OT Glossary

A dedicated, secure computer through which users must connect to access a different security zone. In OT, a jump host (or jump server) is often placed in the DMZ as a controlled point for remote access into the control network. Operators or vendors first remote into the jump host (which is hardened and monitored), then from there connect to the OT devices (HMIs, PLCs). The idea is to funnel all external access through one chokepoint that can be managed (with multifactor auth, logging, limited tools). This reduces the risk of direct remote connections into sensitive ICS and provides an audit trail of who did what.

Malware or a tool that records keystrokes on a compromised machine, often to steal credentials. In an OT setting, a keylogger could be used on an engineering workstation or HMI PC to capture operator logins or even capture the sequence of actions taken. This is one way attackers in the past have stolen operator credentials to pivot and issue rogue commands on control systems. Keyloggers can be hardware devices or software, and are notoriously sneaky. 

Cyber kill chain

A model describing the stages of a cyber attack, from initial reconnaissance to actions on objectives. The term comes from military usage (stopping an attack by breaking the chain at any stage). In ICS security, you might hear about the “ICS kill chain” which adapts these stages to control system scenarios (like initial penetration, then moving into control network, then manipulating process). The Lockheed Martin kill chain stages (Recon, Weaponization, Delivery, Exploitation, Installation, Command & Control, Actions) or the MITRE ATT&CK framework can be considered in analyzing how an attacker might systematically progress to sabotage a physical process. The takeaway: thinking in kill-chain terms helps defenders put in controls to interrupt the adversary early (e.g., catch them in the reconnaissance or delivery phase before any damage is done).

A programming language for PLCs. It represents logic in a form resembling an electrical schematic of relay circuits (which kind of looks like a ladder with rungs and rails). Each rung defines a logical operation: contacts (inputs) on the left that simulate relay contacts, and coils (outputs) on the right. Ladder logic is popular because it’s very intuitive for engineers with electrical backgrounds. It’s part of the IEC 61131-3 standard languages for PLCs (along with others like Functional Block Diagram, Structured Text). 

Any older computer or control system that remains in use despite its age, often because it still does its job, but which typically has outdated hardware or software. In OT, legacy systems are very common, including Windows NT or XP machines running HMI software, or a PLC from the 1990s that’s still controlling a boiler. These systems often cannot be easily patched or may not support modern security, making them vulnerable. But replacing them can be expensive or risky to operations. So, they live on, sometimes isolated or wrapped in additional protective controls. A legacy ICS component might use old protocols, have serial interfaces, or run an OS long out of support, posing a security and maintenance challenge.

Shorthand for the levels of the Purdue Model (see “Purdue Model”). In Purdue (which defines a reference architecture for ICS networks), Level 0 is the physical process (sensors/actuators), Level 1 is basic control (the controllers like PLCs), Level 2 is area supervisory control (HMIs, local supervision), Level 3 is site operations (plant SCADA servers, historians, engineering workstations), and Levels 4-5 are IT systems. People often refer to “Level 1 devices” (meaning the controllers) or “Level 3 network” (meaning the control network zone with servers). It’s basically a way to delineate where a device sits in the hierarchy from physical process up to business network.

Layer of protection analysis

A risk assessment method used in process safety to evaluate if there are sufficient independent protection layers to mitigate hazards. Each “layer” could be a safety instrumented function, an alarm with operator action, or a relief device, etc. The analysis calculates the risk reduction and whether it meets tolerable levels. In OT context, you might hear this in relation to SIS design. LOPA results help determine what Safety Integrity Level (SIL) a safety function needs. It’s not directly a cybersecurity term, but as with HAZOP, it’s part of the safety-minded culture in industrial operations. (And conceptually, you can think of defense-in-depth in security as a kind of layered protection like LOPA aims for in safety.)

Generic term for any malicious software

Manufacturing execution system

Software system that monitors, tracks, and optimizes production on the plant floor. An MES sits between the real-time control layer (PLC/SCADA) and the business systems (ERP). It handles workflows such as scheduling production orders, tracking batches/lots, managing recipes, logging genealogy of products, and providing KPIs for manufacturing. 

Multifactor authentication

Using more than one method to verify a user’s identity when logging into a system. In OT, MFA is increasingly recommended for remote access or critical logins (like an engineer remoting into a plant network or logging into a SCADA host). It typically means combining something you know (password) with something you have (token or smart card) or something you are (fingerprint).