OT Cybersecurity Glossary

Understand the terminology associated with OT cybersecurity and its sub-disciplines using our online glossary

  • Access Control List (ACL) - A method used to filter accessibility to a resource such as a PLC on a network segment.
  • Active Directory - The Microsoft application providing Lightweight Directory Access Protocol access management services.
  • Application Allow-listing - Application allow lists are designed to prevent the execution of unauthorized and malicious programs. The intention that only specifically selected programs (EXEs) and software libraries (DLLs) may run, while no others are allowed to execute.
  • ARP Poisoning - The ARP protocol is used to resolve IPv4 addresses to link layer addresses, such as a media access control (MAC) address. An adversary may passively wait for an ARP request to poison the requestor’s ARP cache. The adversary may reply with their MAC address, thus deceiving the victim by making them believe that they are […]
  • Attack - As it relates to cybersecurity, an attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.
  • Authentication, Authorization and Accounting (AAA) - “Triple a”. A method for access management to assure a user can prove their identity, is allowed to access a resource and is the user access is tracked and measured.
  • Behavioral Analytics (BA) - Behavioral Analytics (BA) represents a cutting-edge approach in the cybersecurity landscape, leveraging data-driven algorithms and techniques to pinpoint anomalous patterns or behaviors within networked systems. But what does this mean, and why is it becoming increasingly pivotal in today’s digital age? At its core, BA is about understanding ‘normal’ behavior within a system. By continuously […]
  • Chain of Trust - In the vast and intricate world of digital security, the concept of a “Chain of Trust” stands out as a foundational principle. But what exactly is it, and why is it so crucial in safeguarding our digital assets and operations? The Chain of Trust can be visualized as a linked sequence, where each link represents […]
  • Cleartext - Information that is not encrypted
  • Common Industrial Protocol™ (CIP) - A suite of messages and services used by OT devices for control, safety, configuration and information. CIP is owned by the ODVA (Open Device Vendors Association) comprised of the device vendors implementing the protocol.
  • Cybersecurity & Infrastructure Security Agency (CISA) - An agency of the Department of Homeland Security created to improve cybersecurity across all levels of government, coordinate cybersecurity programs with U.S. states, and improve the government’s cybersecurity protections against private and nation-state hackers.
  • Cybersecurity Framework (CSF) - A recommended framework developed by the National Institute of Standards anf Technology to organize cybersecurity activities into five basic functions including Identify, Protect, Detect, Respond and Recover.
  • Data diode - A network appliance or device allowing data to travel only in one direction. Also referred to as a unidirectional gateway, deterministic one-way boundary device or unidirectional network.
  • Data Historian - A centralized database supporting data analysis using statistical process control techniques. Another vulnerable surface requiring appropriate privilege access.
  • Decoy Systems - In the ever-evolving game of cybersecurity, where attackers constantly devise new strategies to breach defenses, defenders must be equally innovative. Enter Decoy Systems, a sophisticated and strategic approach to detecting and understanding cyber threats. But what are these systems, and how do they function as a line of defense? Decoy Systems, commonly known as “honeypots,” […]
  • Deep Packet Inspection (DPI) - Packet sniffing; a method that examines content of data packets including the header data and content to identify threats.
  • Defense-in-depth - A broad strategy combining people, technology, and operations capabilities to prevent single points of failure in the cybersecurity defenses and assumes no single origin of threats. Cybersecurity controls are layered to protect critical system and system components.
  • Demilitarized Zone (DMZ) - The network segment separating the Corporate Enterprise Zone and the Manufacturing/Process Zones. The DMZ must be secured with firewalls to protect access from the untrusted enterprise network into the Manufacturing/Process Zones.
  • Denial of Service - The prevention of authorized access to a system resource or the delaying of system operations and functions.
  • Dynamic Host Configuration Protocol (DHCP) - A mechanism for dynamic device IP assignments.
  • Endpoint Detection and Response (EDR) - In today’s digital age, where cyber threats loom large and the perimeter of defense has expanded beyond traditional boundaries, the importance of securing individual endpoints—like computers, mobile devices, and servers—cannot be overstated. This is where Endpoint Detection and Response (EDR) comes into play, acting as a sentinel and guardian for these critical nodes in the […]
  • Engineering Workstation (EWS) - A computer used to develop and support the process control applications. Workstations represent point access for launching cyber attacks.
  • Firewall (FW) - A network device which monitors inbound and outbound traffic. The firewall is configured to block data packets defined by the security rules.
  • Forensic Readiness - In the intricate tapestry of modern business operations, where digital interactions form the backbone of most activities, the importance of being prepared for potential legal or regulatory inquiries cannot be understated. This is where the concept of “Forensic Readiness” comes to the fore, ensuring that organizations are not just reactive but proactively primed for digital […]
  • Immutable Logs - In the digital realm, where vast amounts of data are generated every second, the integrity and authenticity of this data become paramount. This is especially true for logs, which chronicle the myriad activities and events within a system. Enter “Immutable Logs,” a concept that ensures these records remain untampered and genuine, serving as a reliable […]
  • Industrial Control System (ICS) - The sensors, controllers, servers, workstations and networking devices which support the ability to produce a product or service.
  • Industrial Control Systems Secure by Design (ICSSbD®) - Mangan’s Cybersecurity business guide, process, and cybersecurity management lifecycle incorporated into OT cyber resiliency from initial planning, and preparation through to systems retirement.
  • Information Technology (IT) - The hardware and software components used to manage the production of a service or product
  • Intrusion Detection System (IDS) - A network device which monitors network traffic for anomalous or signature-based data packets correlating to a known threat.
  • Intrusion Prevention System (IPS) - A security appliance which attempts to identify malicious traffic and proactively blocks it from entering their network.
  • ISA-62443 - Instrument Society of America Standard for Security of Industrial Automation and Control Systems. A series of standards and technical reports for securing control systems.
  • Just-in-time (JIT) Access - In the vast digital landscape, where data is the new gold and cyber threats lurk at every corner, safeguarding sensitive information and systems is of paramount importance. Traditional access control methods, which grant permanent or long-term access rights, can inadvertently create vulnerabilities. This is where Just-in-time (JIT) Access emerges as a game-changer, offering a more […]
  • Key Rotation - In the realm of digital security, where encryption plays a pivotal role in safeguarding data, the significance of the cryptographic keys used in this process is paramount. These keys, which serve as both the lock and the key to encrypted information, must remain secure to ensure the integrity and confidentiality of the data they protect. […]
  • Least Privilege - Assign minimum necessary rights to a subject that requests access to a resource, minimize allowable access time relinquish privileges. Granting user permissions beyond necessary rights of an action can allow that user to obtain or change information in unwanted ways. Careful delegation of access rights can limit attackers from damaging a system.
  • Log Tampering - In the intricate world of digital systems, logs serve as the silent chroniclers, recording every action, event, and transaction that occurs. These records are invaluable, not just for operational efficiency but also for security and compliance. However, just as logs can be a tool for transparency and accountability, they can also become targets. Enter “Log […]
  • Man in the Middle (MITM) - Adversaries with privileged network access that seek to modify network traffic in real time using man-in-the-middle (MITM) attacks. This type of attack allows the adversary to intercept traffic to and/or from a particular device on the network. The adversary might block, log, modify, or inject traffic into the communication stream. Address Resolution Protocol (ARP) poisoning and […]
  • Mean Time to Recovery (MTTR) - A relative ranking of the effort to recover an asset after an incident.
  • Micro-segmentation - In the vast interconnected world of digital networks, where data flows seamlessly across nodes and boundaries, ensuring security becomes a complex challenge. Traditional network defenses, which rely on broad perimeters, often fall short in the face of sophisticated threats. This is where “Micro-segmentation” steps in, offering a more nuanced and granular approach to network security. […]
  • Mitre Att&ck® - A knowledge base of threats, countermeasure controls and attackers known to be IT and OT domains. Adversarial Tactics, Techniques, and Common Knowledge (Att&ck) is used by Mangan Cybersecurity ICSSbD® to understand how cyber attackers pose threats to the client’s assets and how to manage the risk of those threats.
  • Multi-Factor Authentication (MFA) - An authentication method requiring the user to provide two or more credentials to gain access to a resource.
  • One-time Password (OTP) - In the digital age, where our lives are increasingly intertwined with online platforms, the importance of secure authentication cannot be overstated. Traditional static passwords, while convenient, have shown vulnerabilities, especially with the rise of phishing attacks and data breaches. This is where the “One-time Password (OTP)” comes into play, offering a dynamic and robust layer […]
  • Operations Technology (OT) - The hardware and software components which make-up the Industrial Control Systems.
  • Operator Workstation (OWS) - A computer used by the control room operators to interact with the process control applications. Workstations represent point access for launching cyber attacks.
  • Pass-the-hash (PtH) Attacks - In the intricate dance of cybersecurity, where defenders and attackers are in a perpetual tango of move and countermove, certain tactics stand out for their ingenuity and effectiveness. One such tactic is the “Pass-the-hash (PtH) Attack,” a method that allows attackers to sidestep the need for plaintext passwords and directly exploit hashed credentials. So, what […]
  • Penetration Testing (AKA Pen-test) - A series of technical assessments targeting network devices and security controls to identify network flaws due to open ports, insufficient rules, unfettered data ingress and egress and other uncontrolled configurations.
  • Phishing - Tricking individuals to disclose sensitive personal information by claiming to be a trustworthy entity.
  • Port Scanning - Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).
  • Quantum Cryptography - In the fascinating intersection of advanced physics and cybersecurity, a revolutionary concept emerges: Quantum Cryptography. As the world stands on the cusp of a quantum computing era, which threatens to disrupt traditional cryptographic methods, quantum cryptography offers a beacon of hope, promising ultra-secure communication methods that leverage the peculiarities of quantum mechanics. So, what exactly […]
  • Remote Access Trojan (RAT) - Programs that provide the capability to allow covert surveillance or the ability to gain unauthorized access to a victim PC or controller.
  • Remote Terminal Session - Ability to access a network architecture. More common references are RDP for Microsoft’s Remote Desktop Protocol and VNC for Virtual Network Computing.
  • Risk Appetite - In the intricate tapestry of business strategy and decision-making, one concept plays a pivotal role in guiding an organization’s choices and actions: Risk Appetite. It’s the invisible hand that shapes the direction an entity takes, balancing the scales between potential rewards and inherent dangers. So, what exactly is Risk Appetite? Risk Appetite defines the level […]
  • Secure Socket Layer (SSL) - Encryption technology for secure transactions.
  • Security Information and Event Management (SIEM) - Network monitoring technology capable of collecting log data and combining network inspection to detect threats and recommend actions.
  • Security Orchestration - In the vast and complex realm of cybersecurity, where threats evolve at a dizzying pace and the digital landscape is vast, managing and responding to security incidents can be a daunting task. Amidst this chaos, a concept emerges to bring harmony and efficiency: Security Orchestration. It’s the maestro that ensures every instrument in the security […]
  • Subnet - Networks segmented in order to provide multilevel, hierarchical routing structure and shielding the subnetwork unnecessary network traffic.
  • Threat Hunting - In the vast digital jungle, where malicious actors lurk in the shadows, waiting for an opportunity to strike, a new breed of cybersecurity professionals emerges: the threat hunters. Unlike traditional security measures that act as sentinels, passively waiting for alarms to sound, threat hunting is an active pursuit, a game of cat and mouse, where […]
  • Tokenization - In the digital era, where vast amounts of data traverse the cyber realm every second, safeguarding sensitive information becomes paramount. Amidst the myriad of cybersecurity techniques, one stands out for its simplicity yet profound effectiveness: Tokenization. It’s the art of transforming valuable data into symbols, ensuring that even if intercepted, the real treasure remains hidden. […]
  • Unified Threat Management (UTM) - In the vast and intricate landscape of cybersecurity, where threats come in myriad forms and from multiple directions, managing and countering each one individually can be a daunting task. Enter Unified Threat Management (UTM) – a holistic approach that consolidates a range of security functions into a single, cohesive unit. Think of it as the […]
  • Virtual Local Area Network (VLAN) - Group of devices configured in order to communicate as if they were attached to the physical connection while being located on different network segments.
  • Virtual Private Network (VPN) - A method to allow secure internet traffic over a public network by encrypting that traffic exchanged by the two connected networks. A VPN uses “tunneling” to encrypt all information at the Internet Protocol level.
  • Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively
  • Zero Trust - A cybersecurity strategy based on protecting resources bound by the premise that authorization decisions are made closer to the resource being requested and are continuously evaluated rather than implicitly granted.
  • Zero-day Vulnerability - In the ever-evolving world of cybersecurity, where attackers and defenders are in a relentless race against time and each other, one type of threat stands out for its stealth and potential for damage: the Zero-day Vulnerability. It’s the digital equivalent of a hidden trap, unknown even to those who should be guarding against it, making […]
  • Zombie Device - In the vast interconnected world of the Internet of Things (IoT), where devices of all shapes and sizes communicate and collaborate, there lurks a sinister phenomenon: the Zombie Device. It’s not the stuff of horror movies, but in the realm of cybersecurity, it’s a concept that’s equally chilling. These are everyday devices, turned rogue, operating […]


Our team of experts can engage in an effective way to help you understand how mature your OT cybersecurity posture is and how the IT-OT networks are connected. Our unique approach to cybersecurity risks always integrated with business continuity in mind, helps to protect your most valuable assets. Leveraging our ICSSbD® Evaluation Toolkit, a comprehensive cybersecurity assessment can be completed in matter of few days or weeks, allowing for quick feedback, remediation, or response if necessary.
Scroll to Top