Parting ways with Purdue? – The Effect of Industry 4.0 on Industrial Control Systems Security Architectures


Michael McGinley is an Associate at PwC UK, having joined the firm as a graduate in September 2020. His work involves detection engineering and analysis, working as part of PwC’s Managed Cyber Defence team to protect clients from new and existing threats to their infrastructure. Michael gained his Masters degree in Computing Science from University of Glasgow in 2020, his research project focusing on Industrial Control Systems security training, working within the Glasgow Cyber Safety Lab.

Michael McGinley, PwC UK

Talk Contents

Industrial Control Systems (ICS) security has historically relied on network segmentation and segregation, in order to separate process control from vulnerable internet-facing networks using hierarchical zones separated by firewalls. Industry 4.0 and Industrial Internet of Things (IIoT) rely on ‘smart’ control devices connecting directly to cloud networks, bypassing the logical hierarchy of reference architectures such as the Purdue Enterprise Reference Architecture. This talk will firstly deliver an overview of the necessity for security in ICS, looking at historic vulnerabilities and risks, which secure reference architectures aim to mitigate. I will also provide an introduction to the Purdue Model, explaining its history and significance to ICS implementations across various sectors. I will then examine the limitations in current ICS security standards in the context of Industry 4.0, and explore new solutions which address these issues, while also discussing their shortcomings. I will finally discuss the relevance of the Purdue Model going forward and attempt to identify areas in which it could be modified to better suit IIoT networks. It is hoped that this talk will provide ICS novices with a solid understanding of the security issues which face these systems and that more experienced attendees will expand their knowledge of secure control system architectures, particularly those that involve newer technologies.