Blog | JAN 28, 2025
From Sensors to Enterprise: How to Secure Telemetry Data Across the Entire Purdue Model
In the age of digital transformation, industrial control systems (ICS) and operational technology (OT) environments are increasingly interconnected with information technology (IT) systems. These environments, governed by a layered architecture that segregates systems into distinct levels, named Purdue Model are responsible for gathering, processing, and utilizing telemetry data to ensure safe, efficient, and reliable operations.
Telemetry data flows across the Purdue model, transforming and evolving as it moves from the physical process layer (Level 0) up to the business operations layer (Level 4/5). Nowadays, telemetry data is used for more advanced use cases such as Industrial AI or AIoT applications, which makes ensuring data integrity across the Purdue model layers a top priority. To achieve these objectives, technologies like data notarization, are used to ensure data integrity & authenticity. In this blog, we will explore the critical role of datanotarization in securing telemetry data, and how these practices support IT/OT convergence, and future analytics use cases.
What is Data Notarization?
Data notarization describes an innovative zero-trust approach which secures data integrity & authenticity by creating a cryptographic proof directly at the source or sensor. This proof is then anchored in an immutable security layer, establishing the root-of-trust. Once the data is secured, its integrity & authenticity can be verified throughout its entire lifetime. With this unique approach, Tributech is the first vendor helping companies establish a zero-trust solution for securing critical telemetry data used for automating processes and making data-driven decisions.
)
Understanding the Purdue Model and Telemetry Data Flow
The Purdue Model divides ICS/OT systems into layers that separate different types of operational and business processes. These layers are:
Level 0: Physical processes (sensors, actuators)
Level 1: Control devices (PLCs, RTUs)
Level 2: Supervisory systems (SCADA)
Level 3: Operations management (MES)
Level 4/5: Enterprise business systems (ERP, IT)
Telemetry data, generated at the lower levels (e.g., sensors, control devices), moves upward through these layers, being processed, analyzed, and acted upon in various ways. For instance, sensor data from Level 0/1 is used by Level 2 SCADA systems, in Level 3 operations management systems, and finally used in Level 4/5 for high-level decision-making and strategic business insights. Throughout this journey, the integrity of the data must be preserved to ensure that decision-makers can trust the information they are using.
)
Why Data Notarization is Critical
1. Data Integrity and Security
As telemetry data flows through the layers of the Purdue Model, it becomes susceptible to tampering, corruption, or unauthorized access. This risk is particularly high as data crosses from operational layers into enterprise IT environments. Without data notarization, any changes or manipulations can go undetected, leading to incorrect decisions or, worse, operational disruptions.
By embedding data notarization at the sensor level any changes or manipulation of the data will be detected, making it easier to identify where and when tampering or corruption occurred. This is essential for preventing cyberattacks and maintaining the operational reliability of critical infrastructure.
2. Trust and Accountability Across Layers
Each layer of the Purdue Model processes telemetry data differently. Data notarization ensures that stakeholders at every layer can trust that the data they receive is authentic. This is particularly important in environments where multiple teams or systems are interacting with the same data. For example, operations teams at Level 3 need to trust the sensor data they receive from Level 0/1, and business leaders in the enterprise layer (Level 4/5) need to have confidence that their high-level analytics are based on reliable data.
3. Regulatory Compliance and Auditing
In industries like energy, manufacturing, and healthcare, organizations are required to comply with strict regulatory standards around data integrity and security. Data notarization provides the traceability needed to demonstrate compliance with these standards, ensuring that organizations can prove how telemetry data was handled, processed, and stored.
4. Context for Better Decision-Making
Telemetry data is only as valuable as the context in which it’s used. Decision-makers at higher levels of the Purdue Model rely on this data to optimize operations, improve efficiencies, and make strategic business decisions. Without knowing the full history of the data—where it came from and what systems interacted with it—decision-makers lack the context necessary to fully trust the information.
The Growing Importance of Securing Telemetry Data
1. Increased Cyber Threats
Industrial environments are increasingly targeted by sophisticated cyberattacks, such as ransomware, advanced persistent threats (APTs), and data breaches. Attackers are now specifically targeting ICS and OT environments due to their critical nature. The 2021 Colonial Pipeline cyberattack demonstrated how vulnerable critical infrastructure is to cyberattacks and the devastating consequences of compromised operational data. Recent news articles also indicate that attackers already gained access to critical environments and are able to „wreak havoc“ on critical infrastructure.
Data notarization is vital for detecting, mitigating, and recovering from such attacks, as it provides a clear trail of what data can be trusted and what data has been compromised.
2. Complexity of Modern Industrial Systems
As industrial systems become more connected and data volume increases, ensuring the integrity and security of telemetry data across the Purdue Model is more challenging than ever. The complexity of these systems creates more opportunities for errors or malicious tampering. Data notarization helps protect this growing volume of data by ensuring its integrity from the moment it is created.
3. Regulatory and Compliance Pressures
Governments and regulatory bodies are increasingly enforcing stricter guidelines around data security and integrity, particularly for critical infrastructure. Failing to maintain proper data integrity can lead to costly fines, reputational damage, and even operational shutdowns. Data notarization ensures compliance by offering a transparent audit trail for all telemetry data handling.
Enabling Seamless IT/OT Convergence with Trusted Data
As the lines between IT and OT environments blur, the convergence of these systems brings new opportunities but also new challenges. The integration of telemetry data from OT systems with IT environments for advanced analytics and decision-making is becoming increasingly common, but it also creates additional risks. Data that travels between these environments must be secured and trusted.
1. Ensuring Data Integrity Across IT/OT Convergence
When OT data is integrated with IT systems for predictive maintenance, supply chain optimization, or AI-driven analytics, maintaining data integrity becomes critical. Data notarization ensures that data is accurate and trustworthy as it flows between OT environments and IT systems, enabling more reliable and actionable insights.
2. Enabling Advanced Analytics Use Cases
Telemetry data is the backbone of future analytics use cases in industrial environments. From predictive maintenance to real-time optimization and AI-driven decision-making, the reliability of these analytics depends entirely on the quality and integrity of the underlying data. Data notarization ensures that this data retains its authenticity throughout its lifecycle, providing a solid foundation for advanced analytics.
3. Supporting Digital Twins
As industries adopt digital twin technologies to simulate and optimize operations, ensuring that telemetry data feeding into these digital replicas is accurate and trustworthy is critical. Data notarization ensures the data used to create and maintain digital twins is reliable, improving the resilience of simulations and predictions.
Benefits of Tributech’s Data Notarization Technology
Data notarization takes the concept of data provenance one step further by creating a cryptographic proof of the telemetry data at its point of origin, typically at Level 0/1, ensuring it cannot be altered without detection. This approach adds a necessary layer of protection to telemetry data as it moves through the Purdue Model.
Create Cryptographic Proof of Data at the Source
By embedding data notarization into sensors, actuators, or gateways, a cryptographic proof will be created for telemetry data at its point of origin. This ensures that if any tampering or corruption occurs further up the Purdue Model, the system can easily detect and reject the compromised data.
Verification across the data lifetime
With data notarization, systems at higher levels can verify the authenticity of the data over the entire data lifetime. This starts at the point of initial data collection and covers the usage of data in multiple applications, such as IoT or AI services, and is also enabled for historical data to provide a tamperproof chain of custody.
Immutable Security Layer
Within Tributech’s data notarization technology the proofs generated at the data source are stored within an immutable security layer. This adds an extra layer of trust and transparency, ensuring that telemetry data is fully secure and traceable across all levels of the Purdue Model.
Additional Context
Tributech leverages the digital twin definition language (DTDL) for giving additional context and adding metadata descriptions, which makes it easier to understand when data is being used at Level 4/5 of the Purdue Model. Examples are the naming of every data stream, the collection frequency, the unit, the point of collection and the name of the data source.
Conclusion
As industrial systems evolve and the IT/OT convergence accelerates, securing telemetry data across the layers of the Purdue Model is more critical than ever. Data notarization offers a powerful tool for maintaining data integrity, security, and compliance, ensuring that telemetry data can be trusted as it moves through ICS/OT environments and into IT systems.
By incorporating data notarization at the device or gateway level, organizations can add a necessary layer of security, ensuring that data is tamper-proof from its point of origin. Together, these technologies pave the way for more secure, reliable industrial systems and enable future analytics and IT/OT convergence use cases that rely on trusted data.
Would you like to discuss your organization's data security strategy? Contact us and ensure the integrity of your data right from the start.
Blog | JAN 28, 2025
)
)
)
)
)
)
)
)