07 Nov 2017 IIot: Blurring zones and network perimeters – can we still rely on the Purdue Model?
The Industrial Internet of Things (IIoT) is forecast to bring untold value to industrial operations. The IIoT introduces a new network architecture which greatly expands the traditional manufacturing systems paradigm – by increasing the interoperability and optimization of a large number of control systems. For the last 25 years, industrial network architecture has been based on the Purdue Enterprise Reference Architecture – or Purdue Model. What we see emerging here is the evolution of the long-standing Purdue Model of industrial networks.
The Purdue model can be visually represented in a pyramid shape; indicating a clear hierarchy of organizational levels, applications & controls as well as data flows. The model clearly silos functions and information as per which role equipment, automation and software applications perform within an enterprise. Layers and zones of networks and intervening firewalls or unidirectional gateways between the most sensitive control and safety devices, to the manufacturing systems communicate to the enterprise networks, all the way out to the Internet.
The evolving “smart” industrial architecture however, blurs these layers and zones into – generally speaking – one “federated” data network. In IIoT, edge devices, which provide interconnectivity between wide area and local area networks, are connected directly to the Internet, or connected via IIRA unidirectional gateways, and are positioned in parallel with Purdue-Model networks, dissolving the hierarchy and prescriptive data flows on which industry has come so heavily to rely.
There is a “smart” way to protect your operational networks
It is possible for data that flows from edge devices to cloud systems such as SIEMs, to flow straight out to the Internet without compromising control networks. This is either through the Internet-connected edge devices which are harmless if compromised, or through edge devices protected by unidirectional gateways. Any control signals from the Internet that seek to flow back into the most sensitive networks, must go back in through the Purdue-Model network path, through all of the standard layers of networks, which can be configured to provide the highest degree of scrutiny to those incoming control signals.
The Unidirectional CloudConnect solves the two major challenges that have slowed the adoption of the IIoT among industrial businesses; interoperability and security. Protection of the industrial site from remote online attacks has been accomplished by providing a safe connection to the cloud. The CloudConnect acts as a translator gateway between the industrial site’s systems and the cloud. It collects data within a SCADA network using the wide variety of connectors, then publishes that data to the cloud using a selected “cloud” protocol.
The faithful Purdue Model enterprise architecture provides a common way to design, describe, plan and carry out the functions of very complicated industrial operations. Now with IIoT, data has lost its traditional hierarchy and its sources and clients are moved around through smart systems and applications which invariably increase the attack surface of a plant. The IIoT system architecture connects and integrates different zones with an increased number of controls and sensors with enterprise processes and IT networks. The traditional industrial control context is now extensively connected, and like the Purdue Model, the new IIoT architecture must reflect a secure and trustworthy integrated network.
- 8 Common OT/Industrial Firewall Mistakes (Infographic) - May 12, 2020
- The Black Hat Wakeup Call – wait for a disaster or listen to the pros? - January 10, 2018
- IIot: Blurring zones and network perimeters – can we still rely on the Purdue Model? - November 7, 2017