Adaptive Zero Trust Security Model for IoT-Enabled Industrial Automation Systems

Abstract

The rapid integration of the Internet of Things (IoT) into industrial automation systems has significantly enhanced operational efficiency, real-time monitoring, and process control. However, this digital transformation has also expanded the cyber-attack surface, exposing critical infrastructure to sophisticated threats. Traditional perimeter-based security models fail to address the challenges of heterogeneous and distributed Industrial IoT (IIoT) environments, where implicit trust within network boundaries can lead to severe vulnerabilities. To overcome these limitations, this paper proposes an Adaptive Zero Trust Security Model (AZTSM) designed specifically for IoT-enabled industrial automation systems. The proposed model integrates dynamic trust-based access control, network micro-segmentation, and continuous verification mechanisms that adapt in real-time to the changing behaviour and risk posture of devices and users. A context-aware trust scoring algorithm dynamically evaluates device reliability based on identity authentication, behaviour analysis, and contextual attributes, enabling flexible and autonomous security enforcement. Furthermore, the adaptive framework leverages Software-Defined Networking (SDN) for centralized policy orchestration, while maintaining the resilience and scalability required in industrial automation environments. Experimental analysis demonstrates that the adaptive zero trust approach effectively mitigates lateral movement attacks, improves anomaly detection accuracy, and ensures continuous protection without compromising system performance or real-time communication requirements. This research highlights the feasibility of implementing Zero Trust principles in IIoT environments and provides a secure foundation for next-generation industrial automation architectures.