Term
| Advanced Persistent Threat |
|
Definition
| A class of threat designed to infiltrate a network, remain through evasion and propagaion techniques. Typically used to esablish and maintain an external command and control channel through which the attacker can continuously exfiltrate data. |
|
|
Term
|
Definition
| Any device used within an industrial network |
|
|
Term
|
Definition
| The collectively exposed portions of that system or asset. A large ___ means that there are many exposed areas that an attack could target, while a small ____ means that the target is relatively small. |
|
|
Term
|
Definition
| Communications channel that is hidden to avoid detection. also used in reference to hidden or covert communications occuring back towards the orginating sender, that is, malware hidden in the return traffic of a bidirectional communication. |
|
|
Term
|
Definition
Chimical Facility Anti-Terrorism Standard.
Established by homeland security to protect the manufacture, storage and distribution of potentially hasardous chemicals. |
|
|
Term
|
Definition
| typically used within regulatory standards or guidelines to indicate when an alternative method that those typically addressed but the standard or guideline |
|
|
Term
|
Definition
| Operations center, typically consist of SCADA and HMI systems that provide interaction with industrial/automated processes. |
|
|
Term
|
Definition
| A larger pattern match consisting of two or more regular logs or events, as detected by an event correlation system. |
|
|
Term
|
Definition
| an asset that is itself responsible for performing a critical function, or directly impacts an asset that performs a critical function. Heavily used within NERC reliability standards for Critical Infrastructure Protection |
|
|
Term
|
Definition
| A digitally connected asset that is itelf responsible for performing a critical function, or directly impacts an asset that performs a critical function. Heavily used within MRC regulations and guideance documents. |
|
|
Term
|
Definition
Any infrastructure whose disruption could have server impact on a nation or societ.
In the US, it is defined by the Homeland Security Presidential Directive Seven as: Aggriculture and Food, Banking and Finacne, Chemical, COmmercial Facilities, Critical Manufacturing, Dams, Defense Industrial Base, Drinking Water and Water Treatment Systems, Emergency Services, Energy, Government Facilities, Infomration Technology, National Monuments and Icons, Nuclear Reactors Materials and waste, Postal and Shipping, Public Health and Healthcare, Telecommunications, and TransportationSystems. |
|
|
Term
|
Definition
| An asset that is connected to a routable network, that is, a Host. |
|
|
Term
|
Definition
| a "one way" data communication device, often consisiting of a physical-layer unidirectional limitation. Using only one half of a fiber optic "transmit/receive" pair would enforce unidirectional communication at the physical layer while proper configuration of a network firewall oculd logically enforce unidirectional communication at the network layer. |
|
|
Term
| Database Activety Monitor (DAM) |
|
Definition
Includes SQL, DML, and others. It May be network or host based. network-based transaction by decoding and interpreting network traffic, while host-based provide system-level auditing directly from the server.
Can be used for indications of malicious intent (SQL Injections), Fraud (eg the manipulation of stored data) and/or as a means of logging data access for systems that do not or cannot produce auditable logs. |
|
|
Term
| Deep Packet Inspection (DPI) |
|
Definition
| inspecting all the way down to application layer (layer 7) of the OSI model. That is, past datalink, network or session headers to inspect all the way into the payload of the packet. This is used by most IDS/IPS, newer firewalls, and other security devices. |
|
|
Term
| Distributed Control System |
|
Definition
| An Industrial Control System deployed and controlled in a distributed manner, such that various distributed control systems or processes are controllled individually. |
|
|
Term
| Electronic Security Perimeter |
|
Definition
| Refers to the demarcation point between a secured enclave, such as a control system, and a less trusted network, such as a business network. It typically includes the devices, such as firewalls, IDS, IPS, Industrial Protocal Filters, Application Monitors, and similar devices that secure the demarcation points. |
|
|
Term
|
Definition
| A logical grouping of assets, systems and/or services that defines and contains one or more funcitonal gorups. They represent network "zones" that can be used to isolate certain funciont in order to more effectively secure them. |
|
|
Term
|
Definition
| The process of identifying valid identities of devices and users in a network; typically as an intial step in a network attack process. It allows an attacker to identify valid systems and/or accounts that can then be targetd for exploitsation or compromise. |
|
|
Term
|
Definition
| A command that is a network tool that provides detailedn information about a user |
|
|
Term
|
Definition
| Various numeric identifiers used within industrial network protocols for command and control purposes. |
|
|
Term
|
Definition
| Host Intrusion Detection System |
|
|
Term
|
Definition
| Host Intrusion Prevention System |
|
|
Term
Homeland Security Presidential Directive Seven
(HSPD-7) |
|
Definition
| Homeland Security defines 18 critical infrastructures within the US. |
|
|
Term
| Identity Access Management |
|
Definition
| The process of magain user identities and user accounts, as well as related user access and authentication activities within a network; and a category of products designed to centralize and automate those funcions. |
|
|
Term
| IED - Intelligent Electronic Device |
|
Definition
| An elctronic component - such as a regulator, circuit control, etc... that has a microprocessor and is able to communicate, typically digitally using fielbus, rel-time etherent or other industrial protocols |
|
|
Term
| Industrial Control System (ICS) |
|
Definition
| Devices, network, and controls used to operate and/or automate an industrial process |
|
|
Term
| Inter Control Center Protocl (ICCP) |
|
Definition
| Real-time industrial network protocol designed for wide area intercommunication between two or more control centers. It is an internationally recognized standard published by the Internation Elctrotechnical Commineion (IEC) |
|
|
Term
| Internation Elctrotechnical Commision (IEC) |
|
Definition
| Internation standards orginization that develops standards for the purposes of consensus and conformity among international technology developers, vendors and users. |
|
|
Term
| Internation Standards Orginization |
|
Definition
| A network of standards orginization from over 160 countries, which develops and publishes atandards covering a wide range of topics. |
|
|
Term
| Lightweight Directory Access Protocol (LDAP) |
|
Definition
| standard which defines a standard process for accessing and utilized network-based directories. It is used by a variety of directories and Identity Access Management (IAM) systems. |
|
|
Term
|
Definition
| Controlling asset or host involoved in an industrial protocol communication session. It is typically responsible for timing synchronization, and command and control aspects of an industrial network protocol. |
|
|
Term
|
Definition
| A Protocol used for intercommunication between industrial control assets. Modbus is a flexible Master/Slave command and control protocol available in several variants. |
|
|
Term
| NEI - The Nuclear Energy Institue |
|
Definition
| an Orginization that is dedicated to and governed by the US Nuclear Utlity companies |
|
|
Term
| Network Access Control (NAC) |
|
Definition
| provides measures of controlling access to the network, using technologies such as 802.1x (port network access control) to require authentication for a network port to be enabled, or orther access control methods. |
|
|
Term
| North American Electric Reliability Corporation |
|
Definition
| An orginization that develops and evforces reliability standards for and monitors the activities of the bulk electric power grid in North America |
|
|
Term
| Nuclear Regulatory COmmision |
|
Definition
| a five member presidentially appointed commisision responsible for the save use of radioactive materials. |
|
|
Term
|
Definition
| Open Source Security Information Management |
|
|
Term
|
Definition
| The DNP3 slave or remote device. The term is also used more generically as a remote SCADA system, typically interconected with central SCADA systems by a WAN |
|
|
Term
|
Definition
| An industrial field bus protocol |
|
|
Term
|
Definition
| An implementation of Profibus designed to operate in relatime over ethernet |
|
|
Term
|
Definition
| A research project that demonstrated how a cyber attack could result in the explosion of a generator. |
|
|
Term
| Risk Based Performance Standards - RBPS |
|
Definition
| reccomendations for meeting the security controls required by the Chemical Facility Anti-Terrorism Standard (CFATS) |
|
|
Term
|
Definition
| Refers to a trusted network. When discussing unidirection communication in critical networks, traffic is typically only allowed outward. |
|
|
Term
| Remote Terminal Unit (RTU) |
|
Definition
| A device combining remote communication capabilities with programmable loginc for the control of processes in remote locations |
|
|
Term
|
Definition
| latest version of Serial Real-time COmmunications System |
|
|
Term
|
Definition
| defined values signifying a target metric against which programmable logic can operate. |
|
|
Term
|
Definition
| A state of awareness within a network in order to identify and respond to network-based attacks. |
|
|
Term
|
Definition
| A term referring to the use of both black listing and white listing with a centralized intelligence system such as a SIEM |
|
|
Term
|
Definition
| AN advanced cyber attack against an industrial control system, consisting of multiple zero-day exploits used for the delivery of malware that then targeted and infected specific industrial controls for the purposes of sabotaging an automated process. Widely regarded as the first cyber attack to specfically target an ICS |
|
|
Term
| Supervisory Control and Data Acquisition |
|
Definition
| Revers to the systems and networks that communicate with industrial control systems to provide data to operators for supervisory purposes, as well as control capabiliteis for process management. |
|
|
Term
| Technical Feasibility/Technical Feasibility Exception (TFE) |
|
Definition
| used to indicate where a requried control can be reasonably implemented. Where the implementation of a required control is not technically feasibl. |
|
|
Term
|
Definition
| A Logical boundary or enclave containing assets of like function and/or criticality, for the purposes of facilitating the security of common systems and services |
|
|
