Cybersecure System Architectures

Cybersecurity Relates to all Architecture Levels in an Enterprise.

PERA defines architectural levels (typically from Level 0 process sensors to Level 5 Corporate Systems) according to the required Reliability, Repairability, Response and Resolution (4Rs). These are similar to (but different from) the Security Levels (SL0 to SL4) defined by the ISA 62443 ACS Cybersecurity Standard. Both standards however, involve separation of devices, systems and networks in order to manage performance and reliability. Ways to address and combine these different Levels concepts will be discussed in the PERA User Guides below.

It is necessary to address cybersecurity differently ACS and IT system environments:

• ACS (Automation and Control Systems ) involve industrial devices such as plant sensors and actuators, Human-Machine Interfaces (HMI), Supervisory Computers and Data Aquisition Systems (SCADA). ACS systems typically exist at the first 3 levels of the PERA Enterprise Architecture.


• IT systems exist at Architectural Levels "above" ACS. These systems analyze data provided by people, other IT systems or ACS, and present the resulting information to humans in various displays or printed reports. IT systems do not directly control plant equipment.


• OT systems are defined as systems that involve infrastructure and expertise of both ACS and IT systems. This is consistent with the original definition of "Operational Technology" as defined by Gartner. OT systems may indirectly control plant operations, but according to PERA principles should accomplish this only via ACS systems.

ACS and IT systems and networks are typically isolated from each other by Industrial firewalls, and are designed operated and maintained by specialists with different skill sets. ACS and IT environments also have quite different cybersecurity goals and security requirements as discussed below.

PERA was designed to address enterprises that include large scale manufacturing facilities and this is reflected in the MLMs, Learning Maps, and User Guides that comprise this website.

Generic Cybersecurity Concepts (all Industries)

• Cybersecurity Program Planning
• Cybersecurity Program Implementation
• Cybersecurity Program Operation


• Enterprise Cybersecure Architectures
• ACS Network Design Principles
• Secure Interfacing of IT and ACS Networks
• PERA Industry Classification System
• Cybersecurity Risks and Countermeasures

PERA User Guides (by Industry)

PERA User Guides are being developed for each Industry Class.
Please contact us if you can contribute.

• Process Industry (draft for review)
• Manufacturing Industry (future)
• Transportation Industry (future)
• Power Generation and Transmission Industry (future)
• Insurance Industry (future)
• Regulators (future)
• Educators (future)

Click here for a list of Industries where PERA has been applied.

Reference Articles on Enterprise Cybersecurity

The following are some useful Articles and Papers on Enterprise Cybersecurity.

• Applying ISO/IEC 27001/2 and ISA/IEC 62443 for OT Environments
• Quick Start Guide to ISA/IEC 62443 from ISAGCA.
• ISASecure Conformance Certification to ISA/IEC 62443
• Critical Infrastructure Ransomware Attack Tracker Reaches 2000 Incidents
• A Detailed Analysis of DCS Process Controllers and Associated Cybersecurity Risks

Last edited by Gary Rathwell, January 19, 2025

Back to PERA Home Page