The Purdue Model: Old Friends Are The Best Friends
Establishing and maintaining secure control systems is crucial in today’s technologically advanced landscape, and the Purdue Model is a core tenet of many Operational Technology (OT) strategies. This article discusses the relevance of the Purdue Model and explores additional approaches that can assist in defending your critical systems.
Share This Article:
For many decades industrial technologies and control systems have allowed for operational insights to be gained with various technologies such as optics, light wave, wireless and automation. However, as these systems often control safety processes, our reliance on these technologies has necessitated the development of new standards that ensure their security.
During the 1990s the Industry-Purdue University Consortium for Computer Integrated Manufacturing introduced the Purdue Enterprise Reference Architecture Model (PERA). This model facilitated the segregation of these control systems from other technologies that were not directly involved in process control such as enterprise systems.
Fundamentally, the model focused on the grouping of systems into specific levels to ensure that Business Planning & Logistics, Manufacturing Operations & Control and Pure Control tiers remained grouped as these have similar requirements for performance and security.
The broad goals of the model assumed that the industrial control system remained the most important aspect of operations and that these systems should remain disconnected from other networks and external access.
With the onset of the digital era, the rigid restrictions on connections between Purdue layers were relaxed. The need to use hyper-converged networks and leverage cloud connectivity has made advocating for the traditional model challenging in modern enterprises; particularly when cost and adoptions of common enterprise architecture principals require homogenised designs and re-use of controls.
The efficiencies gained by the digital area have also induced risk. As with any converged, homogenous environment having a single plane of management and control once exploited can be difficult to control, add the complexity of modern systems integrating with control systems and even a simple attack can be difficult to mitigate.
The following sections will examine some additional high-level strategies that still reinforce the Purdue Model despite the evolving technology landscape.
Should we still segment?
While it’s rare to find organisations adhering strictly to the Purdue Model, concepts from the model remain pertinent through standards like IEC 62443. The segmentation of the core control system components and the monitoring and control of traffic flows continue to be key security principles. It is evident that in complex networks, micro-segmentation remains a key consideration.
I was blind but now I see
Gaining visibility into devices within the environment is critical for robust security. Identifying devices across the enterprise enables an appropriate security response based on risk, vulnerability, and even an active incursion. This visibility is fundamental to implementing a zero-trust approach, where traffic patterns and system behaviours are thoroughly understood and variances can be triaged promptly.
Share resources but not toothbrushes
Everyone is stretched for resourcing; many companies are more likely to ride the risk than employ dedicated teams, and teams that sit across converged environments are more likely to share security resources and supply chains. Resourcing can be shared provided that role statements are clear and an unwavering operational focus remains a core part of the role. For instance, OT operations teams should understand the criticality of the systems they support whereas IT resources may not have the context – this may result in exposure. Aligning with the Purdue Model requirements and the intentions laid out in the IEC 62443 standards, isolating systems for administrative access and remote support remains a crucial control measure.
Where to now?
Though the Purdue Model retains its relevance as a fundamental document, it lacks the holistic approach of modern standards like the IEC 62443. The latter encompasses crucial aspects such as education, risk management, design, and adversary considerations within the system lifecycle. But there’s nothing wrong with a bit of nostalgia to remind us that we can’t throw out the foundations of a house when we’re building a new one.
The Anchoram team possesses extensive experience in Critical Infrastructures and Operational Technologies across various sectors. Combining hands-on operational experience with academic expertise, the team ensures a thorough understanding and in-depth analysis of cyber risks to your operational systems and effective mitigation strategies. Contact our team to find out more about our service offerings.
Establishing and maintaining secure control systems is crucial in today’s technologically advanced landscape, and the Purdue Model is a core tenet of many Operational Technology (OT) strategies. This article discusses the relevance of the Purdue Model and explores additional approaches that can assist in defending your critical systems.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.