OT Glossary

(unidirectional gateway)

A hardware-based cybersecurity device that allows data to flow in only one direction. It’s used in OT environments to connect highly sensitive networks to external systems (like sending plant data to a corporate network) without any possibility of data coming back into the secure zone. Not always practical if remote access is needed.

Distributed control system

A control system commonly used in large, continuous industrial processes (like chemical plants, oil refineries, power generation). In a DCS, control intelligence is distributed throughout the plant across multiple controllers rather than centralized. These controllers (often networked PLCs or dedicated DCS controllers) autonomously run different parts of the process, all coordinated by supervisory software. DCS systems typically span an entire building (as opposed to a single machine or a large geographic area).

A security strategy that employs multiple layers of defense to protect a system. In ICS security, this means implementing a combination of physical security, network segmentation, firewalls, intrusion detection, strict user access controls, etc., so that if one layer fails, others still provide protection. For example, even if a firewall is breached (outer layer), an ICS might still be safe thanks to an internal allow-list. 

An industrial network protocol used for connecting simple industrial devices (sensors, actuators) to a PLC. It’s essentially the Common Industrial Protocol (CIP) running over a CAN (Controller Area Network) bus. DeviceNet was widely used for device-level networking (particularly in automotive manufacturing) to reduce complex wiring. It’s slower and more limited compared to EtherNet/IP, and largely legacy now.

Demilitarized zone

A network segment that acts as a buffer zone between two networks of different trust levels, often between an internal OT network and external IT or internet. An Industrial DMZ (or IDMZ) is commonly set up between the plant control network and the corporate IT network. It hosts servers (like historians, remote access jump hosts, etc.) that need to communicate with both sides. The idea is to tightly control and inspect traffic between OT and IT, reducing direct exposure of critical control systems.

Distributed network protocol

A communication protocol primarily used in SCADA systems for utilities (electric, water, wastewater). DNP3 is used to exchange data between control centers, RTUs, and IEDs over long distances. It’s especially common in North America for electric power distribution. DNP3 is robust against unreliable links and supports time-stamping of data, but it was not originally designed with strong security (it has since been updated with optional encryption/authentication features).