I commend the authors for raising these important points.
This recent paper from Carnegie Mellon University (CMU), is recommending Zero Trust protection on Grid assets, like batteries at "specific trust boundaries".
"Zero-trust networking, which is now standard practice across federal systems and major enterprises, replaced the older perimeter-defense model. Rather than assuming that anything inside the network boundary is safe, the zero-trust approach builds an architecture that assumes a cyber breach is inevitable, authenticates and monitors at every boundary, and contains breaches so they cannot propagate laterally. A digitizing grid demands the same logic—and the electrotech stack, if properly architected, can deliver it."
I concur.
The need for zero trust protection is essential for any Inverter Based Resource (IBR) connected to the grid, especially if those devices are connected to the public Internet (many of them are, like Solar Farms and BESS assets). The inverter contains the "Trust Boundary" that must be protected using Zero Trust methods.
"The most urgent policy action is using this “Moneyball” framework to prioritize security scrutiny for the buildout now underway—applying deployment-phase requirements to the digitally active Tier 1 control layers that can then function as “firebreaks” against risks that would otherwise propagate down the stack. This approach mirrors the zero-trust logic now standard in federal and enterprise cybersecurity, where the architecture assumes compromise, authenticates at every trust boundary, and enhances control rigor with systemic consequence rather than relying on perimeter defense alone."
It's surprising to me that many smart people working in the OT cybersecurity community don't see the value of "Zero Trust" protections in the OT domain, so I wrote an item on LinkedIn to explain Zero Trust in practice, using an airport analogy;