How energy utilities and industrial operators deploy AI in operational technology environments while maintaining SCADA security, meeting NERC CIP requirements, and protecting critical infrastructure.
Operational Technology (OT) networks that control industrial processes — power generation, transmission, water treatment, oil and gas pipelines, manufacturing facilities — exist in a fundamentally different environment than IT networks. They are designed for reliability, safety, and continuous operation above all else. Connectivity was minimal by design. Systems were air-gapped, protocols were proprietary, and security through obscurity reigned.
That era is over. Digital transformation initiatives have connected OT networks to corporate IT networks to enable data analytics, remote monitoring, and predictive maintenance. But this IT/OT convergence has expanded the attack surface dramatically. High-profile incidents like Stuxnet, Colonial Pipeline, and Ukraine grid attacks demonstrated that OT networks can be compromised from network perimeters, third-party vendor connections, and even air gaps bridged by insider threat or supply chain compromise.
Now organizations want to deploy AI in these OT environments — for predictive maintenance, anomaly detection, process optimization, and automation. But AI introduces new challenges:
Success requires a security architecture that enables AI capabilities while preserving the isolation, reliability, and safety that OT systems demand.
The Purdue Reference Model for Control Hierarchy provides the foundation for OT network segmentation. Understanding these layers is essential for designing secure AI deployments.
| Purdue Level | Network Zone Description | AI Feasibility |
|---|---|---|
| Level 0: Physical Process | Sensors, actuators, and physical machinery. No digital networking capability in most cases. | Not applicable. AI cannot operate at the physical layer directly. |
| Level 1: Basic Control | PLCs, DDC controllers, RTUs, field devices. Real-time control loop execution. | Riskiest zone for AI. Direct connection risks control disruption. Only highly vetted, offline analysis tools acceptable. |
| Level 2: Area Supervisory | HMI, SCADA servers, local data historians. Aggregates and displays data from Level 1. | Primary zone for AI deployment. Can collect data from Level 1 without direct controller access. |
| Level 3: Operations | MES, production scheduling, quality management. Enterprise-level visibility across multiple areas. | Favorable for AI. Historical data aggregation, cross-area analytics, machine learning models trained on operational data. |
| Level 4: Enterprise | ERP, business systems, corporate IT network. Financial and business planning. | Standard IT environment. Can host enterprise AI systems. Data flows from lower levels via DMZ. |
Supervisory Control and Data Acquisition (SCADA) systems form the backbone of many industrial operations. Protecting these systems while enabling AI capabilities requires careful architectural choices.
For the most critical OT environments, air-gapped deployment — complete network disconnection from IT and the internet — is mandatory. This section outlines safe patterns for deploying AI in air-gapped environments.
| Data Transfer Method | Description | Security Controls Required |
|---|---|---|
| Secure import appliance | Dedicated device that connects briefly to IT network, receives approved data, then disconnects completely before being transferred to air-gapped environment. | One-way data diodes preferred. Scan imported data for malware. Encrypt transport. Log all import events. |
| Manual media transfer | Write data to certified media (USB drives, optical discs) in IT zone, physically transport to air-gapped zone after scanning. | Clean-room procedure. Anti-malware scan. Media integrity verification. Dual-person handling protocol. |
| Model transfer only | Train models on IT-side data, export weights/models only (never training data), transfer model to air-gapped inference engine. | Verify model binary. Signature verification. Separate transfer channel from data. |
| Gap bridge appliances | Specialized hardware that permits data transfer under strict policy without allowing bidirectional communication. | Firmware integrity checks. Audit logging. Policy enforcement. Regular security assessments. |
For North American electric transmission and bulk electric systems, the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards impose strict cybersecurity requirements. AI systems that touch BES Cyber Systems fall under CIP jurisdiction.
| CIP Standard | Requirement | AI Relevance |
|---|---|---|
| CIP-002-6: Cyber Security Standards | Identification and classification of BES Cyber Assets, Electronic Security Perimeters (ESPs). | Determine whether AI systems connect to or receive data from BES Cyber Assets. Classify AI as separate ESP or within existing ESP. |
| CIP-003-6: Security Management Controls | Documented security policies, procedures, and configurations. Role-based access control. | Include AI systems in security policies. Document access controls for AI platforms. Configure role-based permissions. |
| CIP-004-6: Personnel Training | Security awareness training for all personnel with authorized access. | Include AI-specific training: proper usage, data handling, incident reporting for AI-related security concerns. |
| CIP-005-6: Electronic Security Perimeters | Defined boundaries for cyber assets. Configuration standards. Unauthorized communication blocking. | Define ESP boundary for AI system. Ensure no unauthorized outbound connections from AI infrastructure. |
| CIP-007-6: System Security Management | Configuration management, vulnerability assessment, patch management. | Configure AI software securely. Apply security patches to AI platform components. Conduct vulnerability scans of AI infrastructure. |
| CIP-008-7: Incident Reporting | Reporting requirements for security incidents affecting BES Cyber Systems. | Include AI-generated alerts and anomalies in incident detection program. Establish escalation procedures for suspected breaches. |
| CIP-009-6: Recovery Plans | Backup and recovery procedures to restore functions after disruption. | Include AI training data, models, and configurations in backup strategy. Plan for AI system restoration within recovery time objectives. |
| CIP-010-5: Configuration Change Management | Procedures for evaluating, approving, testing, and implementing configuration changes. | Model retraining, weight updates, and software changes constitute configuration changes requiring formal change control. |
| CIP-011-6: Information Sharing | Information sharing about vulnerabilities and threats. | Share threat intelligence about AI-specific attacks (adversarial examples, data poisoning) with E-ISAC and peers. |
| CIP-012-6: Supply Chain Risk | Assessment and mitigation of supply chain risks associated with purchased products/services. | Assess AI vendors for supply chain risk. Understand component provenance. Evaluate open-source AI library risks. |
This section outlines a practical network segmentation architecture that enables AI deployment while maintaining OT security posture.
| From Zone | To Zone | Allowed Protocols | Controls Required |
|---|---|---|---|
| Zone A (Production OT) | Zone B (Monitoring) | Industrial protocols (read-only): Modbus TCP, DNP3 SEC | Firewall whitelist. Deep packet inspection. Anomaly detection. |
| Zone B (Monitoring) | Zone C (AI Platform) | TCP/IP: PostgreSQL, TimescaleDB, SFTP | VLAN segmentation. Encrypted transport. Time-windowed data transfer. |
| Zone C (AI Platform) | Zone B (Monitoring) | None — strictly unidirectional (OT → AI) | Physical or logical air gap. One-way data diode where feasible. |
| Zone C (AI Platform) | Zone E (Corporate IT) | TCP/IP: HTTPS (for results export only) | DMZ buffer. Outbound firewall rules. Data sanitization before export. |
| Zone E (Corporate IT) | Zone C (AI Platform) | None — no incoming from corporate to AI | Ingress filtering. Block all inbound connections. |
| Zone D (DMZ) | Zone B/C/E | As configured per specific service requirements | Strict allowlisting. Session recording. IDS/IPS coverage. |
Deploying AI in OT environments requires deep understanding of both AI capabilities and OT security requirements. Start with a thorough asset inventory, map your network topology against the Purdue Model, and build segmentation incrementally while maintaining operational continuity.
BPI helps energy utilities and industrial operators deploy AI safely within their OT environments. Our Privacy-First AI engagements include OT security expertise and NERC CIP compliance planning. Learn more about our energy and utilities AI services or AI infrastructure services. Book a consultation to discuss your specific OT security requirements.
Privacy-first AI for critical infrastructure. SCADA-compliant AI deployment, NERC CIP alignment, OT network segmentation.
Learn More →Infrastructure architecture designed for your security requirements including air-gapped and segmented deployments.
Explore Service →On-premise AI deployment that keeps your data exactly where it belongs — under your control.
Explore Service →Book a free 30-minute consultation. We'll discuss your current OT security posture, AI requirements, and how to segment your network for safe AI deployment. No pressure. No pitch deck.
Book a Free ConsultationNo commitment. No sales pitch. Just a conversation. We respond within 24 hours.