Achieving an assured capability w/ assured parties within Zero Trust, thwarting bad actors

Session details:

What current standards and technologies exist? How can those resources be leveraged when designing IoT, embedded IT, or platform IT in an environment that is assumed to contain bad actors?

Current systems, designed for commodity deployment, skimp on security and many “enterprise” grade devices do not leverage best practices. These deployed technologies at best add risk of DoS or exfiltration of information to the organization/network. In reality, many of these devices are themselves general purpose computing and provide safe harbor for APT.

What defense and counter offensive measures mitigate these risk factors? When systems are properly designed against realistic threat vectors, NRE & operations costs can remain similar as compared to the insecure. This is accomplished by assuming zero trust, leveraging mutual PKI at design time, reducing the burden to respond only to assured messages.