Bridging The Gap: Why Level 0 Is The New Front Line Of Industrial Cybersecurity

For decades, industrial cybersecurity rested on an unspoken assumption: The physical layer was safe. At Level 0 of the Purdue Enterprise Reference Architecture (PERA)—the domain of sensors, actuators and the physical process itself—security was never engineered because it didn’t need to be. Signals were analog. Access was local. Attacks required physical presence and specialized equipment. That assumption is now dangerously outdated. Level 0 is no longer purely analog. Sensors and actuators are increasingly digital, software-driven, remotely managed and connected—directly or indirectly—to enterprise and cloud systems. Yet in many environments, these devices still generate unauthenticated signals that directly drive physical outcomes. We have digitized the foundation of industrial systems without securing it.