OT Glossary

A physical device that "acts" on some part of a physical process. In industrial systems, actuators (like motors, valves, or switches) receive commands (often from a controller) to adjust physical processes (e.g. opening a valve or turning a robot arm).

A (near mythical) network security measure where a system or network is physically isolated, with no direct connection to other networks. A true air-gapped OT system has no wired or wireless links to IT networks, reducing risk of remote cyber-attack. However, data (and possibly malware) almost always traverses the air gap via other means like USB and laptops.

AKA application whitelisting - A security approach that permits only pre-approved (trusted) software to run on a system and blocks everything else. In OT, allow-listing is used instead of traditional antivirus because industrial systems benefit from only allowing known-good applications and blocking new, unknown program. This strategy helps prevent malware execution, though it requires maintaining the list and doesn’t stop in-memory or script-based attacks.

Advanced persistent threat - A stealthy and sophisticated threat actor (often nation-state or well-funded group) that gains unauthorized, persistent access to a system and remains undetected for a long period. In OT environments, APTs often target critical infrastructure to gain the capability to cause harm to an unfriendly nation in case a physical war breaks out.

In ICS security context, any device, system, or component that has value and needs protection. This can range from physical equipment (PLCs, RTUs, sensors, etc.) to software and data. Asset inventory refers to the process of cataloging all these devices in an OT network.