OT Glossary

Malware or a tool that records keystrokes on a compromised machine, often to steal credentials. In an OT setting, a keylogger could be used on an engineering workstation or HMI PC to capture operator logins or even capture the sequence of actions taken. This is one way attackers in the past have stolen operator credentials to pivot and issue rogue commands on control systems. Keyloggers can be hardware devices or software, and are notoriously sneaky. 

Cyber kill chain

A model describing the stages of a cyber attack, from initial reconnaissance to actions on objectives. The term comes from military usage (stopping an attack by breaking the chain at any stage). In ICS security, you might hear about the “ICS kill chain” which adapts these stages to control system scenarios (like initial penetration, then moving into control network, then manipulating process). The Lockheed Martin kill chain stages (Recon, Weaponization, Delivery, Exploitation, Installation, Command & Control, Actions) or the MITRE ATT&CK framework can be considered in analyzing how an attacker might systematically progress to sabotage a physical process. The takeaway: thinking in kill-chain terms helps defenders put in controls to interrupt the adversary early (e.g., catch them in the reconnaissance or delivery phase before any damage is done).