OT security can seem overwhelming, especially if you need to get up to speed with all the terminology. That’s why we’ve put together this glossary — to help you navigate the OT security landscape. Whether you’re trying to get the hang of OT security basics or a seasoned professional needing a quick refresher, this guide’s got you covered. We want this to be your go-to resource, boosting your understanding and confidence when dealing with OT security.
Welcome to our comprehensive glossary of OT security terms.
Access control
A secure technique that regulates who or what can view or use resources in a computing environment. It’s a fundamental concept in security that reduces exposure to the outside world and enables governance of external access, minimising risks to the business or organisation.
Authentication
The process of validating a person’s credentials, computer process, or device. Authentication confirms that a user is who they claim to be.
Business Continuity Plan (BCP)
A strategic playbook that helps organisations to maintain or quickly resume business after a crisis or disaster, either originating internally as well as externally. The main goal is to maintain the continuity of essential services and ensure the overall functioning of the business, with an emphasis on safeguarding core business processes. This includes identifying potential threats, evaluating their impact on the organisation and developing recovery procedures and processes to mitigate these risks. The BCP is integrated into the organisation’s policies and culture.
Continuous Network Monitoring
A cybersecurity practice involving ongoing surveillance, analysis, and assessment of network traffic, devices, and activities to detect and respond to security threats and vulnerabilities in real time. This proactive approach to network security helps organisations identify and mitigate potential security incidents before they escalate and cause damage.
Cyberattack
A deliberate exploitation of technology-dependent systems, networks, and security infrastructures to cause harm or disrupt the normal functioning of these systems. This could involve stealing, altering, or destroying data, interrupting network services, spreading harmful software, or misusing digital resources. Individuals or organisations can carry out cyberattacks and target personal, corporate, or governmental networks.
Cybersecurity
The practices, procedures, and technologies employed to protect data, networks, devices, and programs from damage, unauthorised access, or criminal use. It safeguards systems from potential threats, including security breaches, cyberattacks, and data theft. Cybersecurity strategies include risk management processes, end-user education, and applying detection and/or protective software such as firewalls and encryption programs.
Cyber Resilience Act (CRA)
The Cyber Resilience Act is a European regulation for improving cybersecurity and resilience through common standards for products with digital elements. This comprises hardware and software whose intended and foreseeable use includes direct or indirect data connection to a device or network. To make these products secure by design and supported over their lifespan.
Disaster Recovery Plan (DRP)
A subset of the Business Continuity Plan specifically addressing the recovery of systems and data in the aftermath of a major disaster to recuperate and reinstate them to their standard state with minimal data loss and downtime. This includes routine backups, redundancy measures, data recovery protocols, and testing to guarantee the swift restoration of IT resources.
Firewall
A network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Its primary function is to act as a barrier between a trusted internal network and an untrusted external network, such as the Internet.
Incident Response Plan (IRP)
A plan concentrating on the immediate response to and containment of security incidents, encompassing cyberattacks, data breaches or physical security breaches. The foremost goal is to curb incidents’ impact by rapidly containing and mitigating them, preserving crucial evidence for forensic examination. This plan includes isolating affected systems, conducting digital forensics, and notifying stakeholders.
Industrial Control System (ICS)
A wide range of hardware, software, and network components are tailored to meet the specific needs of industrial operations and are the core of OT. They are used in industrial environments to monitor, control and automate processes and machinery. These systems are crucial for maintaining efficiency and processing data. And include components such as Sensors and actuators, Programmable Logic Controllers (PLCs), Supervisory and Data Acquisition Systems (SCADA), Distributed Control Systems (DCS), Human-Machine Interfaces (HMI) and Network Infrastructure.
Intrusion Detection System (IDS)
A security technology designed to detect and alert potential security breaches and intrusion attempts. IDS solutions analyse network traffic and signatures to identify known threats and behavioural anomalies indicative of malicious activity. IDS alerts are typically prioritised based on severity levels for a timely response.
Information Technology (IT)
The use of computers, storage, networking, and other physical devices, infrastructure, and processes to generate, process, store, secure, and exchange electronic data. It’s primarily focused on managing data, providing a productive work environment, and protecting an organisation’s digital infrastructure.
Internet of Things (IoT)
A network of physical devices, vehicles, home appliances, and other objects embedded with sensors, software, and network connectivity, which enables these objects to connect and exchange data. IoT brings the power of the internet, data processing, and analytics to the real world of physical objects. It has the potential to dramatically increase visibility and control of many business operations, often with real-time feedback to enhance performance and efficiency.
Manufacturing Execution System (MES)
A computerised system used in manufacturing industries to track, monitor, and manage production processes in real time. MES is crucial in coordinating and optimising manufacturing operations, ensuring efficiency, quality and compliance with production schedules and standards. It bridges the shop floor and the Enterprise Resources Planning (ERP) system, providing detailed visibility and control over manufacturing processes.
Directive on security of Network and Information Systems (NIS2)
The proposed successor to the existing NIS directive by the European Union. The Directive now covers more industries and companies to increase cybersecurity and resiliency in essential operations across EU member states. It proposes more strict security measures and reporting requirements for cybersecurity incidents.
Operational Technology (OT)
The systems, devices, and software used to manage, monitor, and control industrial operations and processes. Unlike IT, which focuses on data-centric computing systems, OT is hardware and software that detects changes by directly monitoring and controlling the enterprise’s physical devices, processes, and events.
OT Security
OT (Operational Technology) security, or industrial cybersecurity, refers to the practices, technologies, and measures employed to protect operational technology systems and infrastructure from cyberthreats, vulnerabilities, and risks.
Programmable Logic Controller (PLC)
A specialised industrial computer used to automate and control electromechanical processes in manufacturing plants, factories, and other industrial settings. PLCs are widely used in various industries to monitor inputs, make decisions based on logic programming, and control outputs to automate processes and machinery. The core of a PLC is the Central Processing Unit (CPU) and the Input and Output (I/O) modules to interface towards sensors and actors. The overall design of a PLC is modular and flexible in connecting various modules.
Secure Remote Access
The ability of authorised users to access organisational networks, systems, and resources from remote locations in a secure and controlled manner. With the increasing prevalence of remote work and distributed teams, secure remote access has become essential for enabling employees, partners, and vendors to connect to corporate networks and systems while maintaining confidentiality, integrity, and availability of data and resources.
Privileged Access Management
A cybersecurity practice that controls, monitors and secures access to privileged accounts and sensitive resources within an organisation’s IT and OT environment. Privileged accounts typically have elevated permissions and access rights, allowing users to perform administrative tasks, configure systems, and access sensitive data. Managing and securing these accounts is crucial for preventing unauthorised access, minimising the risk of insider threats, and protecting against cyberattacks.
Purdue Model
A framework, also known as the Purdue Enterprise Reference Architecture (PERA), that helps design and organise industrial control systems (ICS) and manufacturing operations within industrial environments. Purdue University developed it in the 1990s. The Purdue Model provides a hierarchical structure that helps organise and separate different levels of control and communication within a manufacturing or industrial facility. It has several levels, each with its functions, responsibilities, and communication protocols. These levels are arranged hierarchically, with data flowing between them in a controlled manner.
Remote Desktop Protocol (RDP)
A protocol developed by Microsoft that allows the user to connect to another computer over a network connection in a Windows-based system. It gives the user a graphical interface to connect to another computer over a network connection. RDP is designed to support various network topologies and multiple LAN protocols.
Risk Assessment
The process of identifying, analysing and evaluating potential risks and threats that could negatively impact key business initiatives or critical projects. An assessment aims to understand the potential impact of threats on the organisation’s operations, assets, and objectives and to develop strategies for managing and mitigating these risks effectively.
Secure File Transfer Protocol (SFTP)
A protocol that provides secure file access, file transfer, and file management functionalities over any reliable data stream. It is beneficial for transferring large files over the internet as it ensures the integrity and confidentiality of data by using encryption.
Supervisory Control And Data Acquisition (SCADA)
SCADA systems are used to monitor and control industrial processes and equipment. They provide a centralised interface for operators to visualise real-time data, issue commands, and manage alarms and events. SCADA systems often integrate with PLCs and other devices to facilitate control and data acquisition.
Vulnerability
A weakness or flaw in a system, device, or process that cybercriminals could potentially exploit to gain unauthorised access, disrupt operations, or carry out other malicious activities. This could be due to poor security configurations, outdated software, lack of protective measures, or other factors. Identifying and addressing these vulnerabilities is critical to maintaining OT systems’ integrity, availability, and confidentiality.
Understanding these terms is your first step towards a safer operational environment. This knowledge lays the groundwork for you to manage risks and challenges. But this is only the start. We’ll explore more complex topics as we go. So, stay with us as we guide you through this complex field, providing the tools and information you need to secure your future.