What is a Supervisory Network?
The Supervisory Network is the network segment within an industrial OT architecture responsible for higher-level supervision, Monitoring, and control. It connects systems such as SCADA, Historian, MES, Engineering Stations, and operator interfaces to the underlying Control Network.
The Supervisory Network typically resides at levels 2 and 3 of the Purdue Model, between the field level (PLC/IO) and the business layer (IT/MES).
🧠 How does the Supervisory Network work?
- Data collection and visualisation
- Collects real-time data from PLCs via the Control Network
- Visualises process information via SCADA or HMI
- Command transmission to controllers
- Sends setpoints or commands to field equipment via OPC UA, Modbus, S7
- Manages alarms, recipes, and batch information
- Connection to other networks
- Interface with MES, ERP, or Cloud via DMZ or IDMZ
- Segmentation via Firewall, Industrial Switch, VLAN
🏭 Application in industrial automation
- Visualisation and operation of production processes
- Historical data logging with Historian
- Centralised PLC configuration via Engineering Station (TIA Portal, etc.)
- Interface with IT for reporting, OEE, and batch information
- Remote monitoring and maintenance via VPN or Remote Access
Typical components:
- SCADA server
- Operator HMI workstations
- Historian database
- Active Directory or Entra ID integration
- Time Series Database
🔐 Security aspects
- Apply Access Control and Least Privilege for operator and engineer accounts
- Segment between Supervisory and Control Network with an Industrial Firewall
- Logging, Audit, and SIEM integration for traceability
- Secure protocols such as OPC UA, HTTPS, S7 Comm Plus
- Use of Certificate Management for encrypted communication
The Supervisory Network is an important attack target: ensure good separation and monitoring.
🔍 Supervisory vs. Control Network
| Aspect | Supervisory Network | Control Network |
|---|---|---|
| Function | Monitoring, visualisation, logging | Real-time control |
| Latency requirements | Moderate | Very low |
| Typical devices | SCADA, Historian, Engineering Station | PLCs, IO, drives |
| Security | Based on user authorisation | Based on network segmentation |
📌 In summary
The Supervisory Network is the link between the field level and business operations, where data is collected, presented, and analysed. Good segmentation, access protection, and Monitoring are crucial to the safety and reliability of the OT infrastructure.