The Purdue Model — ICS/OT Network Layers
Enterprise IT at the top, the physical process at the bottom, an inspected DMZ between. Hover any layer for detail.
flowchart TB
L5["Level 5 — Enterprise Network
Email, ERP, Internet"]:::slate L4["Level 4 — Business Logistics
Plant scheduling, inventory"]:::slate DMZ["IT / OT DMZ
Data historian replica · jump host · security monitoring"]:::dmz L3["Level 3 — Operations Management
Engineering workstations, historians, MES"]:::blue L2["Level 2 — Supervisory Control
HMIs, SCADA servers"]:::blue L1["Level 1 — Basic Control
PLCs, DCS controllers"]:::blued L0["Level 0 — Physical Process
Sensors, actuators, pumps, valves"]:::cream L5 <--> L4 L4 <--> DMZ DMZ <-- "Brokered, inspected, monotone
no direct sessions" --> L3 L3 <--> L2 L2 <--> L1 L1 <--> L0 classDef slate fill:#455a64,stroke:#263238,stroke-width:2px,color:#ffffff,font-size:13px classDef dmz fill:#ffa000,stroke:#b26a00,stroke-width:2.5px,color:#3e2723,font-size:13px classDef blue fill:#1565c0,stroke:#0d3a73,stroke-width:2px,color:#ffffff,font-size:13px classDef blued fill:#0d47a1,stroke:#062a66,stroke-width:2px,color:#ffffff,font-size:13px classDef cream fill:#fff8e1,stroke:#455a64,stroke-width:2.5px,color:#37474f,font-size:13px linkStyle default stroke:#607d8b,stroke-width:2px,font-size:11px linkStyle 2 stroke:#b26a00,stroke-width:3px,font-size:11px
Email, ERP, Internet"]:::slate L4["Level 4 — Business Logistics
Plant scheduling, inventory"]:::slate DMZ["IT / OT DMZ
Data historian replica · jump host · security monitoring"]:::dmz L3["Level 3 — Operations Management
Engineering workstations, historians, MES"]:::blue L2["Level 2 — Supervisory Control
HMIs, SCADA servers"]:::blue L1["Level 1 — Basic Control
PLCs, DCS controllers"]:::blued L0["Level 0 — Physical Process
Sensors, actuators, pumps, valves"]:::cream L5 <--> L4 L4 <--> DMZ DMZ <-- "Brokered, inspected, monotone
no direct sessions" --> L3 L3 <--> L2 L2 <--> L1 L1 <--> L0 classDef slate fill:#455a64,stroke:#263238,stroke-width:2px,color:#ffffff,font-size:13px classDef dmz fill:#ffa000,stroke:#b26a00,stroke-width:2.5px,color:#3e2723,font-size:13px classDef blue fill:#1565c0,stroke:#0d3a73,stroke-width:2px,color:#ffffff,font-size:13px classDef blued fill:#0d47a1,stroke:#062a66,stroke-width:2px,color:#ffffff,font-size:13px classDef cream fill:#fff8e1,stroke:#455a64,stroke-width:2.5px,color:#37474f,font-size:13px linkStyle default stroke:#607d8b,stroke-width:2px,font-size:11px linkStyle 2 stroke:#b26a00,stroke-width:3px,font-size:11px
CIA priority inversion
| Domain | Priority order |
|---|---|
| IT | Confidentiality > Integrity > Availability |
| OT | Availability > Integrity > Confidentiality |
In the enterprise (IT), keeping data secret comes first. On the plant floor (OT), keeping the process running and safe comes first — a stopped turbine or a mis-actuated valve is worse than a leaked spreadsheet.
The amber DMZ is the firewalled boundary: traffic across it is brokered, inspected, and monotone — no direct sessions reach down into control systems.