Summary
This paper addresses the critical need for specialized cybersecurity measures to protect
Read more Read lessOperational Technology (OT) environments within power utilities and organisations with large
OT environments. The Purdue model segments industrial control (OT/ICS) systems from enterprise Information Technology (IT) to protect safety-critical processes that cannot tolerate downtime. It defines Levels 0–2 for field devices, Level 3 for operations management (e.g.,
SCADA), and Levels 4–5 for business/corporate networks and possible cloud environments, with a DMZ (De-Militarised Zone) between level 3 and 4 buffering OT from IT.
As OT/IT converge and threats evolve, a static DMZ can become a bottleneck lacking granular controls. The traditional Purdue model, designed when OT and IT were separate, is no longer sufficient due to their convergence. Shared cyber threats now exploit both domains, and the simple DMZ at Level 3.5 lacks the flexibility and control needed for modern, integrated environments. A more dynamic security architecture with clear IT/OT accountability is required.
The modified model introduces a conceptual “Security Zone” splitting the DMZ into OT and
IT DMZs with an interconnected space for critical security functions. Connectivity is managed via temporary session-based links (e.g., for patching) or tightly controlled and managed continuous channels (e.g., secure remote access or data sharing), ensuring explicit OT/IT stakeholder ownership.
1 Core components may include OT-specific IAM (Identity and Access Management), deep inspection monitoring, secure jump servers, patch servers, OT PKI solutions and honeypots.
Zero Trust underpins this design, Policy Enforcement Points authenticate, authorize, encrypt, and monitor all cross-domain requests, while also enforcing least privilege and logging traffic to prevent lateral movement. Benefits include stronger centralized controls, improved threat detection, and scalability while balancing OT’s real-time needs.
However, this concept adds complexity, demands careful tuning and requires extensive testing of all components with granular architecture to avoid latency, availability and access issues. It also requires clear and robust governance with high investments in specialized tools, equipment and skilled personnel. As a concept/reference framework, it guides organizations in tailoring adaptive OT/IT security architectures rather than prescribing a fixed deployment.
Additional informations
| Publication type | Session Materials |
|---|---|
| Reference | D2_11176_2026 |
| Publication year | |
| Publisher | CIGRE |
| Country | South Africa |
| Study committees | |
| File size | 351 KB |
| Price for non member | 30 € |
| Price for member | 30 € |
Authors
VALA Meenal; MOCKE Pieter
Keywords
Demilitarized Zones (DMZ), IT/OT Convergence, Policy Enforcement Points (PEPs), Purdue Model, Zero Trust Architecture (ZTA)