IIA Industrial Independence Alliance

Industrial Independence Alliance

Industrial
self-sufficiency.

Industrial Independence Architecture is an architectural pattern. Operate independently. Depend on nothing external. If external consumers exist, serve them safely and on your own terms.

New to industrial automation, ICS, or operational technology? Start here →

§ Five pillars

  1. I · observation

    The Field.

    Where operations works. Specific kinds of places, specific kinds of people, specific kinds of failures - the lived ground the architecture is shaped by.

    Read ->
  2. II · observation

    The Problem.

    What stands in the way. The market, IT, and the field's own gatekeepers. Closed stacks, compliance optics, and knowledge that never gets passed on.

    Read ->
  3. III · position

    Our Claim.

    What operations is owed. What must be owned, taken back, formalized. SLAs that match production. Contracts with IT. Separation as architecture, not policy.

    Read ->
  1. IV · position

    Our Philosophy.

    Process control reasoning, applied to information, connectivity, and services. Five principles. Three hard constraints.

    • SRP Triad · after Robert Radvanovsky / Infracritical
    • PERA+ alignment · Gary Rathwell / Entercon
    Read ->
  2. V · artifact

    The Architecture.

    Industrial Independence Architecture (IIA). Operate independently. Depend on nothing external. Serve external consumers safely, on your own terms. The same pattern at every zone, regardless of scope.

    • Five principles · three hard constraints
    • Software or hardware enforcement
    • PERA+ · IEC 62443 · ISA-95
    Read ->

§ The fractal

Same pattern at every zone of an industrial network - cell, line, area, plant, region, corporate. Each zone operates independently, shares what it chooses to share safely, and depends on nothing external. Inside: whatever the operator inherited, at any security level. Only the scope changes.

The Fractal - a box at the head of every zone, the secure edge gateway Two-pane diagram. Left pane shows the internal anatomy of one secure edge gateway: inbound, internal DMZ, outbound, and management partitions, with a local lake - the decentralized historian - as source of truth. Right pane shows the deployment rule: every zone has a gateway at its head. Inside the zone are pools of data (process, device telemetry, network, asset inventory, event streams, topology) fed by the gateway's active poll. Devices contributing to those pools can be any security level; the security boundary lives at the gateway, not at every device. The gateway publishes information governed by CIA outbound through a secure conduit (with a hardware data diode in the SL4 ideal realization) to whatever the zone's consumers are. The gateway is identical at every zone; the operator defines what counts as a zone. The Fractal the unit is the same · scope varies · a gateway at the head of every zone The Unit · anatomy identical at every scope INBOUND · ACS-facing active poll · classify whatever the operator needs on the ACS side INTERNAL DMZ in-flight bus · transient no durable state here OUTBOUND · IT-facing secure publish · structured query API the only external access into the zone MANAGEMENT local ops UI · signed-artifact ingress only LOCAL LAKE · HISTORIAN source of truth on the box · decentralized historian The Deployment · where a box at the head of every zone · the secure edge gateway CONSUMERS internet · plant · partner · regulator · whoever secure conduit SL4: hw diode, one-way box secure edge gateway poll · historian · publish ACS data (SRP) active poll ZONE · OPERATOR-DEFINED production · plant · site · corp · any boundary POOLS OF DATA process data device telemetry network data asset inventory event streams topology any SL device contributes · gateway is the security boundary active poll feeds every pool into the historian FRACTAL same pattern at every zone · operator decides what counts as a zone
The Fractal - a secure edge gateway at the head of every zone. Inside the zone are pools of data fed by the gateway's active poll; devices contributing can be any security level. The gateway publishes information securely outbound through a conduit (with a hardware data diode in the SL4 ideal realization) to whatever the zone's consumers are. The gateway is identical at every zone; the operator defines what counts as a zone.

§ Reference implementations

What the principles look like in shipped software. Independent products, built on IIA.

MarlinSpike

The modern GrassMarlin.

The maintained, multi-user successor to NSA’s GrassMarlin (EOL 2017). Open-source passive control-system topology workbench. Captures in, zero packets out.

grassmarlin.com →

Conversational Factory

A factory you can talk to.

Read-only control-system platform. Passive observation across many industrial protocols, local historian, i3X v1 · MCP query surface for operators and AI clients. Every answer bound to an append-only audit chain.

conversationalfactory.com →

The point

Whoever controls the automation infrastructure controls the plant. If it isn't you, it's someone else.