Gerry Kennedy posted a blog on the OSI Stack and Purdue Reference Model for the insurance industry. The OSI model is applicable to any routable network, whether IT or OT (Operational Technology). The Purdue Reference Model is for data flow for control systems. Purdue Reference Model Level 0,1 devices (e.g., process sensors, actuators, drives, etc.) operate in real time to milli-seconds. All process measurements start as analog and are converted to digital signals and routable packets. As such, the Level 0,1 devices and some of their network protocols such as the wired HART (Highway Addressable Remote Transducer) protocol are not routable and therefore aren’t applicable to the OSI Model until they are converted to Ethernet packets. HART is the global standard for sending and receiving digital information across the 4-20mA analog current loops with over 40 million field instruments. There is a major cultural gap that is still not addressed because routable networks are under the purview of network security while serial networks are under the purview of engineering. Consequently, it is the Level 0,1 technical and cultural issues that are the biggest issues in securing control systems.
Joe Weiss
