The Industrial Control Systems in a power plant, water treatment facility, or manufacturing line were designed for isolated networks. They’re now on IP networks, often with paths to the internet. This module covers why OT/ICS remains catastrophically vulnerable at the network layer β and why the gap between IT and OT security still produces nation-scale incidents.
Why this happens
ICS equipment has 15-30 year lifecycles. A PLC commissioned in 2005 is still running in 2026. It has the network security of 2005: clear-text protocols, no authentication, vulnerability to any packet sent by anyone on its LAN. You cannot patch it β vendor stopped shipping firmware updates in 2015. You cannot easily replace it β replacement is a multi-million-dollar facility-wide project.
Meanwhile, the business wants visibility into OT: historians pulling data to corporate dashboards, predictive maintenance using cloud analytics, remote access for vendor support, integration with enterprise MES. Every one of these use cases creates a network path from IT to OT.
The result: ancient unpatched systems connected to networks that eventually touch the internet.
The Purdue model (and why it erodes)
LEVEL 5 Enterprise IT (corporate, internet-connected)
βββββββββββββββββββββββββββββββββββββ IT/OT DMZ (conceptual boundary)
LEVEL 4 Site Business Network (plant IT, ERP, MES)
βββββββββββββββββββββββββββββββββββββ
LEVEL 3 Site Operations (engineering workstations,
historian, batch management)
βββββββββββββββββββββββββββββββββββββ
LEVEL 2 Supervisory Control (SCADA) (HMI, SCADA servers)
βββββββββββββββββββββββββββββββββββββ
LEVEL 1 Basic Control (PLCs, RTUs, controllers)
βββββββββββββββββββββββββββββββββββββ
LEVEL 0 Process / Field Devices (sensors, actuators, motors)
Defenders aim to keep 0-3 isolated from 4-5. Attackers need only one path to work downward. Real environments always have paths β engineering workstations bridging levels, vendor remote access through DMZ, historian databases replicated to corporate, shared AD / authentication across tiers.
The protocols that make OT attack easy
Industrial protocols β Modbus, DNP3, EtherNet/IP, S7Comm, IEC 60870-5-104, Profinet β were designed for trusted networks. None require authentication by default. All allow write operations (change setpoints, stop CPUs, modify logic).
π Advanced Module Β· Pro Tier
Continue reading with Pro tier (βΉ4,999/year)
You've read 25% of this module. Unlock the remaining deep-dive, quiz, and every other Advanced/Expert module.
136+ modulesAll levels up to this tier
20-question quizzesUnlimited retries with explanations
Completion certificatesShareable on LinkedIn
6 more sections locked below
