ICS/SCADA Cybersecurity
Engineering Resilience for Critical Infrastructure
1. The Purdue Model (ISA-95)
The gold standard for ICS security is the Purdue Model, which establishes a strict hierarchy for network segmentation.
| Level | Layer | Function |
|---|---|---|
| Level 4-5 | Enterprise | Corporate IT, ERP systems, Internet connectivity. |
| Level 3.5 | DMZ | Security buffer between IT and OT. Patch management. |
| Level 3 | Operations | HMI, Historians, Domain Controllers. |
| Level 2 | Control | PLCs, Distributed Control Systems (DCS). |
| Level 0-1 | Process | Sensors, Actuators, Pumps, Valves. |
Purdue Model Architecture
ISA-95 Industrial Segmentation
Traffic Simulation
Standard Firewall Rules
Software-based security. Firewalls rely on Access Control Lists (ACLs). If a hacker finds a zero-day vulnerability in the firewall firmware or misconfiguration, they can traverse from Level 5 (Internet) down to Level 1 (Controllers).
2. Protocol Vulnerabilities: The Legacy Curse
Most industrial protocols (Modbus, DNP3, Profinet) were designed decades ago with zero security. They run over serial or unencrypted TCP, allowing for trivial 'Man-in-the-Middle' attacks.
3. Data Diodes: The One-Way Gate
In high-security environments (nuclear, power grids), an air-gap is often not enough because data needs to be exported for analysis. Unidirectional Gateways (Data Diodes) use physical hardware (usually an LED and a Photodiode) to ensure that data can move from OT to IT, but nothing can move back.
This physically eliminates the possibility of a remote attacker 'hacking back' into the control network through the historian server.
Conclusion
As the grid becomes 'Smart' and IIoT (Industrial IoT) matures, the edge between IT and OT will continue to blur. Engineering resilience requires a defense-in-depth approach where segmentation is rigid, protocols are inspected, and the physical safety of the process is the ultimate metric of success.