Glossary

  • Asset An asset refers to any physical or digital component that plays a role in the operation, control, or monitoring of industrial processes. These assets are critical to the functioning of systems in sectors like manufacturing, energy, transportation, and utilities.
  • Awareness (Security) Awareness refers to the knowledge and understanding that individuals within an organization have about potential security threats and the behaviors required to prevent or respond to them. It’s a critical component of an organization’s overall cybersecurity strategy.
  • BSI The BSI—Bundesamt für Sicherheit in der Informationstechnik, or Federal Office for Information Security—is Germany’s central authority for cybersecurity and information security.
  • CIS CIS usually refers to the Center for Internet Security and its CIS Controls—a set of best practices to secure systems, including industrial environments like SCADA and ICS.
  • CNC CNC refers to Computer Numerical Control machines—automated tools used in manufacturing for tasks like drilling, milling, and cutting.
  • Contributors A contributor is someone who adds value to a project, organization, or effort by providing work, ideas, resources, or support. This can include writing, coding, designing, funding, or offering expertise.
  • CVE A CVE (Common Vulnerabilities and Exposures) is a publicly disclosed cybersecurity vulnerability with a unique identifier.
  • cyber attacks A cyber attack is a deliberate attempt by an adversary to damage, disrupt, or gain unauthorized access to computer systems, networks, or data.
  • cyber physical system A Cyber-Physical System (CPS) is a system that integrates computing, networking, and physical processes.
  • DCS A DCS (Distributed Control System) is an automated control system used in industrial environments to manage processes.
  • DISA The Defense Information Systems Agency (DISA) is a U.S. Department of Defense (DoD) agency that provides secure, reliable IT and communications support to military operations.
  • FAT A Factory Acceptance Test (FAT) is a quality assurance process conducted at the manufacturer's site to verify that equipment or systems meet the required specifications before delivery.
  • Hardening (System) hardening is the process of securing a system by reducing its attack surface.
  • HMI A Human-Machine Interface (HMI) is a user interface that allows humans to interact with machines, systems, or devices.
  • HVAC HVAC stands for Heating, Ventilation, and Air Conditioning—a system used to regulate indoor climate and air quality.
  • IDS An IDS (Intrusion Detection System) is a cybersecurity tool that monitors network or system activity for signs of malicious behavior or policy violations.
  • IEC IEC stands for the International Electrotechnical Commission, a global organization that develops and publishes international standards for electrical, electronic, and related technologies.
  • IEC62443 IEC 62443 is a series of international standards focused on cybersecurity for industrial automation and control systems (IACS).
  • ISO27001 ISO/IEC 27001 is an international standard for managing information security (management systems).
  • IT IT (Information Technology) refers to the use of computers, networks, and software to manage and process information.
  • NERC-CIP NERC CIP (North American Electric Reliability Corporation – Critical Infrastructure Protection) is a set of mandatory cybersecurity standards designed to protect the Bulk Electric System (BES) in North America.
  • NIDS A NIDS (Network Intrusion Detection System) is a security tool that monitors network traffic for suspicious activity or known threats.
  • NIS NIS stands for Network and Information Systems Directive, a European Union regulation aimed at improving cybersecurity across critical infrastructure sectors.
  • NIST NIST stands for the National Institute of Standards and Technology, a U.S. federal agency that develops standards, guidelines, and best practices for science, technology, and cybersecurity.
  • OT Operational Technology (OT) refers to hardware and software systems that monitor and control physical devices, processes, and infrastructure.
  • OWASP OWASP stands for the Open Worldwide Application Security Project, a nonprofit organization focused on improving software security.
  • SAT A Site Acceptance Test (SAT) is a process used to verify that a system or equipment functions correctly in its actual operating environment.
  • SCADA SCADA stands for Supervisory Control and Data Acquisition, a system used to monitor and control industrial processes remotely.
  • Segmentation Network segmentation is the practice of dividing a computer network into smaller, isolated segments or subnets. This improves security, performance, and manageability by controlling traffic flow and limiting access between segments.
  • SIS Safety Instrumented Systems (SIS) are automated systems designed to prevent hazardous events in industrial processes by taking a process to a safe state when predetermined conditions are violated.
  • STIG A Security Technical Implementation Guide (STIG) is a set of cybersecurity configuration standards developed by the Defense Information Systems Agency (DISA). STIGs are used primarily by the U.S. Department of Defense (DoD) and affiliated organizations to secure IT systems, software, and networks against cyber threats.
  • Supply chain A supply chain is the network of people, organizations, resources, activities, and technologies involved in the creation and delivery of a product or service from the supplier to the customer.
  • Vulnerabilities A vulnerability is a weakness or flaw in a system, software, or network that can be exploited by a threat actor to gain unauthorized access, cause damage, or disrupt operations.