Platform Overview
The First Watch® platform is purpose-built to protect industrial control systems from unauthorised changes.
Unlike traditional solutions focused on monitoring, First Watch provides active enforcement of what is allowed to happen across industrial environments.
Designed for Industrial Control Environments
The platform is specifically designed to operate within the Purdue Enterprise Reference Architecture (CPwE) used in modern industrial systems.
First Watch focuses primarily on protecting:
Level 1 – Basic Control
- PLCs (Programmable Logic Controllers)
- RTUs (Remote Terminal Units)
- Drives and motion controllers
- Safety controllers
Level 2 – Area Supervisory Control
- SCADA / HMI systems
- Operator workstations
- Engineering workstations
- Local control applications (e.g. FactoryTalk clients)
These levels represent:
where control decisions are executed and where unauthorised changes have immediate operational impact
Extended Coverage (Optional)
While the primary focus is Level 1 and Level 2, the platform can also monitor and protect:
Level 3 – Site Operations
- SCADA servers (e.g. FactoryTalk Application Server)
- Domain controllers (e.g. Microsoft Active Directory)
- Application servers and data historians
Level 0 – Process Layer
- Smart sensors and field devices
- Industrial I/O systems
- Serial communication links
This capability is enabled based on customer requirements and operational context.
Flexible and Extensible by Design
The platform is designed for real industrial variability.
- Supports multiple industrial protocols and communication models
- Adapts to site-specific architectures and constraints
- Extends beyond standard capabilities when required
If a capability is not available out-of-the-box, it can be:
rapidly developed and integrated using the First Watch SDK
This ensures the platform remains aligned with:
- unique plant configurations
- legacy systems
- specialised industrial requirements
Built on ISA/IEC 62443 Principles
The platform is designed in alignment with ISA/IEC 62443, the leading standard for industrial cybersecurity.
This ensures:
- Segmentation and zone-based protection
- Controlled access and enforcement of allowed actions
- Secure lifecycle management of systems
- Auditability and traceability of changes
These principles are critical for:
- regulatory compliance
- risk management
- safe operation of industrial environments
Compliance is not an add-on — it is embedded into how the platform operates
Alignment with NIST Cybersecurity Framework (CSF)
The platform supports key functions of the NIST Cybersecurity Framework (CSF):
- Identify — Asset discovery and classification
- Protect — Enforcement of authorised actions
- Detect — Monitoring changes and anomalies
- Respond — Alerting and guided response
This alignment ensures the platform supports:
- structured cybersecurity programs
- governance and reporting
- operational resilience
Engineered for Control, Not Just Visibility
Traditional systems answer:
“What is happening?”
First Watch answers:
“What is allowed to happen?”
This shift from monitoring to control is essential in environments where:
- production continuity matters
- safety is critical
- change must be governed
Next Steps
Explore the conceptual foundations of the platform: