![]()
Cybersecurity Risk Frameworks for Mission Critical Process Automation: From IT/OT Convergence to Zero-Trust Architectures
Mohammed Hazique Shaikh
Mohammed Hazique Shaikh, Department of Industrial Automation & Engineering, 161 Mechanic Street, Bellingham (MA), United States of America (USA).
Manuscript received on 30 April 2026 | First Revised Manuscript received on 06 May 2026 | Second Revised Manuscript received on 18 May 2026 | Manuscript Accepted on 15 June 2026 | Manuscript published on 30 June 2026 | PP: 1-6 | Volume-15 Issue-5, June 2026 | Retrieval Number: 100.1/ijeat.E477815050626 | DOI: 10.35940/ijeat.E4778.15050626
Open Access | Editorial and Publishing Policies | Cite | Zenodo | OJS | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: There is a gap in industrial cybersecurity. Above all, the frameworks that govern OT security, IEC 62443 for short, were built for a time when the air gap existed, and the threat model was physical. That era came to an end quietly, between the first remote vendor access agreement and the first cloud-connected historian. By 2024, more than 12,000 ICS-oriented cybersecurity incidents had occurred in one year, with dual IT/OT breaches averaging USD 4.56 million per event. Zero Trust Architecture, as specified in NIST SP 800-207, is the correct conceptual response: No longer should you trust your network location; verify everything at every step. The caveat is that NIST SP 800-207 is IT-oriented, and its accompanying implementation manual specifically excludes OT. No Zero Trust standard is specifically designed for OT. This paper examines the top-level cybersecurity governance platforms and their relevance to five dimensions of OT, presents a scenario of 2024-2026 industrially harmful environments, and introduces the Adaptive Zero Trust Framework for Industrial Control Systems (AZTF-ICS). AZTF-ICS is an innovative five-pillar model that uses Zero Trust principles to address the unique operational constraints of mission-critical process automation, with real-time requirements, high availability, and safety tasks that are not susceptible to interruption, irrespective of any security control policy.
Keywords: IT/OT Convergence, Zero Trust Architecture, ICS Cybersecurity, IEC 62443, AZTF-ICS, Process Automation, Industrial Control Systems, NIST SP 800-207, ISAGCA, Operational Technology Security.
Scope of the Article: Mechanical Engineering
