Operational Technology (OT) has long been isolated and, therefore, relatively safe from cyber attacks. However, digital transformation and increasing integration with IT systems are giving rise to new threats. Many OT systems are based on outdated technologies not designed for modern security requirements. The central question of this thesis was whether a zero-trust approach to OT security is practicable and how it can be implemented.

The study uses a Design Science Research (DSR) approach and combines a comprehensive literature review with theoretical modelling. Existing security standards, such as NIST SP 800-207 and IEC 62443, were analysed to derive best practices for implementing Zero Trust in OT environments. A structured migration model was developed to enable the step-by-step integration of Zero Trust into industrial control systems.

The work shows that Zero Trust can be implemented in OT environments in principle but is associated with specific challenges. In particular, considering legacy systems, real-time requirements, and secure integration into existing production environments is crucial. A step-by-step transformation approach is recommended that complements existing security measures rather than abruptly replacing them. The methodology developed guides for organisations to gradually introduce Zero Trust into OT environments with minimal risk. This work's findings contribute to the further development of security strategies and provide a basis for future practical implementations and research.