Understanding the territory¶

A control room filled with overloaded brass consoles, flickering gauges, tangled tubes, emergency levers, and a giant schematic of the Purdue Model hanging on the wall

Understanding what we’re attempting to secure sounds obvious, yet organisations routinely skip this step and proceed directly to installing firewalls around systems they do not understand, protecting assets they have not identified, and defending against threats not considered. Rather like Vetinari attempting to secure Ankh-Morpork without first understanding that the Thieves’ Guild considers theft a legitimate profession, or that the Seamstresses’ Guild isn’t actually about sewing.

It is probably more complicated than we think, contains more legacy systems than anyone admits, and is most likely held together with configurations someone implemented in 2003 and nobody dared change because “it works.”

Start here:

What makes OT different from IT
OT architectures and the Purdue Model
Common OT protocols
Key components