Operators and engineers working with industrial control systems often lack specific cybersecurity awareness and skills relevant to Purdue Model Level 0 devices, which include basic field instruments such as sensors and actuators that lack native security capabilities. Standard cybersecurity training typically focuses on IT-centric concepts and higher OT layers, leaving a gap in understanding how manipulation or failure of Level 0 inputs can directly affect process integrity, safety, and operational outcomes. Without tailored training, personnel may underestimate the significance of seemingly trivial physical or protocol anomalies, increasing the likelihood that malicious activity at the device level goes undetected until it propagates into more visible consequences upstream.

Addressing this gap requires education that bridges basic instrumentation principles with practical cybersecurity considerations, such as recognizing tampering indicators, understanding the consequences of insecure configurations, and collaborating across engineering and security teams to validate assumptions about data trustworthiness. Training tailored to Level 0 contexts enables field technicians, control engineers, and OT practitioners to make informed decisions that reduce systemic risk, support accurate incident analysis, and strengthen overall resilience of industrial environments where traditional IT security measures cannot be applied directly.

‍

Source: http://scadamag.infracritical.com/index.php/2025/12/11/the-need-for-appropriate-purdue-reference-model-level-0-cybersecurity-training/