Revisiting the Relevance of the Industrial DMZ (iDMZ)

If you enter the term “Purdue Model” into your favorite search engine, the resulting images will vary considerably. There’s almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model.

You might even find some diagrams place operator Human-Machine Interfaces at Level 3. Notably, the original 1990 publication defines “operator’s console” as a Level 1 entity. The only thing we seem to agree upon is that Level 0 is the physical process and Level 4 is the enterprise, though I’m sure you can find some diagrams which deviate from even this understanding.

The Purdue Model was originally introduced by Theodore J Williams over 30 years ago. Given its age and the pace and scope of technological change including trends like Software-Defined Networking, the Industrial Internet of Things (IIoT), e.g., Edge to Cloud, and the Advanced Physical Layer, it’s natural that some people are beginning to question whether the Purdue Model is dead. But you can’t get around an OT cybersecurity conversation or solution presentation without still running into it.

Read more…
Source: Tripwire