Cover Image for Why Purdue Model Level 0 Is the Most Important to Secure
Blog

Why Purdue Model Level 0 Is the Most Important to Secure

02.06.24 | By Ascent Solutions

If you had to divide a business into operating layers and prioritize by importance, how would you do it? Aren’t all elements of a business crucial to function? Cybersecurity strategy must rank which risk is most likely to topple a business’ continuity, working backward to solve the gap.

Business continuity and the Purdue Model

By industry, methods for organizing business function vary. For business’ running operational technology (OT) and industrial control systems (ICS), you’ll likely run into the Purdue model. Traditionally, the Purdue model ranks level 0 as the business’ physical processes, like the plant generator powering the process of filtering and cleaning the water or generating steam.

Level 1 adds sensors and actuators for operating controls, directing the machinery performing the base process, like a fail-safe off switch. Level 2 governs systems monitoring and manipulating processes, level 3 handles overall operations for the system managing production workflow scheduling, and levels 3.5, 4, and 5 typically govern network controls, enterprise network access, and external vendors or cloud.

Threat actors accessing any level of the Purdue model could hurt a business, but which level would stop the business in its tracks? Cybersecurity thought leaders often prioritize levels 4 and 5, the enterprise and cloud, as most important. But let’s flip the Purdue model on its head for a moment. Even though levels 4 and 5 hold confidential information, placement, and access at the highest position in the company, Level 0, the operating floor, controls cash flow.

Level 4 and 5 shutdown would cause serious problems, but prolonged business interruption in level 0 could cause a literal explosion. So how should businesses protect the less glamorous but still important level 0? Here’s five recommendations:

1: Change default passwords

If at all possible, change default passwords on floor equipment. Often, machinery access method hasn’t shifted since it was delivered from the vendor to your plant, meaning motivated threat actors who breach the vendor who made your equipment now know stock passwords for money-generating OT across the globe. Avoid that situation and reset factory defaults. If the device vendor doesn’t allow for password reset, introduce multi-factor authentication or secure access sign-on as another preventative measure.

2: Backup system processes

It’s nearly a cliché in security circles, but quality, validated backups make ransomware irrelevant. Backups detailing critical process and supporting equipment programming secure an OT environment from encryption or system reset.

3: Question device access to the network

Unless it’s necessary for two machines connected to the same access switch to communicate directly, segmenting their access through a virtual local area network (VLAN) reduces the compromised blast radius. For example, two machines may need to communicate with a server for GPS timing and access to operating instructions, but those two machines do not need to communicate with each other to complete tasks. Assign the least privileged access to each device sharing a network without inhibiting operations.

4: Scan your environment for software + code vulnerabilities

Vulnerability management for OT environments is crucial for tight security, but it’s also difficult to do without interrupting processes. We recommend controlled observation of your network traffic. That method is unlikely to interrupt operations and may help identify the firmware for each device, an indicator for common vulnerabilities and exposures (CVEs) if the contract language of the ICS equipment vendor allows for such observations.

5: Address cybersecurity expectations in vendor contracts

Before you sign a machinery contract, discuss the vendor’s process for identifying and releasing patches and incorporate your plan in the service level agreement (SLA). Most vendors today are mindful of cyber risks due to consistent attacks on industrial systems, but establishing a baseline is crucial to increasing your time to patch dangerous and exposed vulnerabilities.

Modern SecOps and OT Security

Understanding your business’ greatest risk gives you the tools to protect it. At Ascent Solutions, our team embraces Modern Security Operations in all aspects of securing our customer environments so they can focus on what matters most, their business.  If you’re interested in partnering with Ascent’s SOC team to secure your OT or IoT environment, reach out to info@meetascent.com.

Share this Post
Whether you’re starting your cybersecurity journey or you’re improving your security posture, our team is passionate about protecting your people and business.
content
Blog
Why Purdue Model Level 0 Is the Most Important to Secure

February 6, 2024 – If you had to divide a business into operating layers and prioritize by importance, how would you do it? Cybersecurity strategy must rank which risk is most likely to topple a business’ continuity.

content
Blog
Enabling Microsoft Security Copilot

December 19, 2023 – Security Copilot is Microsoft’s generative AI complement to its unified security platform. Here’s how to plan a security-aware implementation.

content
Blog
How to Respond to the United States AI Executive Order

December 12, 2023 – How should businesses respond to the United States’ AI Executive Order?