating the feasibility as well as the scalability of the proposed solution.