##
IoT / ICS / SCADA
Where networking meets the physical world — and why operational technology plays by different rules.
// Purdue model (PERA) — IT/OT segmentation
| Level | Zone | Layer | What lives here |
|---|
| L5 | IT | Enterprise | Corporate IT — ERP, email, internet access |
| L4 | IT | Business / Logistics | Site business planning & IT systems |
| L3.5 | DMZ | Industrial DMZ | IT/OT boundary — jump hosts, patch & AV servers |
| L3 | OT | Site Operations | Historians, MES, production scheduling |
| L2 | OT | Supervisory Control | SCADA, HMI, engineering workstations |
| L1 | OT | Basic Control | PLCs, RTUs, DCS controllers |
| L0 | OT | Physical Process | Sensors, actuators, valves, motors |
Lower levels (0–3) are OT and control physical processes; upper levels (4–5) are IT. The Level 3.5 DMZ brokers all traffic between them — no direct IT↔OT path.
// ICS components
| PLC | Programmable Logic Controller — rugged controller running ladder logic |
| RTU | Remote Terminal Unit — field telemetry over WAN / radio |
| HMI | Human-Machine Interface — the operator’s screen |
| SCADA | Supervisory Control & Data Acquisition — central view of distributed sites |
| DCS | Distributed Control System — process control within one plant |
| Historian | Time-series database of all process data |
// IoT architecture layers
| Perception | Sensors & actuators collect and act on physical data |
| Network | Gateways & transport (Wi-Fi, cellular, LPWAN) move the data |
| Edge / Fog | Local processing near the devices — low latency, less backhaul |
| Application / Cloud | Analytics, dashboards, storage, ML |
// OT / industrial protocols
| Modbus | TCP 502 | Simple register read/write — no authentication |
| DNP3 | TCP/UDP 20000 | Utilities & SCADA; has a secure-auth variant |
| PROFINET | Ethernet | Real-time industrial automation (Siemens) |
| EtherNet/IP | TCP 44818 | CIP over Ethernet (Rockwell / Allen-Bradley) |
| BACnet | UDP 47808 | Building automation — HVAC, lighting |
| OPC-UA | TCP 4840 | Modern, secure, vendor-neutral — the OT successor |
// IoT protocols & radios
| MQTT | TCP 1883 / 8883 | Lightweight publish/subscribe via a broker |
| CoAP | UDP 5683 / 5684 | REST-like for constrained devices |
| AMQP | TCP 5672 | Reliable enterprise message queuing |
| Zigbee | 802.15.4 2.4 GHz | Low-power mesh — home & building |
| Z-Wave | sub-GHz | Home-automation mesh, less interference |
| BLE | 2.4 GHz | Short range — wearables, phones, beacons |
| LoRaWAN | sub-GHz | Long range, low bitrate (km-scale) |
| Thread | 802.15.4 | IPv6 mesh — the basis of Matter |
// IT vs OT — why they play by different rules
| IT | OT |
|---|
| Priority | Confidentiality → Integrity → Availability | Safety → Availability → Integrity → Confidentiality |
| Uptime | Reboots & maintenance windows are routine | 24/7 — downtime = lost production or safety risk |
| Lifespan | 3–5 years | 15–30 years of legacy equipment |
| Patching | Frequent, often automatic | Rare — tested, scheduled outages only |
| Protocols | TCP/IP, encrypted | Modbus / DNP3 — often cleartext |
// essentials
- IoT devices are numerous, low-power and often poorly secured
- Segment IoT onto its own VLAN / SSID, away from corporate data
- OT (Operational Technology) runs physical / industrial processes
- ICS = Industrial Control Systems; SCADA supervises them
- Protocols: Modbus, DNP3, PROFINET — often legacy / unencrypted
- OT priorities flip: availability & safety over confidentiality
- Air-gaps & DMZs isolate OT from IT networks
- IoT radios: Zigbee, Z-Wave, BLE, LoRaWAN