Which Flavor of the Purdue Model Should You Follow?

If you enter the term “Purdue Model” into your favorite search engine, the resulting images will vary considerably. There’s almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model.

You might even find some diagrams place operator Human-Machine Interfaces at Level 3. Notably, the original 1990 publication defines “operator’s console” as a Level 1 entity. The only thing we seem to agree upon is that Level 0 is the physical process and Level 4 is the enterprise, though I’m sure you can find some diagrams which deviate from even this understanding.

The Purdue Model was originally introduced by Theodore J Williams over 30 years ago. Given its age and the pace and scope of technological change including trends like Software-Defined Networking, the Industrial Internet of Things (IIoT), e.g., Edge to Cloud, and the Advanced Physical Layer, it’s natural that some people are beginning to question whether the Purdue Model is dead. But you can’t get around an OT cybersecurity conversation or solution presentation without still running into it.

Although the Purdue Model has been around for decades, the OT security community continues to leverage its simplicity and build cybersecurity models overlapping with its concept. Even so, the Purdue Model that OT security experts and vendors discuss today is not your grandfather’s Purdue Model – except by name.

Some refer to ISA95 and the Purdue Model interchangeably. The confusion can be understood by comparing the image results of the search “ISA95” with your previous search for “Purdue Model” diagrams. ISA95 built on the concepts from the Purdue Model and formalized them further in 2000 – less from a security standpoint and (Read more...)