OT Glossary

The National Institute of Standards and Technology Cybersecurity Framework

A framework by NIST for improving cybersecurity risk management. While not OT-specific, it’s widely applied to ICS/OT environments. It comprises six functions – Govern, Identify, Protect, Detect, Respond, Recover – to organize security efforts. Many organizations use the NIST CSF as a common language to evaluate and improve the security of their control systems.

NIST Special Publication 800-82 "Guide to OT Security"

It provides detailed guidance on how to secure ICS, covering typical architectures (like Purdue model levels), threats, vulnerabilities, and recommended security controls for ICS environments. It’s a go-to document for best practices, and many other standards reference its content. 

A concept from security (not ICS-specific): ensuring that a party in a communication cannot deny the authenticity of their signature on a document or a message that they originated. In OT, this might come into play with logging and forensics: ensuring actions (like a command to change a setpoint) are traceable to a user and cannot be refuted. Digital signatures and audit logs contribute to non-repudiation. It’s less talked about than confidentiality, integrity, availability in ICS, but it’s one of those classic infosec principles.

OLE for Process Control

Old name for what is now simply OPC Classic. This is a set of standards/protocols originally based on Microsoft OLE/COM technology for data exchange between industrial software applications. An OPC Server would talk to devices (like PLCs) and expose their data in a standard way, so different client software (HMIs, historians) could all access it uniformly. OPC Classic includes specs like DA (Data Access), HDA (Historical Data Access), A&E (Alarms & Events). It was huge for interoperability but being COM/DCOM-based, it had all the Windows quirks (and DCOM security issues). It’s largely been succeeded by OPC UA, but many legacy systems still use OPC DA servers to bridge devices and software.

Open process communication unified architecture

The modern evolution of the OPC standard, redesigned to be platform-independent, robust, and secure. OPC UA is a communication protocol that allows various industrial devices and software to share data in a unified way. It is more commonly found at the higher levels of the network and can use a binary TCP format or HTTPS format. Unlike OPC Classic, it’s not tied to Windows COM, and it includes built-in security (encryption, authentication). 

The person (or people) who monitor and control the industrial process using the ICS. Operators sit in the control room or at local panels, keep an eye on HMI screens, acknowledge alarms, start and stop equipment, and adjust setpoints as needed to keep things running smoothly. They are the human-in-the-loop of an ICS.

(Open source intelligence) Essentially just gathering information about a target from public sources. Could include Google, Shodan, social media, or ship tracking websites.

Operational technology

Technology dealing with physical operations, including ICS, SCADA, DCS, and PLCs. Compared to Information technology dealing only with data and information.

Programmable Logic Controller - a ruggedized embedded computing device that is continuously reading sensor data, executing its control logic program, and updating physical outputs based on that program.

Remote telemetry unit - Device typically found in remote locations to aggregate data from that specific area of a SCADA network. May have some very basic programmable functionality