By way of an example of how digital transformation has fundamentally changed the way things are done, just consider how buildings are managed and operated. This development is particularly advanced in the area of facility management from the use of what is known as the "digital ceiling." This technology integrates different building systems such as lighting, heating, cooling, and security on a single, intelligent network platform. The benefits offered by this kind of integration are huge: Besides significant efficiency boosts attributable to the automation of building services, the technology also improves cost efficiency in facility management.

In this article, I focus on the challenges of the digital ceiling and of establishing the framework for a more in-depth discussion of the Purdue Model and its application in the context of modern facility networking. I then go on to explore how the Purdue Model helps ensure secure and efficient networking in facility management by highlighting specific security strategies for each level of the technologic implementation.

Digital Ceiling

The digital ceiling relies on IP-based communication and is powered by Power over Ethernet (PoE), enabling direct connections over the facility network with state-of-the-art Ethernet switches. Although these technologic advances open up new options, they also harbor specific risks. Centralized control of a zoo of systems on a network extends the attack surface for cyberattacks, with a greater risk of data leaks or even manipulation of critical systems.

Many security risks (e.g., misconfigured access controls and poor authentication mechanisms) lead to a greater risk of unauthorized access. Moreover, widespread data acquisition and processing by smart building systems poses a considerable challenge in terms of data protection, particularly with regard to personal data.

Facility Networking

The differentiation between information technology (IT) and operational technology (OT) plays a central role in understanding modern facility networking systems or industrial networking in general. IT systems are primarily responsible for managing and processing data and information, and IT infrastructures typically consist of servers, computers, software and databases that are mainly geared towards supporting business processes. In contrast to this, OT focuses on directly controlling and managing physical devices. These devices, including industrial control systems, sensors, and robots, are generally used in production facilities and service provision and help to automate physical processes.

The advanced implementation of OT in facility management, as exemplified by the digital ceiling, impressively demonstrates the interaction of these technologies. The digital ceiling, an ecosystem of interconnected devices and systems, leverages the benefits of both IT and OT to create an efficient, smart environment. Modern LED luminaires controlled by PoE, adaptive climate controls with sensors for temperature and air quality, and integrated security systems with surveillance cameras and access controls are just a few examples of the harmonization of IT and OT on a unified network.

These systems are not only energy-efficient, but also dynamically adapt their functions to the ambient conditions and the presence of people, all of which helps to optimize power consumption and improve user comfort. Of course, this convergence brings with it specific security problems that simply do not exist in traditional IT environments:

• Patching and updates: Many OT devices are designed for longevity and continuous operation and are less likely to see regular software updates, which can aggravate risk by the use of outdated software with known vulnerabilities.
• Agent-based security measures: Because of the limited computing capacities of many OT devices, the use of conventional security software is typically impossible. Instead, you need customized products that were specially developed for use in OT environments.
• Over-the-air (OTA) updates: Although OTA programming provides a convenient way to update software, it needs a secure design to prevent manipulation en route.
• Proprietary systems: Many OT systems are based on proprietary technology, which makes it difficult for external security experts to check and secure them. Additionally, vendor tie-in can lead to challenges if support is discontinued.
• Physical security risks: OT devices are often exposed to physical threats, which can range from environmental influences to direct tampering.

Effectively securing networked OT systems requires a differentiated approach that takes into account both technical and operational specifics. You will need targeted security measures to address the challenges of OT security in modern building environments while maximizing the benefits of IT/OT convergence.

Purdue Model

The Purdue Model, formally known as Purdue Enterprise Reference Architecture (PERA), has been a fundamental part of industrial IT architecture since its development at Purdue University in the early 1990s (Figure 1). It acts as a bridge between OT and IT and provides a clear and structured method to ensure that automation systems communicate efficiently and securely with enterprise systems.

Figure 1: The five levels of the Purdue Model for industrial control systems. (Above: DMZ, demilitarized zone.)

The model is divided into five levels, plus the Internet level, each of which represents different aspects and functions within an industrial network. Levels 0, 1, and 2 relate to direct production control. Level 0 includes sensors and actuators that interact directly with the physical environment to measure and control physical variables. Level 1 encompasses smart devices, such as programmable logic controllers (PLCs) that handle basic automation control tasks. Level 2 refers to higher level control systems that provide process controls and operational monitoring.

Level 3 deals with operations management and bridges the gap between direct production control and business applications. It is where production planning takes place and operational processes are managed. Level 4 takes care of enterprise management in the scope of enterprise resource planning (ERP), which is essential for handling inventory management, order management, and financial accounting. Level 5 represents the highest level of corporate planning, where strategic decisions are made and analyses are carried out on the basis of aggregated data.

Above all these levels is the connection to the Internet, forming a critical interface to the outside world. On one hand, external networking enables the efficient use of cloud services and the exchange of data across company boundaries; on the other, it harbors increased risks in the form of potential cyberattacks.