Zero-Trust in OT succeeds better through concrete functional principles than abstract architecture models, and through focused measures at IT-OT interfaces such as jump hosts and remote access paths.
Flat OT networks facilitate lateral attack propagation; endpoint-level enforcement stops these movements more effectively than network segmentation alone.