ijimsrInternational Journal of Innovation in Multidisciplinary Scientific ResearchCo

Volume -3 | Issue - 1 | 2025

MultidisciplinaryEnglishOCT - DECNNY20251231Engineering and TechnologyZero Trust for Critical Infrastructure: Policy, Architecture, and Implementation Roadmap for the Power SectorEnglishY3246Dr. JatinPatelEnglishNhttps://doi.org/10.61239/IJIMSR.2025.3127Critical infrastructure sectors such as the power grid are increasingly targeted by sophisticated cyberattacks exploiting the convergence of Information Technology (IT) and Operational Technology (OT) networks. Traditional perimeter-based security mechanisms are inadequate to address insider threats, lateral movement, and compromised remote access. This paper proposes a Zero Trust Architecture (ZTA) tailored for the power sector, integrating policy-driven access control, adaptive trust scoring, micro segmentation, and continuous verification across ITandndash;OT environments.The proposed framework aligns with international standards including NIST SP 800-207 [1] and IEC 62443 [2], and incorporates sector-specific regulatory requirements. A realistic simulation testbed was developed to validate the architecture using representative threat scenarios. Experimental results demonstrate an 83% reduction in unauthorized lateral movement, a 75% decrease in anomaly detection time, and a 90% improvement in mean time to revoke access (MTTRA) compared to traditional security models, while maintaining policy enforcement latency below 5 ms, ensuring operational suitability for real-time power systems.EnglishPower Sector, Cybersecurity, Zero Trust Architecture, Micro Segmentation, Identity Management, and Policy Enforcementhttps://ijimsr.org/admin/abstract?id=44References1619[1]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; S. Rose, O. Borchert, S. Mitchell, and S. Connelly, "NIST Special Publication 800-207," 2022.[2]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; ISAGCA - ISA Global Cybersecurity Alliance, "Security Lifecycles in the ISA / IEC 62443 Series. Security of Industrial Automation and Control Systems," no. October, pp. 1andndash;18, 2020.[3]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; N. C. Information and I. P. Centre, "NCIIPC Framework for Evaluating Cyber Security in Critical Information Infrastructure," vol. 110067.[4]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; J. Kindervag, "No More Chewy Centers: The Zero Trust Model Of Information Security," https://www.forrester.com/report/No-More-Chewy-Centers-The-Zero-Trust-Model-Of-Information-Security/RES56682, 2010.[5]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; International Organization for Standardization., "Information technology - Security techniques - Information security controls for the energy utility industry," Iso/Iec 27019:2017, vol. 2017, 2017, [Online]. Available: https://www.nen.nl/nen-iso-iec-27019-2017-en-240724[6]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; U. Department of Energy, "Cybersecurity Capability Maturity Model (C2M2), Version 2.0, July 2021," no. July, 2021.[7]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; CISA, "Zero Trust Maturity Model | CISA," Www.Cisa.Gov, no. April, 2023, [Online]. Available: https://www.cisa.gov/zero-trust-maturity-model[8]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; Central Electricity Authority (CEA), Cyber Security in Power Sector Guidelines, Government andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; of India, 2021.[9]andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; T. Alves and T. Morris, "Cybersecurity Framework for Smart Grid Substations Using Micro andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; segmentation," IEEE Access, vol. 8, pp. 151689andndash;151703, 2020. [10] andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;C. Lai, M. Hu, et al., "Integrating Zero Trust and Industrial Control System Security for Critical andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; Infrastructure," IEEE Transactions on Industrial Informatics, vol. 18, no. 12, pp. 8943andndash;8954, andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; 2021. andnbsp;[11] andnbsp;andnbsp;andnbsp;andnbsp;N. K. Malhotra et al., "Challenges in Zero Trust Deployment within Operational Technology andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; Networks," Journal of Industrial Information Integration, vol. 32, 2023. andnbsp;[12] andnbsp;andnbsp;andnbsp;andnbsp;S. Shrestha et al., "Adaptive Trust Management Framework for Industrial IoT Using Machine andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; Learning," IEEE Access, vol. 10, pp. 17421andndash;17433, 2022.[13] Gartner, Implementing Zero Trust Security for Industrial Control Systems, 2022. andnbsp;[14] andnbsp;andnbsp;andnbsp;andnbsp;NCIIPC, Guidelines for Protection of Critical Information Infrastructure, Government of India, andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; 2022. andnbsp;[15] andnbsp;andnbsp;andnbsp;andnbsp;DOE, Cybersecurity for Energy Delivery Systems (CEDS) Strategy, U.S. Department of Energy, andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp;andnbsp; 2021.