4 Architecture and Design Principles of OT Systems
Introduction
�Topics
• Understanding OT System Architecture
• Types of OT System Architectures
• Design Considerations for OT Systems
• Best Practices for OT System Design
�Understanding OT System Architecture
�Elements of OT System Architecture
• Hardware
• Industrial machinery and control systems
• Like PLCs, DCS, and SCADA
• Network devices
• Like switches, routers, and rewalls
• Endpoints
• Like sensors and actuators
fi
�Elements of OT System Architecture
• Software
• Applications to control processes, analyze data, and support
decision-making
• HMI (Human-Machine Interface) applications
• Data historians
• Predictive maintenance tools
• Etc.
�Elements of OT System Architecture
• Networking
• LANs, WANs, eldbus networks, and wireless networks
• Fieldbus
• Industrial digital communication networks
• Used for real-time control
• Including Modbus and Pro bus
• There are many eldbus networks, listed at
https://en.wikipedia.org/wiki/Fieldbus
• DNP3 is not included on the list
fi
fi
fi
�Elements of OT System Architecture
• Control Systems
• Like PLCs, DCS, and SCADA
• Interfaces
• Points where users or other systems interact with OT systems
• HMI where operators monitor and control processes
• APIs where software applications interact
• Gateways between OT and IT systems
�Types of OT System Architectures
�Centralized and Distributed
• Centralized Architecture
• A central system, like a SCADA system or PLC
• Oversees and manages all connected OT devices and
processes
• Simpli es control and coordination
• Can create a single point of failure
• Distributed Architecture
• Control and decision-making tasks are distributed
• Among several systems (like SCADA systems or PLCs)
• Improved redundancy and resilience
• More complex to manage
fi
�Hierarchical
• Hierarchical Architecture
• Layers of control
• Field devices at the bottom, (sensors and actuators)
• Controlled by local controllers (PLCs)
• Managed by supervisory systems (SCADA)
• Overseen by enterprise level IT systems
• Provides a clear command structure and control segregation
• Requires careful coordination and integration
�Networked and Hybrid
• Networked Architecture
• Multiple systems connected to a network
• Enhances information sharing and collaboration
• Must manage network reliability and security
• Hybrid Architecture
• Combines di erent architectural styles
ff
�Design Considerations for OT Systems
�Design Considerations
• Reliability and Availability
• Robust components, redundancy, fault-tolerant systems, and
backup systems
• Scalability and Flexibility
• Anticipating future growth
• Modular architectures that allow easy expansion
• Technologies that can accommodate changing demands
without disrupting ongoing operations
�Design Considerations
• Interoperability
• Selecting compatible protocols and standard interfaces
• Integration strategies that enable seamless communication
and data exchange
• Safety and Security
• Safety measures
• Fail-safe operation
• Compliance with industry standards and regulations
• Cybersecurity controls
• Network segmentation, access control, encryption
�Design Considerations
• Usability and Human Factors
• Intuitive user interfaces
• Clear and actionable information
• Ergonomics
• Incorporating user feedback
• Cost and Return on Investment
• Balance functionality, reliability, and costs
• Total cost of ownership
�Best Practices for OT System Design
�Best Practices
• Requirements
• Engage with stakeholders, users, and experts
• Delineate operational objectives, performance standards,
regulatory obligations, and safety prerequisites
• Modularity and Scalability
• Modular design
• Standard interfaces and protocols
�Best Practices
• Resilient Network Infrastructure
• Segmentation to isolate critical parts
• Secure remote access points
• Regulate access controls
• Cybersecurity
• Multi-layered defense: rewalls, IDS/IPS, access controls
• Updates and patching
fi
�Best Practices
• Data and Analytics
• Ensure data privacy and integrity with
• Retention policies, backup mechanisms, and data
governance practices
• Use analytics to extract insights and ne-tune performance
• Education and Documentation
• Empowers operators and users to operate and maintain the
OT system
• System con gurations, procedures, and troubleshooting
guides
fi
fi
�Best Practices
• Testing and Validation
• Functional and performance tests
• Security assessments
• Proactive Maintenance and Upgrades
• Consistent updates to rmware, software, and security
measures
• Regular audits and assessments
fi
�Ch 4
