What is the Purdue Model?
A de facto representation of a large-scale automated environment
Formalised into ANSI/ISA-95 standard
What does the Purdue Model represent?
A logical representation of how an ICS should be architected
Does the Purdue Model represent the reality of many ICS implementations?
No, it does not represent the reality of many ICS implementations
How many discrete layers does the Purdue Model describe for equipment in an ICS?
Six discrete layers
What aspect does the Purdue Model not represent?
Safety systems
What advantage does the Purdue Model provide?
Allows the functionality of an ICS to be considered within well-defined layers and scope
How is a Purdue model network structured?
Split into 6 levels across 4 zones
What type of network does the Purdue Model idealize?
An OT network
True or False: Reality often matches the idealized design of the Purdue Model.
False
What does Level 5 of the Purdue Model describe?
Describes the corporate network and systems
Based on IT hardware/software and IP protocol, contains centralized IT systems, internet access, and B2B and B2C services.
What is the main purpose of Level 4 in the Purdue Model?
Allows a facility to plan and manage its industrial operations
Typically encompasses systems such as Enterprise Resource Planning (ERP) and has access to data from OT systems.
What is a De-Militarised Zone (DMZ) in the context of the Purdue Model?
A layer that mediates between IT and OT systems
Houses systems required by enterprise and planning systems and restricts traffic flows through firewalls.
True or False: Systems in Level 4 are critical to plant floor operations.
False
Systems in Level 4 are not critical to plant floor operations.
What percentage of systems were found to be directly connected in the Kaspersky Labs audit?
85 percent
This was noted in an audit of a major energy company where it was believed IT and OT were isolated.
Fill in the blank: The DMZ should prevent direct communication between layers 4 and _______.
3
This is essential for maintaining security between different levels of the Purdue Model.
What misconception do many organizations have about their DMZ?
They think that they have a DMZ in place but don’t
Many organizations believe they have implemented a DMZ when they have not done so comprehensively.
What type of services does Level 5 include?
Business-to-Business (B2B) and Business-to-Consumer (B2C) services
These services are part of the corporate network within the Purdue Model.
What is the purpose of a ‘Historian’ database in Level 4?
To allow process efficiency and performance analysis
It contains local copies of data from OT systems.
What are the characteristics of systems in Level 4?
Not critical to plant floor operations, has access to Level 5 systems
Typically includes planning and logistics capabilities.
What does the Purdue Model emphasize about traffic flow?
Traffic flows should be restricted through firewalls
This is to ensure security between different levels of the control hierarchy.
What is the highest level of process control in an ICS?
Level 3 – Site Manufacturing Operations and Control
This level manages end-to-end operational functions and processes.
What services are typically included at Level 3?
- Operational management
- Detailed production scheduling
- Plant Historian
- Asset and material management
- Control room workstations
- Administration and control applications
Level 3 often communicates directly with Level 1 and 0 devices.
What is a key characteristic of Level 3 in the Manufacturing Zone?
A mix of IT and OT, as well as associated protocols
This mix allows malware to traverse between platforms.
True or False: IT security mechanisms are sufficient in isolation at Level 3.
False
IT security mechanisms, in isolation, are insufficient at this level.
