This document provides a high-level reference architecture for OT and IoT device security in Industrial Control Systems (ICS) using Palo Alto Networks’ Next-generation firewalls, the Cortex Data Lake, and IoT Security Service.