Purdue Model as a Reference for Segmentation

Most people in the ICS/OT space are familiar with the Purdue model, formally known as the Purdue Enterprise Reference Architecture (PERDA), as a well-known framework for organizing OT networks. As interconnectivity between devices and networks has grown thanks to converging IT/OT technology, the industrial internet of things (IIoT), Industry 4.0, the cloud, and other technologies and tools, the question about whether the Purdue model is dead intermittently continues to be asked.

While it’s true that many organizations don’t use the Purdue model in all its glory, it still plays a critical role across the industrial landscape. The Purdue model gives teams a way to assess segmentation, spot gaps, and guide decisions that improve both visibility and security. It serves as a common language, a way to talk about where devices live, how they interact, and what kind of access they require. Whether you’re aligning internally or comparing notes across industries, the model provides a shared reference point.

Many companies adapt the Purdue Model for their own needs. For example, a company may treat levels 4 and 5 as a single layer, and levels 1 through 3 are often combined, with 3.5 acting as the DMZ. But that flexibility doesn’t diminish its value. In fact, that’s exactly what makes the Purdue Model continue to be so useful.

Levels / Segments of the Purdue Model

Though there are Purdue Model variations, generally, 6 levels (numbered 0 – 5) are commonly referenced.

The technology listed in each level below are just general examples since specific devices will vary based on an organization’s individual environment and network architecture.

Level 0: Field/Physical

This is the level where industrial devices live and operate. Think physical devices such as switches, sensors, relays, actuators, or robots. The field level includes anything that physically participates in the operational process.

There isn’t a lot of connectivity at this level since these devices only have a function or output that’s controlled with electrical input. But how these devices operate is determined by the devices that control them, which are found at the next level.

Level 1: Connected Devices 

This is the level where the devices that actually control physical machines live, such as PLCs (programmable logic controllers) and RTUs (remote terminal units). These devices are also part of the overall operations monitoring system.

These devices connect to level 0 devices to execute specific actions based on predefined logic and programming. They can also monitor the environment to log and/or send telemetry to other devices from the field devices they communicate with. 

🚨 Shameless Plug Alert! This is the level on the Purdue model where EmberOT’s software can be deployed, from Level 1 up to Level 5. 

Level 2: Control Systems 

Devices at level 2 coordinate and control specific processes and operational loops. Examples include HMIs (human machine interfaces) and SCADA (supervisory control and data acquisition) software.

This level includes the technology that gives operators a high-level view of industrial processes for monitoring and basic controls.

Level 3: Manufacturing Operations and Execution

This is where the data and information from each of the lower levels of the OT environment flows to. The devices and software here optimize manufacturing operations through processes like scheduling, quality control, inventory management, and data analysis for process improvement.

Devices here include the data historian, data lake, and other data analytics platforms like network monitoring and threat detection tools.

Level 3.5: IT/OT Demilitarized Zone (DMZ)

The demilitarized zone is meant to separate OT systems connected to operational environments from the IT systems that are more closely related to the business and enterprise-related environments.

The specific tools or devices at this level will depend on an organization’s policies. Usually, however, this is where firewalls specifically configured to monitor and block unapproved or unnecessary traffic between the business and production network will live. Ideally, firewalls would be incorporated between each level and configured to allow only specific and necessary traffic.

Other DMZ technologies might include Jump hosts, backup systems, and security tools.

Level 4 & 5: Business Planning, Logistics, and Enterprise

These two levels commonly make up the greater business and enterprise network. Things like corporate IT systems, cloud access, servers, external or vendor support, ERP (enterprise resource planning), are all technologies and solutions found at these levels.

Using the Purdue Model for Segmentation & Visibility

The Purdue Model is by no means a prescriptive list of how a network’s devices should be divided. But it still serves as a good starting point for segmentation based on where OT devices sit, which in turn is based on their function.

Without the ability to air gap, demands for more data, and increasingly interconnected IT and OT environments, segmentation provides an added layer of security. It can prevent unnecessary connections that can be exploited by bad actors or, in the event of a component failure, can help prevent a chain reaction of unintended impacts.

With distinctly segmented environments, it’s easier for both IT and OT teams to see where to monitor and secure any traffic and communications. Any traffic crossing through the DMZ, for example, should be controlled through firewall configurations and further with jump boxes.

Knowing which devices could have a direct impact on physical operations (levels 0 – 2) helps organizations prioritize where to implement additional visibility. These are also the devices typically found at the OT edge, a notoriously difficult part of the network to get visibility into.

While north-south data, such as the data passing from Level 2 to Level 3 or higher, is important, it doesn’t always give a complete picture of the environment. Even if your operations team can see there’s a problem, the team can’t always tell what caused the issue. This is where east-west traffic, the traffic between devices on the same network segment, comes in handy.

The Purdue Model is far from dead. Instead, it’s an opportunity for organizations to evaluate and refine their network segmentation, as well as gain a more clear understanding of specific system visibility.

To learn how EmberOT helps you gain visibility in your environment, schedule a free assessment with a member of our team.