The entire phone system was designed assuming that it was a closed system. Security was all physical. If you can connect, you must be authorized. Opening it up and connecting it to the internet has created a wonderful mess.

I feel like we need to hold up this example when we talk about the zero trust model. Otherwise it sounds like we're just being paranoid.