Operational technology encompasses a family of specialised systems — each performing a distinct role in the monitoring and control hierarchy. Understanding these components and the protocols they use is essential for engineering, integrating, and securing industrial environments.
Each OT system type has a specific role — from executing microsecond control loops at the field level to presenting process data to operators in a central control room. Understanding each layer informs both integration and security decisions.
Supervisory Control and Data Acquisition. Centralised monitoring and control of geographically distributed processes. Collects real-time data from remote PLCs and RTUs via wide-area communications. Common in utilities, pipelines, and transport infrastructure. Vendors include Ignition (Inductive Automation), GE iFIX, Schneider Electric EcoStruxure, and Wonderware (AVEVA).
Distributed Control System. Manages continuous and batch processes within a single facility using a network of distributed field controllers. Tighter integration, higher-speed control loops, and richer alarming than SCADA. Common in refineries, chemical plants, and power stations. Vendors include Honeywell Experion, ABB System 800xA, Emerson DeltaV, and Yokogawa CENTUM.
Programmable Logic Controller. Ruggedised industrial computers that execute discrete and continuous control logic in real time. Read sensor inputs, execute programmed logic (ladder, FBD, ST), and actuate outputs. The workhorse of manufacturing automation and discrete control. Major vendors: Siemens SIMATIC, Rockwell Allen-Bradley, ABB AC500, Schneider Electric Modicon.
Remote Terminal Unit. Monitors and controls equipment at remote, often unmanned sites. Transmits telemetry to SCADA master stations via radio, cellular, or satellite. Integral to electric substations, water distribution pump stations, pipeline valve sites, and remote gas well monitoring. Often communicate via DNP3 or IEC 60870-5.
Human-Machine Interface. The operator interface to OT systems — graphical displays showing live process status, trend data, and alarm states, with controls for manual intervention. Range from small panel-mounted touchscreens on individual machines to multi-screen SCADA workstations in centralised control rooms. A frequent target for adversaries seeking process visibility.
Process Data Historian. A dedicated time-series database capturing high-resolution operational data from OT systems. Stores thousands of process variables at sub-second resolution for trend analysis, regulatory reporting, process optimisation, and incident investigation. Common products: OSIsoft PI System (AVEVA), Honeywell Uniformance, and Aspentech IP.21.
The Purdue Model (Purdue Enterprise Reference Architecture, PERA) organises ICS components into a hierarchy of levels. It remains the most widely used reference architecture for OT network design and security segmentation — and is the conceptual basis for the zone-and-conduit model in IEC 62443-3-2.
The actual physical processes being controlled: pumps, motors, valves, conveyors, heat exchangers, tanks. Also the instruments that measure them: temperature transmitters, pressure sensors, flow meters, level sensors, position switches. Level 0 is the ultimate target that everything above it exists to monitor and control. Security at this level is primarily physical.
PLCs, RTUs, DCS field controllers, and Safety Instrumented System (SIS) logic solvers that directly interface with Level 0 field devices and execute real-time control logic. These devices scan inputs, execute programmes, and actuate outputs on millisecond cycle times. They communicate with each other and with Level 2 using industrial fieldbus or Ethernet-based protocols. Security hardening at this level includes firmware management, application allow-listing, and physical port lockdown.
SCADA servers, DCS operator workstations, engineering workstations, and HMI systems that provide operator visibility and supervisory control over Level 1 devices. This is where control room operators work. Level 2 systems are high-value targets: compromising them gives an adversary visibility across the entire process and the ability to issue control commands. Hardening includes OS patching, application allow-listing, and strict network access control.
Manufacturing Execution Systems (MES), batch management systems, data historians, laboratory information management systems (LIMS), and other systems that bridge real-time OT data with site-level operations and business reporting. Level 3 is the highest level of the OT domain. Data flows up from Level 2 to Level 3 (historian collection, production reporting) and scheduling/setpoint commands flow down.
Not in Purdue's original architecture, but now universally adopted: a demilitarised zone (DMZ) that acts as a security boundary between the OT network (Levels 0–3) and the enterprise IT network (Levels 4–5). The industrial DMZ hosts systems that need to exchange data between OT and IT — data replication servers, remote access jump hosts, antivirus update servers, patch management systems — without creating direct network paths between OT and IT. This is the primary architectural control recommended by IEC 62443 and the ACSC.
Standard enterprise IT systems: ERP, email, business intelligence, HR, and customer systems. Level 5 includes internet connectivity and corporate-wide systems. Under correct OT network design, there should be no direct network connectivity between Level 4/5 and Level 2 or below. All OT-to-IT data exchange passes through the industrial DMZ at Level 3.5. Breaches to enterprise IT at this level should not provide a direct path to OT operational systems.
Industrial protocols define how OT components communicate. Most were designed for reliable, deterministic communication in isolated environments — not for security. Understanding their capabilities and limitations is foundational to OT security architecture.
Developed by Modicon in 1979. One of the oldest and most widely deployed OT protocols. Simple master/slave model; variants include Modbus RTU (serial), Modbus ASCII (serial), and Modbus TCP (Ethernet). No authentication, no encryption, no session management. Any device on the network can read or write registers without credential challenge. Security requires network-level compensating controls.
Developed for electric utilities; widely used in water and wastewater systems. More feature-rich than Modbus: supports time-stamping, data integrity (CRC), and data change reporting (unsolicited responses). DNP3 Secure Authentication (SA) adds challenge-response authentication, but deployment is inconsistent. Common in SCADA master-to-RTU communication over radio, cellular, and serial links.
International standard for communication in electrical substations and power systems. Supports both GOOSE (Generic Object Oriented Substation Event) for fast peer-to-peer messaging and MMS for client-server communication. Ethernet-based. Security extensions are provided by the IEC 62351 series, which adds authentication and encryption to IEC 61850 and other power system protocols. Increasingly adopted beyond substations into distribution automation and renewable energy integration.
An Ethernet-based industrial protocol developed by Siemens and standardised by PI (PROFIBUS & PROFINET International). Widely used in European manufacturing and process automation, particularly with Siemens SIMATIC PLCs. Supports real-time (RT) and isochronous real-time (IRT) communication for motion control. Security guidance is provided by the PI Security Guideline; PROFINET itself has limited native security.
Developed by Rockwell Automation and managed by ODVA. Runs over standard TCP/IP and UDP/IP Ethernet infrastructure using the Common Industrial Protocol (CIP). Widely used in North American manufacturing, particularly with Allen-Bradley PLCs and Rockwell automation systems. Because it runs over standard Ethernet and IP, IT security tools can monitor EtherNet/IP traffic, but application-layer CIP commands require OT-specific inspection.
The modern, platform-independent standard for OT data exchange. Unlike legacy protocols, OPC UA was designed with security as a core requirement: it includes X.509 certificate-based authentication, encrypted communication, and application-layer access control. OPC UA is increasingly the standard for IT/OT integration, cloud connectivity, digital twins, and Industry 4.0 architectures. It supports both client-server and publish-subscribe (OPC UA PubSub) communication models.
A new generation of connected industrial technology is extending OT capabilities — and reshaping the security landscape that comes with it.
The proliferation of internet-connected sensors, actuators, and edge devices in industrial settings. IIoT delivers real-time analytics and remote monitoring at low cost — but also multiplies the attack surface significantly, often with devices that have minimal security capabilities built in.
The fourth industrial revolution: physical OT systems combined with digital twins, AI-driven analytics, cloud computing, and advanced robotics. Industry 4.0 accelerates the IT/OT convergence challenge and raises new questions about data sovereignty, supply chain security, and the security of cloud-connected industrial systems.
Modern OT procurement increasingly requires security to be engineered in from the start. IEC 62443-4-2 defines technical security requirements for OT components, and IEC 62443-4-1 defines secure product development lifecycle requirements — both now referenced in procurement specifications and regulatory frameworks.
Designing, integrating, or securing an OT environment? Get specialist support from an experienced OT security practitioner. Get in touch ↗