OT Cybersecurity Glossary
Understand the terminology associated with OT cybersecurity and its sub-disciplines using our online glossary
a
- Access Control List (ACL) - A method used to filter accessibility to a resource such as a PLC on a network segment.
- Active Directory - The Microsoft application providing Lightweight Directory Access Protocol access management services.
- Application Allow-listing - Application allow lists are designed to prevent the execution of unauthorized and malicious programs. The intention that only specifically selected programs (EXEs) and software libraries (DLLs) may run, while no others are allowed to execute.
- ARP Poisoning - The ARP protocol is used to resolve IPv4 addresses to link layer addresses, such as a media access control (MAC) address. An adversary may passively wait for an ARP request to poison the requestor’s ARP cache. The adversary may reply with their MAC address, thus deceiving the victim by making them believe that they are …
- Attack - As it relates to cybersecurity, an attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.
- Authentication, Authorization and Accounting (AAA) - “Triple a”. A method for access management to assure a user can prove their identity, is allowed to access a resource and is the user access is tracked and measured.
c
- Cleartext - Information that is not encrypted
- Common Industrial Protocol™ (CIP) - A suite of messages and services used by OT devices for control, safety, configuration and information. CIP is owned by the ODVA (Open Device Vendors Association) comprised of the device vendors implementing the protocol.
- Cybersecurity & Infrastructure Security Agency (CISA) - An agency of the Department of Homeland Security created to improve cybersecurity across all levels of government, coordinate cybersecurity programs with U.S. states, and improve the government’s cybersecurity protections against private and nation-state hackers.
- Cybersecurity Framework (CSF) - A recommended framework developed by the National Institute of Standards anf Technology to organize cybersecurity activities into five basic functions including Identify, Protect, Detect, Respond and Recover.
d
- Data diode - A network appliance or device allowing data to travel only in one direction. Also referred to as a unidirectional gateway, deterministic one-way boundary device or unidirectional network.
- Data Historian - A centralized database supporting data analysis using statistical process control techniques. Another vulnerable surface requiring appropriate privilege access.
- Deep Packet Inspection (DPI) - Packet sniffing; a method that examines content of data packets including the header data and content to identify threats.
- Defense-in-depth - A broad strategy combining people, technology, and operations capabilities to prevent single points of failure in the cybersecurity defenses and assumes no single origin of threats. Cybersecurity controls are layered to protect critical system and system components.
- Demilitarized Zone (DMZ) - The network segment separating the Corporate Enterprise Zone and the Manufacturing/Process Zones. The DMZ must be secured with firewalls to protect access from the untrusted enterprise network into the Manufacturing/Process Zones.
- Denial of Service - The prevention of authorized access to a system resource or the delaying of system operations and functions.
- Dynamic Host Configuration Protocol (DHCP) - A mechanism for dynamic device IP assignments.
e
- Engineering Workstation (EWS) - A computer used to develop and support the process control applications. Workstations represent point access for launching cyber attacks.
f
- Firewall (FW) - A network device which monitors inbound and outbound traffic. The firewall is configured to block data packets defined by the security rules.
i
- Industrial Control System (ICS) - The sensors, controllers, servers, workstations and networking devices which support the ability to produce a product or service.
- Industrial Control Systems Secure by Design (ICSSbD™) - Mangan’s Cybersecurity business guide, process, and cybersecurity management lifecycle incorporated into OT cyber resiliency from initial planning, and preparation through to systems retirement.
- Information Technology (IT) - The hardware and software components used to manage the production of a service or product
- Intrusion Detection System (IDS) - A network device which monitors network traffic for anomalous or signature-based data packets correlating to a known threat.
- Intrusion Prevention System (IPS) - A security appliance which attempts to identify malicious traffic and proactively blocks it from entering their network.
- ISA-62443 - Instrument Society of America Standard for Security of Industrial Automation and Control Systems. A series of standards and technical reports for securing control systems.
l
- Least Privilege - Assign minimum necessary rights to a subject that requests access to a resource, minimize allowable access time relinquish privileges. Granting user permissions beyond necessary rights of an action can allow that user to obtain or change information in unwanted ways. Careful delegation of access rights can limit attackers from damaging a system.
m
- Man in the Middle (MITM) - Adversaries with privileged network access that seek to modify network traffic in real time using man-in-the-middle (MITM) attacks. This type of attack allows the adversary to intercept traffic to and/or from a particular device on the network. The adversary might block, log, modify, or inject traffic into the communication stream. Address Resolution Protocol (ARP) poisoning and …
- Mean Time to Recovery (MTTR) - A relative ranking of the effort to recover an asset after an incident.
- Mitre Att&ck® - A knowledge base of threats, countermeasure controls and attackers known to be IT and OT domains. Adversarial Tactics, Techniques, and Common Knowledge (Att&ck) is used by Mangan Cybersecurity ICSSbD™ to understand how cyber attackers pose threats to the client’s assets and how to manage the risk of those threats.
- Multi-Factor Authentication (MFA) - An authentication method requiring the user to provide two or more credentials to gain access to a resource.
n
- National Institute of Science and Technology (NIST) - A agency of the United States government with its primary mission to promote innovation, equitable standards and quality of life.
o
- Operations Technology (OT) - The hardware and software components which make-up the Industrial Control Systems.
- Operator Workstation (OWS) - A computer used by the control room operators to interact with the process control applications. Workstations represent point access for launching cyber attacks.
p
- Penetration Testing (AKA Pen-test) - A series of technical assessments targeting network devices and security controls to identify network flaws due to open ports, insufficient rules, unfettered data ingress and egress and other uncontrolled configurations.
- Phishing - Tricking individuals to disclose sensitive personal information by claiming to be a trustworthy entity.
- Port Scanning - Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).
r
- Remote Access Trojan (RAT) - Programs that provide the capability to allow covert surveillance or the ability to gain unauthorized access to a victim PC or controller.
- Remote Terminal Session - Ability to access a network architecture. More common references are RDP for Microsoft’s Remote Desktop Protocol and VNC for Virtual Network Computing.
s
- Secure Socket Layer (SSL) - Encryption technology for secure transactions.
- Security Information and Event Management (SIEM) - Network monitoring technology capable of collecting log data and combining network inspection to detect threats and recommend actions.
- Subnet - Networks segmented in order to provide multilevel, hierarchical routing structure and shielding the subnetwork unnecessary network traffic.
v
- Virtual Local Area Network (VLAN) - Group of devices configured in order to communicate as if they were attached to the physical connection while being located on different network segments.
- Virtual Private Network (VPN) - A method to allow secure internet traffic over a public network by encrypting that traffic exchanged by the two connected networks. A VPN uses “tunneling” to encrypt all information at the Internet Protocol level.
w
- Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively
z
- Zero Trust - A cybersecurity strategy based on protecting resources bound by the premise that authorization decisions are made closer to the resource being requested and are continuously evaluated rather than implicitly granted.
MANGAN CYBERSECURITY
ALWAYS ON GUARD
Our team of experts can engage in an effective way to help you understand how mature your OT cybersecurity posture is and how the IT-OT networks are connected. Our unique approach to cybersecurity risks always integrated with business continuity in mind, helps to protect your most valuable assets. Leveraging our ICSSbDTM Evaluation Toolkit, a comprehensive cybersecurity assessment can be completed in matter of few days or weeks, allowing for quick feedback, remediation, or response if necessary.
