What is the Purdue Model in industrial networking?

The Purdue Model (ISA-95) is a conceptual framework that segments industrial networks into six logical levels (0 to 5), ensuring a clear separation between physical equipment, control systems, operations management, and corporate enterprise systems.

How does MRP (Media Redundancy Protocol) differ from Spanning Tree?

MRP is a specialized ring-redundancy protocol for Industrial Ethernet. Unlike Spanning Tree (STP), which can take several seconds to converge, MRP guarantees recovery times sub-200ms (often <50ms), which is critical for maintaining real-time PLC control loops.

Why are m12 connectors used instead of RJ45 in OT?

m12 connectors are threaded, circular connectors that provide a hermetic, vibration-proof seal (typically IP67 rated). They prevent accidental disconnects and oxidation in harsh industrial environments where RJ45 connectors would fail from vibration or moisture.

What is the difference between IT and OT network priorities?

In IT, the priority is Confidentiality (CIA triad). In OT, the priority is Availability and Safety. A 5-second network delay in IT is an annoyance; in OT, it can result in a physical 'Fail-Safe' shutdown or mechanical damage.

What is a Data Diode in industrial security?

A Data Diode is a hardware 'unidirectional gateway' that uses physical layer isolation (photodiodes) to allow data to travel in only one direction. It is used to export data from a high-security zone (Level 2/3) to an enterprise zone without creating a path for remote attackers to enter.

Industrial OT Network Design: The Engineering Guide to the Purdue Model

Q: Why are m12 connectors used instead of RJ45 in OT?

m12 connectors are threaded, circular connectors that provide a hermetic, vibration-proof seal (typically IP67 rated). They prevent accidental disconnects and oxidation in harsh industrial environments where RJ45 connectors would fail from vibration or moisture.

Q: What is the difference between IT and OT network priorities?

In IT, the priority is Confidentiality (CIA triad). In OT, the priority is Availability and Safety. A 5-second network delay in IT is an annoyance; in OT, it can result in a physical 'Fail-Safe' shutdown or mechanical damage.

Q: What is a Data Diode in industrial security?

A Data Diode is a hardware 'unidirectional gateway' that uses physical layer isolation (photodiodes) to allow data to travel in only one direction. It is used to export data from a high-security zone (Level 2/3) to an enterprise zone without creating a path for remote attackers to enter.

1. The Purdue Model (ISA-95/99): The Functional Backbone

The most critical concept in OT network design is the **Purdue Model**. Originating from the work of Theodore Williams and the Purdue University Consortium in the early 1990s, this hierarchical framework (codified by ISA-95) divides the industrial environment into logical levels. The objective is segmentation: ensuring that a security breach in the "Enterprise" (Office) cannot reach the "Process" (Factory Floor), while maintaining deterministic flow for control signals.

Level 0: The Physical Process

This is the raw physical environment. Sensors (RTDs, pressure transducers), actuators, and motors. Communication at this level is often Non-IP, relying on 4-20mA current loops, 0-10V analog signals, or basic Fieldbus protocols like IO-Link.

Level 1: Basic Control

Level 1 contains the Programmable Logic Controllers (PLCs) and Distributed Control Systems (DCS) that execute the control logic. These devices poll Level 0 sensors and command Level 0 actuators in a continuous "Scan Cycle."

Live Analysis: MRP Redundancy & Purdue Model Logic

Main PLC

SCADA 1

Drive 1

Drive 2

Deterministic Control (Level 0-2)

Ultra-low jitter requirement (< 1ms)
Industrial Protocol: PROFINET / EtherNetIP
Priority: High Availability / Safety

Management Plane (Level 3-4)

Data Historian / Asset Management
standard TCP/IP protocols (MQTT, SQL)
Priority: Data Integrity / Security

MRP Topology: Nominal Loop Operation (Ring Manager Active)

2. High-Precision Timing: PTP (IEEE 1588) vs. NTP

Comparison Feature	NTP	PTP
Accuracy	1 ms to 100 ms	< 1 Microsecond

Industrial Logic

Hardening Legacy SCADA