The Purdue Model in an Industrial Environment
The Purdue Model, also known as the Purdue Enterprise Reference Architecture (PERA), is a standardised model used to structure the automation hierarchy and information levels in industrial environments (such as factories and production lines). The model is particularly relevant for ICS and is often applied within Operational Technology (OT) to design systems hierarchically and securely.
The aim of the Purdue Model
The Purdue Model helps organisations to:
- Organise industrial processes clearly into layers;
- Structure the interaction between IT and OT;
- Apply security measures more effectively (such as network segmentation);
- Improve the efficiency, reliability and safety of production processes.
The 6 layers of the Purdue Model
Here is an overview of the layers, from bottom to top:
| Level | Description |
|---|---|
| Level 0 | Physical processes – sensors, actuators, machines (such as motors, valves). |
| Level 1 | Control equipment – PLCs (Programmable Logic Controllers), RTUs. |
| Level 2 | Supervision and monitoring – SCADA or HMI systems that display data and drive processes. |
| Level 3 | Manufacturing Operations Management System (MOMS) – MES - Manufacturing Execution Systems for production planning, quality control, etc. |
| Level 4 | Business Logistics Systems – ERP systems (Enterprise Resource Planning) for financial and business processes. |
| Level 5 | Cloud / Enterprise networks – external access, analytics, AI, cloud services. Not always shown as a separate layer. |
Why does it matter?
- Network segregation: the model helps to separate networks and functions, which is crucial for cybersecurity (for example, preventing a virus from jumping from IT to OT).
- Process structuring: it makes clear where processes take place and which systems are involved.
- Cybersecurity frameworks such as ISA/IEC 62443 and the NIST CSF use the Purdue Model as a foundation for securing industrial networks.
Real-world example
Imagine a food production plant
- Level 0: sensors measure temperatures in ovens.
- Level 1: a PLC controls the oven based on those temperature readings.
- Level 2: an operator monitors the oven status via an HMI.
- Level 3: an MES schedules the baking process and tracks production in real time.
- Level 4: an ERP system manages orders, stock and shipping.
- Level 5: cloud analytics gives management insight into trends.
Relationship with the Zone and Conduits Model
The Purdue Model provides a hierarchical functional breakdown of industrial systems, but says nothing about how the communication between systems should be secured. That is where the zone-and-conduits model (as defined in IEC 62443) comes in.
In this model, systems are divided into Zones (groups of systems with similar security requirements, such as a PLC Zone or an ERP Zone) and the Conduits that govern communication between those Zones.
By combining the Purdue Model with the Zone and Conduit concept, organisations can:
- Create security domains (e.g. an OT Zone separated from IT);
- Apply targeted security measures per Zone (Firewall, access, encryption);
- Control data flows between Zones via secured Conduits.
🔐 Example: Level 3 (MES) and Level 4 (ERP) sit in separate Zones. A Conduit with a Firewall and inspection ensures that only approved communication is possible between these layers.
This approach makes it possible to manage cyber risks more effectively and fits perfectly within modern industrial security standards.
See also OTArchitect.nl