IIA Industrial Independence Alliance

Industrial Independence Alliance

Operational sovereignty
for industrial infrastructure.

Control systems act on physics, not on information. The Alliance publishes what follows from that distinction in five pillars: the field operations works in, the problem standing in its way, the claim we hold to, the philosophy we think with, and the architecture that operationalizes all four.

New to industrial automation, ICS, or operational technology? Start here →

§ Five pillars

Observation → observation → position → position → artifact. Read top to bottom; each pillar is the ground of the next.

  1. I · observation

    The Field.

    Where operations works. Specific kinds of places, specific kinds of people, specific kinds of failures — the lived ground the architecture is shaped by.

    Read →
  2. II · observation

    The Problem.

    What stands in the way. The market, IT, and the field's own gatekeepers. Closed stacks, security theater, knowledge hoarded by those who should be teaching.

    Read →
  3. III · position

    Our Claim.

    What operations is owed. What must be owned, taken back, formalized. SLAs that match production. Contracts with IT. Separation as architecture, not policy.

    Read →
  1. IV · position

    Our Philosophy.

    How we think about the substrate. SRP — Safety, Reliability, Performance — governs the ACS. Information is governed by CIA. Seven principles follow.

    • SRP Triad · after Robert Radvanovsky / Infracritical
    • PERA+ alignment · Gary Rathwell / Entercon
    Read →
  2. V · artifact

    The Architecture.

    Industrial Independence Architecture (IIA). One self-contained unit at every zone of an industrial network. Identical at every level. Scope is the only thing that changes.

    • Secure edge gateway · the fractal · data contracts
    • SL3 floor · SL4 via hardware diode
    • IEC 62443 · ISA-95 · CESMII i3X
    Read →

§ The fractal

A box at the head of every zone — the secure edge gateway. Inside is control system data; at the box it becomes information for consumers. Devices inside can be any security level. The same unit at every zone, regardless of scope.

The Fractal — a box at the head of every zone, the secure edge gateway Two-pane diagram. Left pane shows the internal anatomy of one secure edge gateway: inbound, internal DMZ, outbound, and management partitions, with a local lake — the decentralized historian — as source of truth. Right pane shows the deployment rule: every zone has a gateway at its head. Inside the zone are pools of data (process, device telemetry, network, asset inventory, event streams, topology) fed by the gateway's witness (passive) and active poll. Devices contributing to those pools can be any security level; the security boundary lives at the gateway, not at every device. The gateway publishes information governed by CIA outbound through a secure conduit (with a hardware data diode in the SL4 ideal realization) to whatever the zone's consumers are. The gateway is identical at every zone; the operator defines what counts as a zone. The Fractal the unit is the same · scope varies · a gateway at the head of every zone The Unit · anatomy identical at every scope INBOUND · ACS-facing witness (passive) · active poll · classify no IP TX · no external listeners INTERNAL DMZ in-flight bus · transient no durable state here OUTBOUND · IT-facing secure publish · structured query API the only external access into the zone MANAGEMENT local ops UI · signed-artifact ingress only LOCAL LAKE · HISTORIAN source of truth on the box · decentralized historian The Deployment · where a box at the head of every zone · the secure edge gateway CONSUMERS internet · plant · partner · regulator · whoever secure conduit SL4: hw diode, one-way box secure edge gateway witness · historian · publish ACS data (SRP) witness · active poll ZONE · OPERATOR-DEFINED production · plant · site · corp · any boundary POOLS OF DATA process data device telemetry network data asset inventory event streams topology any SL device contributes · gateway is the security boundary witness (passive) + active poll feed every pool into the historian FRACTAL same pattern at every zone · operator decides what counts as a zone
The Fractal — a secure edge gateway at the head of every zone. Inside the zone are pools of data fed by the gateway's witness (passive) and active poll; devices contributing can be any security level. The gateway publishes information securely outbound through a conduit (with a hardware data diode in the SL4 ideal realization) to whatever the zone's consumers are. The gateway is identical at every zone; the operator defines what counts as a zone.

§ Reference implementations

What the principles look like in shipped software. Independent products, built on IIA.

MarlinSpike

The modern GrassMarlin.

The maintained, multi-user successor to NSA’s GrassMarlin (EOL 2017). Open-source passive OT/ICS topology workbench. Captures in, zero packets out.

grassmarlin.com →

Conversational Factory

A factory you can talk to.

Read-only OT platform. Passive wire-witness DPI across 34 protocols, medallion data lake, i3X v1 · MCP query surface for operators and AI clients. Every answer bound to an append-only audit chain.

conversationalfactory.com →

Sovereignty bridges the two

Industrial independence is not a technology position. It is an operational sovereignty position. The entity that controls the automation infrastructure controls the operation.