Song, Meng WeeNguyen, ThuyIrvine, Cynthia2024-12-262024-12-262025-01-07978-0-9981331-8-8134c6e70-e2c6-4a51-96b3-6b00a38b81a2https://hdl.handle.net/10125/109700Evolving business demands increasingly expose modern operational technology (OT) systems to external networks. Their vulnerability to contemporary cybersecurity threats due to legacy software and hardware requires proactive measures. While the Zero Trust (ZT) paradigm has been embraced for IT systems, its use in OT systems is largely uncharted. We present a ZT architectural model to modernize and secure critical OT systems. Using a water treatment OT system, we evaluated the ZT-OT architecture against real-world remote-access and bring-your-own-device (BYOD) use cases. Our results show the ZT-OT architecture can help mitigate vulnerabilities associated with threats in specific cases and we identified limitations concerning legacy components and normal operation. Our approach offers insights into the potential and challenges of ZT in protecting OT systems.10Attribution-NonCommercial-NoDerivatives 4.0 InternationalCyber Operations, Defense, and Forensicsbring-your-own-device (byod), industrial control systems, operational technology, remote access, zero trustConference Paper