Is the Purdue Model still relevant for modern OT security?

As a strict implementation blueprint, the Purdue Model is increasingly difficult to apply in modern OT environments with cloud connectivity, remote access, and IIoT integration. As a conceptual framework for thinking about zone separation and communication boundaries between operational layers, it remains useful. Most practitioners use it as a reference architecture while acknowledging that modern connectivity requires more flexible segmentation approaches.

Definition

Purdue Model

A hierarchical reference architecture for ICS and OT environments that organizes systems into levels from field devices to enterprise IT. Widely used for defining segmentation zones between OT and IT networks.

What is Purdue Model?

The Purdue Model (formally the Purdue Enterprise Reference Architecture) is a hierarchical framework developed by Theodore Williams at Purdue University in the 1990s that organizes industrial automation systems into discrete levels, from physical field devices at the bottom to enterprise IT at the top. The model provides a conceptual architecture for OT/IT segmentation that remains widely referenced in industrial security programs.

The five core levels are: Level 0 (physical process — sensors and actuators), Level 1 (basic control — PLCs and RTUs executing control logic), Level 2 (supervisory control — SCADA, DCS, HMIs), Level 3 (site operations — manufacturing execution systems, historians), and Level 4/5 (enterprise IT — ERP systems, business networks). Security boundaries between levels — particularly between Level 3 and Level 4 — are the critical control points for IT/OT segmentation.

The Purdue Model's relevance in modern OT environments is a subject of ongoing debate. Strict adherence is impractical: cloud connectivity, IIoT data collection, remote access, and supply chain integration all create "vertical" connections that bypass traditional level boundaries. Some practitioners argue the model should be replaced with a more flexible, Zero Trust-oriented architecture. Others maintain that Purdue remains useful as a conceptual framework for zone and conduit design, even if it cannot be implemented rigidly in modern environments.

Key Facts

The Purdue Model is referenced in ISA/IEC 62443 and NIST SP 800-82 as a baseline segmentation architecture
Level 3–4 boundary is the most critical IT/OT segmentation point and the most commonly violated
Modern IIoT and cloud connectivity have created "Level 3.5" DMZ architectures to accommodate external data flows
86% of industrial companies have connections that violate strict Purdue Model zone boundaries

How ORDR Addresses Purdue Model

ORDR supports Purdue Model-aligned segmentation by discovering and classifying devices at each level, generating segmentation policies that enforce communication restrictions between levels, and monitoring for cross-level traffic that violates intended zone boundaries. ORDR's zone and conduit architecture maps directly to Purdue level organization.

See ORDR in action

Frequently Asked Questions

Back to Glossary

Protect your operational technology.

ORDR discovers and monitors every OT asset in real time—even legacy PLCs and SCADA systems that cannot run agents.

REQUEST A DEMO OT Security Solutions