Risk Mitigation Controls

Risk Mitigation Controls

Definition(s)


Risk Mitigation Controls

Combination of countermeasures and business continuity plans.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007.  National Standard
Repudiation

Repudiation

Definition(s)


Repudiation

Denial by one of the entities involved in a communication of having participated in all or part of the communication.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Remote Client

Remote Client

Definition(s)


Remote Client

Asset outside the control network that is temporarily or permanently connected to a host inside the control network via a communication link in order to directly or indirectly access parts of the control equipment on the control network.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Remote Access

Remote Access

Definition(s)


Remote Access

Use of systems that are inside the perimeter of the security zone being addressed from a different geographical location with the same rights as when physically present at the location. Source:  DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards

Remote Access

Use of systems that are inside the perimeter of the security zone being addressed from a different geographical location with the same rights as when physically present at the location.
  • NOTE: The exact definition of “remote” can vary according to situation. For example, access may come from a location that is remote to the specific zone, but still within the boundaries of a company or organization. This might represent a lower risk than access that originates from a location that is remote and outside of a company’s boundaries
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Reference Model

Reference Model

Definition(s)


Reference Model

Structure that allows the modules and interfaces of a system to be described in a consistent manner.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Protocol

Protocol

Definition(s)


Protocol

Set of rules (i.e., formats and procedures) to implement and control some type of association (e.g., communication) between systems [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Privilege

Privilege

Definition(s)


Privilege

Authorization or set of authorizations to perform specific functions, especially in the context of a computer operating system [11].
  • NOTE: Examples of functions that are controlled through the use of privilege include acknowledging alarms, changing setpoints, modifying control algorithms.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Outsider

Outsider

Definition(s)


Outsider

Person or group not trusted with inside access, who may or may not be known to the targeted organization.

Source:  DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards

Outsider

Person or group not “trusted” with inside access, who may or may not be known to the targeted organization (See “insider”).
  • NOTE: Outsiders may or may not have been insiders at one time.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Nonrepudiation

Nonrepudiation

Definition(s)


Nonrepudiation

Security service that provides protection against false denial of involvement in a communication [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Manufacturing Operations

Manufacturing Operations

Definition(s)


Manufacturing Operations

Collection of production, maintenance, and quality assurance operations and their relationship to other activities of a production facility.
  • NOTE: Manufacturing operations include:
  1. manufacturing or processing facility activities that coordinate the personnel, equipment, and material involved in the conversion of raw materials or parts into products.
  2. functions that may be performed by physical equipment, human effort, and information systems.
  3. managing information about the schedules, use, capability, definition, history, and status of all resources (personnel, equipment, and material) within the manufacturing facility
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Local Area Network

Local Area Network

Definition(s)


Local Area Network

Communications network designed to connect computers and other intelligent devices in a limited geographic area (typically less than 10 kilometers) [10]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Lines, Units, Cells

Lines, Units, Cells

Definition(s)


Lines, Units, Cells

Lower-level elements that perform manufacturing, field device control, or vehicle functions.
  • NOTE: Entities at this level may be connected together by an area control network and may contain information systems related to the operations performed in that entity.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Key Management

Key Management

Definition(s)


Key Management

process of handling and controlling cryptographic keys and related material (such as initialization values) during their life cycle in a cryptographic system, including ordering, generating, distributing, storing, loading, escrowing, archiving, auditing, and destroying the keys and related material [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
IP address

IP address

Definition(s)


IP address

Address of a computer or device that is assigned for identification and communication using the Internet Protocol and other protocols.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Interface

Interface

Definition(s)


Interface

Relations between a modular drilling rig and various systems (such as safety, oil, gas, water, electricity, instrumentation, communication, structures, etc.) on the platform. Source: ISO 18647:2017, Petroleum and natural gas industries — Modular drilling rigs for offshore fixed platforms, First Edition, August 2017. Global Standards

Interface

Logical entry or exit point that provides access to the module for logical information flows.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Interception

Interception

Definition(s)


Interception

Capture and disclosure of message contents or use of traffic analysis to compromise the confidentiality of a communication system based on message destination or origin, frequency or length of transmission, and other communication attributes.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Insider

Insider

Definition(s)


Insider

Trusted person, employee, contractor, or supplier who has information that is not generally known to the public. Source:  DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards

Insider

“trusted” person, employee, contractor, or supplier who has information that is not generally known to the public (See “outsider”). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Initial Risk

Initial Risk

Definition(s)


Initial Risk

Risk before controls or countermeasures have been applied (See “risk”). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Industrial Automation and Control Systems

Industrial Automation and Control Systems

Definition(s)


Industrial Automation and Control Systems

Collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process.
  • NOTE: These systems include, but are not limited to:
  1. industrial control systems, including distributed control systems (DCSs), programmable logic controllers (PLCs), remote terminal units (RTUs), intelligent electronic devices, supervisory control and data acquisition (SCADA), networked electronic sensing and control, and monitoring and diagnostic systems. (In this context, process control systems include basic process control system and safety-instrumented system [SIS] functions, whether they are physically separate or integrated.)
  2. associated information systems such as advanced or multivariable control, online optimizers, dedicated equipment monitors, graphical interfaces, process historians, manufacturing execution systems, and plant information management systems.
  3. associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Host

Host

Definition(s)


Host

Computer that is attached to a communication subnetwork or inter-network and can use services provided by the network to exchange data with other attached systems [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Guard

Guard

Definition(s)


Guard

Gateway that is interposed between two networks (or computers or other information systems) operating at different security levels (one network is usually more secure than the other) and is trusted to mediate all information transfers between the two networks, either to ensure that no sensitive information from the more secure network is disclosed to the less secure network, or to protect the integrity of data on the more secure network [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Geographic Site

Geographic Site

Definition(s)


Geographic Site

Subset of an enterprise’s physical, geographic, or logical group of assets.
  • NOTE: A geographic site may contain areas, manufacturing lines, process cells, process units, control centers, and vehicles and may be connected to other sites by a wide area network.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Gateway

Gateway

Definition(s)


Gateway

Relay mechanism that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables host computers on one network to communicate with hosts on the other [11].
  • NOTE: Also described as an intermediate system that is the translation interface between two computer networks.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Field I/O Network

Field I/O Network

Definition(s)


Field I/O Network

Communications link (wired or wireless) that connects sensors and actuators to the control equipment.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Equipment Under Control

Equipment Under Control

Definition(s)


Equipment Under Control

Equipment, machinery, apparatus or plant used for manufacturing, process, transportation, medical or other activities [14]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Enterprise System

Enterprise System

Definition(s)


Enterprise System

Collection of information technology elements (i.e., hardware, software and services) installed with the intent to facilitate an organization’s business process or processes (administrative or project). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Electronic Security

Electronic Security

Definition(s)


Electronic Security

Actions required to preclude unauthorized use of, denial of service to, modifications to, disclosure of, loss of revenue from, or destruction of critical systems or informational assets.
  • NOTE: The objective is to reduce the risk of causing personal injury or endangering public health, losing public or consumer confidence, disclosing sensitive assets, failing to protect business assets or failing to comply with regulations. These concepts are applied to any system in the production process and include both stand-alone and networked components.

Communications between systems may be either through internal messaging or by any human or machine interfaces that authenticate, operate, control, or exchange data with any of these control systems. Electronic security includes the concepts of identification, authentication, accountability, authorization, availability, and privacy.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Eavesdropping

Eavesdropping

Definition(s)


Eavesdropping

Monitoring or recording of communicated information by unauthorized parties.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Domain

Domain

Definition(s)


Domain

Environment or context that is defined by a security policy, security model, or security architecture to include a set of system resources and the set of system entities that have the right to access the resources [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Distributed Control System

Distributed Control System

Definition(s)


Distributed Control System

Type of control system in which the system elements are dispersed but operated in a coupled manner.
  • NOTE: Distributed control systems may have shorter coupling time constants than those typically found in SCADA systems.
  • NOTE: Distributed control systems are commonly associated with continuous processes such as electric power generation; oil and gas refining; chemical, pharmaceutical and paper manufacture, as well as discrete processes such as automobile and other goods manufacture, packaging, and warehousing.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard