Open Systems Interconnection (OSI) vs Department of Defense (DoD) (TCP/IP) Models - with Operational Technology (OT) & Information Technology (IT) Protocols
A strong cybersecurity strategy begins with understanding how data and control signals move through your industrial network.
The Open Systems Interconnection (OSI) and Department of Defense (DoD) (TCP/IP) models provide a structured view of this communication flow, from the physical connections on the plant floor to secure, application-level data exchange with enterprise and cloud systems.
In operational technology (OT) environments, these layers are populated by protocols such as Modbus, DNP3, PROFINET, EtherNet/IP, and OPC UA, which coexist with traditional information technology (IT) standards like TCP/IP, HTTPS and Ethernet.
Mapping these protocols to their respective network layers helps identify where cybersecurity risks and vulnerabilities may arise, and where defenses such as network segmentation, encryption, and access control should be applied.
The table below provides an overview of how OT and IT protocols align across the OSI and DoD models, helping you understand which layers are most relevant for securing and hardening systems that host or integrate our products:
| OSI Layer (Theoretical 7-Layer Model) | DoD Layer (Practical 4-Layer Model) | Function / Role | Common OT Protocols / Examples | Common IT Protocols / Examples | Type of Data Unit |
|---|---|---|---|---|---|
|
Application |
Application
|
Interface for user and industrial control applications. Defines data exchange and network services |
Modbus, DNP3, IEC 60870-5-104, IEC 61850 MMS, OPC UA, BACnet, PROFINET, EtherNet/IP (CIP), MQTT (IIoT) |
HTTP, HTTPS, FTP/SFTP, SMTP/SMTPS, SNMP, DNS, SSH, Telnet |
Data / Message |
|
Presentation |
Data formatting, serialization, compression, and encryption representation |
OPC UA (Binary/XML/JSON encoding), IEC 61850 (ASN.1), MQTT payload formatting |
TLS/SSL (encryption), MIME, JSON, XML, ASCII |
Data |
|
|
Session |
Establishes, maintains, and terminates communication sessions. |
OPC UA Secure Channel, MQTT persistent sessions |
NetBIOS, RPC, gRPC, WebSockets |
Data |
|
|
Transport |
Transport |
End-to-end data delivery, error recovery, and flow control. |
TCP (Modbus/TCP, DNP3/TCP, PROFINET non-RT services), UDP (EtherNet/IP implicit I/O) |
TCP, UDP |
Segments (TCP) / Datagrams (UDP) |
|
Network |
Internet |
Logical addressing, routing, and packet forwarding. |
IPv4, IPv6 (for Ethernet-based OT systems) |
IPv4, IPv6, ICMP, IPsec, OSPF, BGP |
Packets |
|
Data Link |
Network Access (Link)
|
MAC addressing, framing, and local network error detection |
Ethernet (IEEE 802.3), PROFINET RT, EtherCAT, Modbus RTU (serial framing), ControlNet, DeviceNet |
Ethernet (IEEE 802.3), Wi-Fi (802.11), VLAN (802.1Q), PPP |
Frames |
|
Physical |
Physical transmission, for example, cables, signals, voltages and radio |
RS-232, RS-485, Copper Ethernet, Fiber Optic, WirelessHART, ISA100 |
Twisted-pair copper with RJ45 connector, DSL, Fiber Optic |
Bits |
Last update - February 2026