ICS Architecture Explained: PLC, SCADA, DCS, and Industrial Protocols (A Practical Guide)

84

Introduction: What “ICS Architecture” Really Means

Industrial Control Systems (ICS) are the nervous system of modern industry. They sense the physical world (temperature, pressure, flow, vibration), make decisions (control logic), and actuate outcomes (open a valve, start a motor, stop a pump, slow a conveyor).

When people say “ICS architecture,” they usually mean:

1. The components: PLCs, DCS controllers, RTUs, SCADA servers, HMIs, historians, engineering workstations, safety systems, drives, sensors, actuators.
2. The layers: how control networks are segmented from site operations and enterprise IT (often described with the Purdue model).
3. The communications: industrial protocols that move telemetry and commands between devices (Modbus, DNP3, OPC UA, Profinet, EtherNet/IP, etc.).
4. The data flow: how signals become tags, how tags become trends, alarms, reports, and analytics.
5. The operational constraints: availability, determinism, safety, lifecycle, and vendor ecosystems.

This article explains ICS architecture in a way that matches how real facilities are built—whether you’re in manufacturing, oil & gas, utilities, water, pharmaceuticals, food & beverage, or building automation.

ICS architecture is the design of how industrial control components—such as PLCs, SCADA systems, DCS controllers, HMIs, historians, and industrial networks—are arranged and connected to monitor and control physical processes. It includes control layers (field devices, controllers, supervisory systems), data flows (telemetry, alarms, commands), and industrial protocols (Modbus, DNP3, OPC UA, Profinet, EtherNet/IP) that enable deterministic and reliable operation.

The Core Building Blocks

Before comparing PLC vs SCADA vs DCS, it helps to understand the “atoms” of an ICS.

Field Devices (Level 0)

These interact directly with the physical process:

• Sensors/transmitters: temperature (RTD/thermocouple), pressure, flow, level, vibration, pH, conductivity
• Actuators: valves, solenoids, relays, contactors
• Motors and drives: VFDs (variable frequency drives), soft starters
• Instrumentation networks: HART, IO-Link, FOUNDATION Fieldbus, Profibus PA

Field devices produce signals that are either:

• Discrete (on/off): limit switches, E-stops, proximity sensors
• Analog (continuous): 4–20 mA, 0–10 V, pulse, or fieldbus values

Controllers (Level 1)

Controllers execute logic and closed-loop control:

• PLCs (Programmable Logic Controllers)
• DCS controllers (Distributed Control System controllers)
• RTUs (Remote Terminal Units) for remote sites
• PACs (Programmable Automation Controllers) in some vendor naming schemes

They handle:

• high-speed discrete logic
• PID loops (in many cases)
• sequencing and interlocks
• alarming and permissives
• communications to upstream supervisory systems

Supervisory & Operations Systems (Levels 2–3)

These are the systems people interact with:

• HMI (Human-Machine Interface): local/operator screens
• SCADA: supervisory control, central monitoring, alarm management
• Historian: time-series storage for tags and events
• Batch/recipe systems: ISA-88 style batch control (common in pharma/chem)
• MES / MOM integration: production tracking, quality, genealogy, OEE (often Level 3/4 boundary)

Safety Systems (Often parallel to Level 1–2)

Safety is frequently separate by design:

• SIS (Safety Instrumented System) / safety PLC
• Safety functions (SIFs), interlocks, emergency shutdown (ESD)
• Safety networks (vendor-specific)
• Strict management of change (MoC)

---

PLC vs SCADA vs DCS: What Each One Does

A common misconception: “SCADA is the controller” or “DCS is just SCADA for factories.” In reality, these terms describe different roles in the control stack.

PLC (Programmable Logic Controller)

A PLC is a rugged industrial controller designed for reliability in harsh environments and fast deterministic logic.

Best at:

• discrete control (conveyors, packaging lines, machine automation)
• high-speed sequencing and interlocks
• modular I/O close to equipment
• machine-level control and cell-level control

Typical programming languages (IEC 61131-3):

• Ladder Logic (LD)
• Function Block Diagram (FBD)
• Structured Text (ST)
• Sequential Function Charts (SFC)

SCADA (Supervisory Control and Data Acquisition)

SCADA is a supervisory layer that monitors and controls many distributed assets.

Best at:

• centralized monitoring of multiple controllers/sites
• alarm management and dispatch
• trending and reporting
• operator workflows for remote assets (pipelines, substations, water systems)
• integration with historians and enterprise reporting

SCADA typically connects to PLCs/RTUs and provides:

• HMI screens
• alarm lists and events
• user access control
• data acquisition and tag management

DCS (Distributed Control System)

A DCS is an integrated control system designed for continuous process control with a unified engineering environment, robust redundancy, and deep function libraries.

Best at:

• continuous processes (refining, chemicals, power generation, pulp/paper)
• large numbers of analog loops and control strategies
• integrated redundancy (controllers, networks, servers)
• consistent operator experience and lifecycle support

DCS systems often include:

• controllers (process controllers)
• I/O subsystems (often distributed)
• operator stations (HMI)
• engineering stations
• built-in alarm/event/historian capabilities (vendor-dependent)

Quick Comparison Table: PLC vs SCADA vs DCS

Aspect	PLC	SCADA	DCS
Primary role	Control logic execution	Supervisory monitoring & control	Integrated process control platform
Scope	Machine/cell/area	Site-wide or multi-site	Plant-wide continuous process
Typical industries	Discrete manufacturing, packaging	Water/wastewater, utilities, pipelines	Chemical, refining, power, large process plants
Redundancy	Optional / design-dependent	Server-side redundancy possible	Commonly built-in end-to-end
Engineering	Device/program-centric	Tag/database-centric	Unified system engineering
Latency sensitivity	High (machine control)	Medium	High for loops, medium for supervisory
Common pairing	PLC + HMI/SCADA	SCADA + PLC/RTU	DCS + SIS + historians

Key idea: PLC and DCS are primarily control platforms, while SCADA is primarily a supervisory platform.

How ICS Data Flows: From Sensor to Screen to Historian

Let’s walk through a typical end-to-end flow.

1. Sensor measures (e.g., pressure transmitter outputs 4–20 mA)
2. I/O module converts signal to a digital value
3. Controller executes logic:
   • scale engineering units
   • run PID loop
   • check interlocks
   • set output to valve or VFD
4. Controller publishes data to SCADA/HMI:
   • process value (PV)
   • setpoint (SP)
   • output (OP)
   • alarm status
5. Historian stores time-series values:
   • periodic samples
   • exception-based collection (only changes beyond deadband)
   • events/alarms
6. Operations and engineering consume:
   • operator screens
   • trends and reports
   • maintenance dashboards
   • quality systems / MES

“Tags” are the currency of ICS

A tag is a named variable representing a process value or state. Examples:

• Boiler_1.SteamPressure_PV
• Line3.ConveyorMotor.RunCmd
• TankA.Level_HighHigh_Alarm

Tags can exist in:

• PLC memory (controller tags)
• SCADA tag database
• historian tag list
• MES mappings

Consistency and naming conventions matter more than most teams expect.

---

The Purdue Model: A Simple Mental Map of ICS Architecture

Many teams use the Purdue Enterprise Reference Architecture to describe ICS layers. It’s not perfect, but it’s useful for understanding where systems typically sit.

Purdue Levels (Common Interpretation)

• Level 0: Physical process (sensors, actuators)
• Level 1: Basic control (PLCs, RTUs, drives)
• Level 2: Area supervisory control (HMI, SCADA clients, local servers)
• Level 3: Site operations (historians, OT services, patch staging, backup, domain services in some plants)
• Level 3.5: Industrial DMZ (buffer zone between IT and OT)
• Level 4: Enterprise IT (ERP, corporate services)
• Level 5: External networks (internet, cloud services)

Why Level 3.5 (Industrial DMZ) matters

The industrial DMZ is where you place systems that broker or replicate data between IT and OT without allowing uncontrolled direct access.

Common DMZ assets:

• historian replication node
• jump host / remote access gateway
• file transfer gateways
• antivirus update staging
• API gateways for OT data export

ICS Reference Architecture

Below is a simplified but realistic architecture showing where PLC/SCADA/DCS and protocols typically appear.

             Enterprise IT (Level 4)
    +--------------------------------------+
    | ERP / BI / Email / Cloud / SOC tools  |
    +-------------------+------------------+
                        |
                        | (firewall / rules / data brokers)
                        v
           Industrial DMZ (Level 3.5)
    +--------------------------------------+
    | Jump Host | Historian Replica | FTG   |
    | Remote Access Gateway | API Broker    |
    +-------------------+------------------+
                        |
                        | (strictly controlled conduits)
                        v
             Site Operations (Level 3)
    +--------------------------------------+
    | OT Historian | Patch Staging | Backup |
    | Asset Mgmt   | Engineering Tools (opt)|
    +-------------------+------------------+
                        |
                        v
        Supervisory Control (Level 2)
    +--------------------------------------+
    | SCADA Servers | HMI Stations | Alarms |
    +-------------------+------------------+
                        |
                        v
           Basic Control (Level 1)
    +--------------------------------------+
    | PLCs / DCS Controllers / RTUs / VFDs  |
    +-------------------+------------------+
                        |
                        v
             Physical Process (Level 0)
    +--------------------------------------+
    | Sensors | Valves | Motors | Actuators |
    +--------------------------------------+

Industrial Networks: The “How” of ICS Communication

ICS networks must deliver:

• reliability (packets arrive)
• determinism (timing is predictable)
• segmentation (faults don’t cascade)
• serviceability (maintenance can troubleshoot quickly)

Common ICS network types

1) Serial networks (legacy, still common)

• RS-232 / RS-485 multidrop
• used by legacy PLCs, RTUs, and field devices
• protocols: Modbus RTU, DNP3 serial, vendor-specific

2) Industrial Ethernet (dominant today)

• Ethernet physical layer, but often with industrial real-time requirements
• protocols: Profinet, EtherNet/IP (CIP), Modbus TCP, OPC UA, IEC 61850 (power), BACnet/IP (buildings)

3) Fieldbus networks (instrumentation-focused)

• FOUNDATION Fieldbus, Profibus PA, HART-IP, IO-Link
• optimized for sensors/actuators and device diagnostics

4) Wireless (growing, but carefully applied)

• WirelessHART, ISA100, Wi-Fi for non-critical monitoring
• typical use: condition monitoring, difficult cabling locations

Industrial Protocols Explained (With Practical Context)

Industrial protocols define how devices represent data, request values, write commands, report alarms, and synchronize time. Some are “open,” some are semi-open but vendor-driven, and many are deployed in hybrid ways.

A Protocol Cheat Sheet (High-Level)

Protocol	Where it’s common	Transport	Strengths	Typical limitations
Modbus (RTU/TCP)	Manufacturing, utilities, instrumentation	Serial / TCP	Simple, ubiquitous, easy to integrate	Minimal native security; data model is basic
DNP3	Electric/water utilities, remote telemetry	Serial / TCP	Good for remote sites, events, time-stamping	Security depends on deployment; older installs lack hardening
OPC UA	Plant-to-IT/IIoT integration, modern SCADA	TCP	Rich information model, supports security features, interoperability	Requires good certificate/PKI practices; complexity
Profinet	Siemens-heavy manufacturing/process	Ethernet	Real-time control, strong ecosystem	Vendor ecosystem complexity; design discipline needed
EtherNet/IP (CIP)	Rockwell-heavy manufacturing	Ethernet	Wide adoption, device profiles	Segmentation and configuration quality matter
Profibus (DP/PA)	Legacy + instrumentation	Serial-like fieldbus	Proven, deterministic	Modernization path needed; security features limited
HART	Instrumentation	Analog + digital overlay / IP variants	Device diagnostics, compatibility	Not a high-speed control bus
FOUNDATION Fieldbus	Process instrumentation	Fieldbus	Function blocks in field devices	Engineering complexity; vendor dependencies
IEC 60870-5-104	Utilities (regional)	TCP	Telecontrol standard	Security depends on architecture
IEC 61850	Substations	Ethernet	Substation automation, GOOSE messaging	Requires careful engineering and segmentation
BACnet	Building automation	IP / MS/TP	Interoperability for HVAC	Security maturity varies by deployment

Now let’s unpack the most common protocols you’ll run into when discussing ICS architecture.

---

Modbus (RTU and TCP): The “Common Denominator” Protocol

What it is

Modbus is one of the oldest and most widely supported industrial protocols. It uses a simple request/response model:

• A client (master) requests data
• A server (slave) responds

Where it appears in architecture

• PLCs talking to drives, meters, and skid equipment
• SCADA polling remote devices
• Gateways bridging serial Modbus RTU to Modbus TCP
• Mixed-vendor integration where simplicity matters

Data model basics (why it feels “low level”)

Modbus organizes data into tables:

• coils (discrete outputs)
• discrete inputs
• input registers
• holding registers

This is why Modbus integrations often require careful register mapping documents.

Architectural implications

• Modbus TCP is easy to route—sometimes too easy—so segmentation matters.
• It’s common to see Modbus used across zone boundaries when a gateway is installed without a security review.

---

DNP3: Built for Remote Telemetry

What it is

DNP3 (Distributed Network Protocol) is common in utilities and remote operations. It supports:

• events (not only polling)
• time-stamped data
• better behavior over unreliable links than some simpler protocols

Where it appears

• RTUs in substations, pumping stations, water treatment remote sites
• SCADA master stations communicating to many field sites
• telemetry over leased lines, radio, cellular, or IP networks

Architectural implications

DNP3 environments often have:

• many geographically distributed sites
• constrained bandwidth links
• strong need for operational resilience (communications dropouts are normal)

---

OPC UA: The Modern Bridge Between OT Systems and Applications

What it is

OPC UA (Unified Architecture) is widely used for interoperability. Unlike older OPC (COM/DCOM), OPC UA is designed for modern networks and supports:

• richer data models
• structured namespaces
• client/server and pub/sub patterns (depending on implementation)
• security capabilities (certificates, encryption, signing)

Where it appears

• SCADA/HMI aggregating data from multiple PLC brands
• historians collecting from multiple sources
• OT data gateways feeding analytics, MES, or cloud platforms
• standardized information layers (e.g., exposing “equipment models” rather than raw registers)

Architectural implications

OPC UA can simplify integration—but only when you treat it as an engineered service, not “just open a port.” Typical architecture decisions include:

• Where OPC UA servers live (near controllers vs aggregation tier)
• How certificates are issued/rotated (PKI discipline)
• Whether you use UA for control writes or read-mostly telemetry

---

Profinet: Real-Time Industrial Ethernet (Common in Siemens Ecosystems)

What it is

Profinet is an industrial Ethernet standard used heavily in manufacturing and process environments, especially where Siemens is a major vendor. It supports real-time communication classes, enabling deterministic I/O.

Where it appears

• PLC-to-remote I/O
• PLC-to-drives
• controller-to-controller communications
• integration of distributed devices in automation cells

Architectural implications

Profinet networks often benefit from:

• clear topology design (line/ring/star depending on redundancy needs)
• careful switch selection and configuration
• disciplined segmentation so high-priority control traffic doesn’t compete with non-critical traffic

---

EtherNet/IP (CIP): A Major Player in North American Manufacturing

What it is

EtherNet/IP is an industrial protocol suite built on the Common Industrial Protocol (CIP) and standard Ethernet. It’s widely used in Rockwell/Allen-Bradley ecosystems and beyond.

Where it appears

• PLC-to-I/O
• PLC-to-drives and motion systems
• cell-level networks in discrete manufacturing
• SCADA integration via gateways or native drivers

Architectural implications

Because EtherNet/IP is widely deployed, you commonly see:

• flat cell networks that grew organically
• devices with “it just works” configurations that lack documentation
• performance issues when broadcast/multicast traffic is not managed

Good architecture includes traffic engineering, segmentation, and validated change control.

---

Profibus, HART, and Fieldbus: Instrumentation and Legacy Connectivity

Profibus (DP/PA)

• DP often used for decentralized peripherals and factory automation
• PA used in process automation with intrinsically safe applications

HART

HART is common for smart instruments; it often rides on top of 4–20 mA wiring. HART is valuable for:

• device diagnostics
• calibration and configuration
• asset management systems

FOUNDATION Fieldbus

Common in process industries, where function blocks may be distributed into field devices, not only controllers.

Architectural lesson: instrumentation layers often persist through multiple generations of controller upgrades. Your ICS architecture must respect that lifecycle reality.

---

Putting It Together: Typical ICS Architectures by Industry

Different industries converge on different “standard” patterns.

1) Discrete Manufacturing (Automotive, Packaging, Electronics)

Typical pattern:

• PLCs at machine/cell level
• HMI panels at each machine
• SCADA or line monitoring for overall view
• historian for downtime/quality data
• MES integration for traceability

Network tendency:

• many VLANs/cells (or unfortunately, a flat line network)
• EtherNet/IP and Profinet are common
• OPC UA used as a unifying layer

2) Water/Wastewater and Distributed Utilities

Typical pattern:

• RTUs/PLCs at remote stations
• central SCADA master
• DNP3 and/or Modbus for telemetry
• radio/cellular links for connectivity
• historian and alarm dispatching

Network tendency:

• wide-area architecture with many remote edges
• strong need for remote access discipline and event-driven alarming

3) Continuous Process (Chemicals, Refining, Power)

Typical pattern:

• DCS as primary control platform
• SIS for safety functions
• dedicated operator consoles
• integrated historian and alarm/event systems
• advanced process control (APC) and optimization layers

Network tendency:

• redundant networks and controllers
• strict segmentation between control, safety, and business systems

---

SCADA Architecture Deep Dive: Servers, Clients, and Tag Models

A modern SCADA architecture usually includes:

SCADA server roles

• I/O servers / communication servers: talk to PLCs/RTUs via native drivers or OPC
• Alarm server: manages alarm states, acknowledgments, notifications
• Historian interface: forwards data to historian
• Application server: scripts, logic, calculations, derived tags
• Redundancy/failover nodes: hot-standby or active-active setups (vendor-specific)

SCADA clients

• operator workstations
• thin clients/web HMIs (increasingly common)
• engineering/configuration clients

Tag architecture

SCADA tags typically include:

• raw I/O tags (direct from PLC)
• calculated/derived tags
• alarm tags and event tags
• quality/status bits (good/bad/uncertain)
• scaling and engineering units

Common design pitfall: uncontrolled tag growth. Mature architectures define tag standards, naming, and ownership.

---

DCS Architecture Deep Dive: Integrated Control at Scale

A DCS is often selected when you need:

• consistent engineering at plant scale
• built-in redundancy and lifecycle support
• high-density analog control
• tight integration of alarms, historian, and operator experience

Typical DCS components

• process controllers (redundant pairs in many deployments)
• I/O subsystems (remote I/O marshalling, field wiring cabinets)
• operator stations (console HMIs)
• engineering workstation
• servers for alarms/events, history, and domain services (depending on vendor)

Why DCS feels “different” from PLC + SCADA

PLC + SCADA can equal a DCS in capability for some plants, but DCS platforms emphasize:

• uniformity of configuration and libraries
• redundancy and failover consistency
• integrated alarm philosophy tooling
• strong vendor support models

---

PLC Architecture Deep Dive: Racks, I/O, Remote I/O, and Determinism

PLCs are typically designed around:

• CPU/controller module
• I/O modules (digital input/output, analog input/output, specialty)
• communications modules (Ethernet, serial, fieldbus)
• remote I/O drops close to equipment (to reduce wiring)

Control cycle and scan time (why architecture matters)

PLCs run a cyclic scan:

1. read inputs
2. execute logic
3. write outputs
4. communications and housekeeping

This is why:

• network congestion can impact perceived performance
• adding heavy communications tasks into the control program can create jitter
• segmentation and traffic engineering are not “just security”—they’re reliability design

---

Where the Historian Fits (And Why It’s a Big Deal)

A historian is the system of record for process time-series data.

What historians typically store

• analog values and discrete states (with timestamps)
• alarms and events
• batch events (start/stop, phase transitions)
• sometimes calculated KPIs

Why historians matter in ICS architecture

• They decouple OT operations from IT analytics (especially with replication)
• They enable root cause analysis (RCA), quality investigations, and compliance
• They reduce load on controllers (SCADA doesn’t need to poll everything at high rates forever)

Architectural best practice

Use a tiered approach:

• historian in OT (Level 3)
• replica or broker in DMZ (Level 3.5)
• consumer access in IT (Level 4)

This reduces direct IT-to-OT connectivity requirements.

---

Industrial Protocol Selection: How Engineers Decide (In Practice)

Protocol choice is rarely “pick the best protocol.” It’s usually a combination of:

• installed base (what’s already there)
• vendor ecosystem (Siemens vs Rockwell vs Schneider vs ABB, etc.)
• real-time requirements
• tooling and workforce skill
• integration requirements (MES, analytics, enterprise reporting)
• distance and topology (remote telemetry vs local cell control)
• lifecycle (how easy it is to maintain for 15–25 years)

A practical rule of thumb

• Use real-time industrial Ethernet protocols (Profinet, EtherNet/IP) for controller-to-I/O and motion/control where timing matters.
• Use OPC UA for system-to-system interoperability and “northbound” data movement.
• Use Modbus for simple device integration and legacy support, with gateways where needed.
• Use DNP3 (and similar telecontrol standards) for distributed utility telemetry and remote site control.

---

Common ICS Architecture Patterns (And When to Use Them)

Pattern 1: PLC + Local HMI (Machine Control)

Use when: a single machine or skid needs local operation.
Pros: simple, robust, minimal infrastructure.
Cons: limited centralized visibility; scaling across a plant becomes messy.

Pattern 2: PLCs + SCADA (Plant-wide Supervisory Control)

Use when: many machines/areas need centralized monitoring and alarm management.
Pros: scalable operations, centralized data, consistent operator experience.
Cons: requires disciplined tag management, redundancy planning.

Pattern 3: DCS + SIS + Historian (Continuous Process)

Use when: large continuous processes with high availability requirements.
Pros: integrated engineering, redundancy, lifecycle support.
Cons: vendor lock-in concerns, higher upfront cost.

Pattern 4: Hybrid Plant (DCS for process + PLC islands for packages)

Use when: a process plant includes packaged units (compressors, skids, water treatment, material handling).
Pros: best tool for each subsystem.
Cons: integration complexity; protocol gateways and alarm philosophy alignment needed.

---

ICS Architecture Pitfalls (That Cause Outages and Integration Pain)

Pitfall 1: Flat networks “because it works”

Flat networks increase broadcast storms, troubleshooting time, and blast radius.

Pitfall 2: Treating industrial protocols like normal IT application traffic

Industrial traffic has different characteristics (cyclic I/O, multicast, strict timing). Generic firewalling without an OT-aware design can break operations.

Pitfall 3: No naming standards for tags and alarms

Poor tag naming causes:

• operator confusion
• reporting mismatches
• longer incident response time
• expensive integration rework

Pitfall 4: No time synchronization strategy

Time drift breaks:

• historian data alignment
• event correlation
• sequence-of-events analysis (SOE)

Use a consistent time architecture (NTP/PTP as appropriate) and define which layers are authoritative.

Pitfall 5: “Temporary” protocol gateways that become permanent

Gateways are useful, but they create:

• hidden single points of failure
• undocumented mappings
• security and troubleshooting blind spots

If you must use gateways, standardize them and document mapping ownership.

---

A Modern ICS Architecture Checklist (Design Review)

Use this as a design review guide when building or modernizing an ICS.

1) Control and supervision

•  Controllers selected based on process type (discrete vs continuous vs remote telemetry)
•  Clear division between control logic (PLC/DCS) and supervisory functions (SCADA)
•  Redundancy requirements documented (controller, network, servers, power)

2) Network and segmentation

•  Defined cell/area zones with clear boundaries
•  OT services (historian, backup, patch staging) placed intentionally (often Level 3)
•  Industrial DMZ included for any IT integration
•  Latency-sensitive traffic engineered (QoS, topology, switch specs)

3) Protocols and interoperability

•  Protocol selection aligned to timing and lifecycle requirements
•  “Northbound” data strategy defined (OPC UA, historian replication, APIs)
•  Register maps/device profiles documented and version-controlled

4) Data and historian

•  Tag naming and ownership standards defined
•  Sampling rates and deadbands engineered to avoid overload
•  Alarm philosophy documented (priorities, shelving, rationalization plan)

5) Operations and maintainability

•  Engineering workstation strategy defined (who programs what, where, how changes are approved)
•  Backup and restoration procedures tested (not just written)
•  Time sync architecture implemented across layers

FAQ

What is the difference between SCADA and DCS?

SCADA is a supervisory system used to monitor and control distributed controllers and remote sites, focusing on centralized visibility, alarms, and data acquisition. A DCS is an integrated control platform designed for continuous process control with unified engineering, deep redundancy, and plant-wide control strategy management.

What does a PLC do in an ICS?

A PLC reads inputs from sensors, executes control logic (such as interlocks, sequencing, and PID control), and writes outputs to actuators like motors and valves. PLCs are optimized for reliable, deterministic control in industrial environments.

What protocols are most common in ICS networks?

Common ICS protocols include Modbus (RTU/TCP), DNP3 (utilities and remote telemetry), OPC UA (modern interoperability), Profinet and EtherNet/IP (industrial Ethernet control), and fieldbus/instrument protocols like Profibus, HART, and FOUNDATION Fieldbus.

Where does an industrial historian fit in ICS architecture?

Historians typically sit in the OT site operations layer (often aligned to Purdue Level 3). They collect time-series tag data from controllers/SCADA and provide trends, reporting, and data replication to IT through an industrial DMZ.

What is the Purdue model in ICS?

The Purdue model is a layered framework that describes typical segmentation of industrial systems, from physical process (Level 0) up to enterprise IT (Level 4/5). It helps teams plan where controllers, SCADA, historians, and integration services should reside.

---

Glossary (Quick Definitions)

• ICS: Industrial Control System; the full ecosystem that monitors/controls industrial processes
• OT: Operational Technology; systems that interact with the physical world
• PLC: Programmable Logic Controller; real-time industrial controller
• DCS: Distributed Control System; integrated platform for continuous process control
• SCADA: Supervisory Control and Data Acquisition; centralized monitoring and supervisory control
• HMI: Human-Machine Interface; operator screens
• RTU: Remote Terminal Unit; controller for remote telemetry sites
• Historian: time-series database for process values and events
• Tag: named variable representing a process value/state
• Fieldbus: network used for instrumentation and I/O (e.g., Profibus PA, FOUNDATION Fieldbus)
• Industrial DMZ: boundary zone used to broker data between IT and OT

Conclusion: ICS Architecture Is a System, Not a Product

ICS architecture is the discipline of designing how controllers (PLC/DCS/RTU), supervisory systems (SCADA/HMI), data platforms (historians), and industrial protocols work together to control a physical process safely and reliably.

1. PLCs and DCS controllers run the process; SCADA supervises it.
2. Industrial protocols are chosen for determinism and compatibility—architecture must account for that.
3. A good ICS architecture is defined by data flows, boundaries, and lifecycle maintainability—not just device lists.