PURITY: An Industry-Standard-Based Security Framework for IT-OT Convergence

The convergence of Information Technology (IT) and Operational Technology (OT) introduces complex cybersecurity challenges, particularly for industrial control systems. This paper presents a security framework that integrates industry security standards into the Purdue model, offering a structured approach to safeguarding IT-OT networks. By mapping security controls from various security standards like ISO 27001, IEC 62443, NIST SP 800-82, and ISO 27033 to the individual Purdue model levels, this framework establishes a security baseline which focuses on small and medium-sized enterprises (SMEs) to enhance their network resilience. The proposed approach emphasizes layered security mechanisms, including network segmentation, access control, encryption, and incident response. In addition, risk assessment methodologies are applied to prioritize security measures, optimizing protection strategies against emerging threats. The implementation guidelines are tailored to address practical constraints in SMEs, ensuring accessibility and effectiveness. The findings underscore the importance of adopting a structured security framework to mitigate cybersecurity threats in industrial environments, aligning IT and OT security postures.

Download the article here.