Page 59 - 108
P. 59

Many modern critical                 mon is a widely adopted reference in the energy
                 infrastructures rely on Ethernet     sector based on an architecture developed at Pur-
            “technology. However, this                due University known as the Purdue model.
                                                      The Purdue model separates the complex archi-
                 technology was not originally        tecture of an ICS into fi ve different levels (see table
                 designed to supply the level         1).
                 of performance, reliability,         Although Level 3.5 is located in the middle of the
                                                      Purdue model, it represents a crucial layer, as it is
                 and cybersecurity required           the access gateway providing IT access for go-
                 by modern industrial control         vernance function and support. It creates a barrier
                                                      between the IT and OT networks and can also help
                 systems (ICSs)                       prevent infections within the IT environment from
                                                      spreading to OT systems and vice versa.
                                                      Multiple cyber attacks reported in the past were
            single device. The complete architecture of any IT/  successful due to a lack of segmentation betwe-
            OT system needs to be designed following a pro-  en IT and OT; in many cases, the attackers could
            per cyber-risk assessment. Among the most com-  move through the IT network and reach the OT in-  Table 1

                                                           Enterprise resource planning (ERP), databases, e-mail servers, and
             Level 4/5    Enterprise/business level        other systems to manage the planning and manufacturing and busi-
                                                           ness decisions
                                                           Provides separation between
             Level 3.5    Demilitarized zone
                                                           IT (Levels 4–5) and OT (Levels 1–3)
                                                           Advanced system for visualization, archiving and engineering of geo-
                                                           graphically distributed control and/or manufacturing systems
             Level 3      Centralized control center
                                                           (i.e., dispatch centers and wide-area
                                                           monitoring systems)
                          Devices that control the entire pro-  Human-machine interfaces (HMIs) and supervisory control and data
             Level 2
                          cesses (locally)                 acquisition (SCADA)
                          Devices that monitor and send control
             Level 1      equipment                        PLCs, RTUs, and intelligent electronic devices (IEDs)
                          at Level 0
                          Physical components of           Motors, pumps, sensors, circuit breakers,
             Level 0
                          the process                      and transformers





































                                                                                Impiantistica Italiana - Novembre-Dicembre 2023  55
   54   55   56   57   58   59   60   61   62   63   64