,

Purdue Model: Intelligently Segregating Your OT Networks

,

What is it?

Image by UnFlOb from Pixabay

The Purdue Model (or Purdue Enterprise Reference Architecture) is a model architecture for Computer-Integrated Manufacturing – for use in environments where computers control a production or engineering process involving various inputs from sensors and the control of equipment such as actuators, motors etc. Its purpose is to separate Operational Technology (OT) systems from IT systems.

Why is it important?

The modern OT threat landscape is growing due to the significant rise of interconnected network devices. OT is particularly vulnerable given the need for high availability and integrity, at the expense of confidentiality (which is at odds with the priorities in an IT environment). Following the Purdue model helps mitigate the risk of compromise by not allowing different types of devices to operate on the same subnet (eg: manufacturing devices and databases). Consequently, it is referenced in key compliance standards such as IEC62443 and OG86 as a practice to be implemented.

How does it work?

The Purdue model segments different parts of the network into layers from Level 0 (low level OT) up to Level 4/5 (enterprise IT network) with a DMZ separating IT and OT layers. The layers are broken down as follows:

Level 4/5 – The traditional IT systems and enterprise networks commonly found in an organisation

DMZ – The De-Militarized Zone acts as the barrier between OT and IT networks. It should consist of a variety of measures to aid in controlling data flow such as firewalls to ensure OT equipment is not compromised

Level 3 – The overarching manufacturing process system that handles operations, scheduling, execution, performance monitoring and logs using tools such as Manufacturing Execution System (MES) and data historians

Level 2 – This level contains the systems that allow humans to supervise and control the operational processes via the use of Human Machine Interfaces (HMIs) and Supervisory Control and Data Acquisition (SCADA) software

Level 1 – The devices controlling the Level 0 components such as Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs)

Level 0 – The low level components involved with the physical processes such as sensors, actuators, motors, valves etc

 
 

Dot by Awen Collective can help with gaining visibility over your networks and assets complete with a Purdue model view - either to assist you in redesigning your network to meet the Purdue Model, or validating that your existing network meets its requirements.

Nimal Manivannan
Cyber Technologist



Nimal Manivannan