Demilitarized Zone

Demilitarized Zone

Definition(s)


Demilitarized Zone

Perimeter network segment that is logically between internal and external networks [9].
  • NOTE: The purpose of a demilitarized zone is to enforce the internal network’s policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal network from outside attacks.
  • NOTE: In the context of industrial automation and control systems, the term “internal network” is typically applied to the network or segment that is the primary focus of protection. For example, a control network could be considered “internal” when connected to an “external” business network.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Defense in Depth

Defense in Depth

Definition(s)


Defense in Depth

The strategy of placing layers of increased protection between access points and critical assets, Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards

Defense in Depth

Provision of multiple security protections, especially in layers, with the intent to delay if not prevent an attack.
  • NOTE: Defense in depth implies layers of security and detection, even on single systems, and provides the following features:
  1. attackers are faced with breaking through or bypassing each layer without being detected
  2. a flaw in one layer can be mitigated by capabilities in other layers
  3. system security becomes a set of layers within the overall network security.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard

Decryption

Decryption

Definition(s)


Decryption

Process of changing cipher text into plaintext using a cryptographic algorithm and key (See “encryption”) [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Data Confidentiality

Data Confidentiality

Definition(s)


Data Confidentiality

Property that information is not made available or disclosed to any unauthorized system entity, including unauthorized individuals, entities, or processes [7]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Cryptographic Key

Cryptographic Key

Definition(s)


Cryptographic Key

Input parameter that varies the transformation performed by a cryptographic algorithm [11].
  • NOTE: Usually shortened to just "key."
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Control Network

Control Network

Definition(s)


Control Network

Time-critical network that is typically connected to equipment that controls physical processes (See “safety network”).
  • NOTE: The control network can be subdivided into zones, and there can be multiple separate control networks within one company or site.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Control Center

Control Center

Definition(s)


Control Center

Central location used to operate a set of assets.
  • NOTE: Infrastructure industries typically use one or more control centers to supervise or coordinate their operations. If there are multiple control centers (for example, a backup center at a separate site), they are typically connected together via a wide area network. The control center contains the SCADA host computers and associated operator display devices plus ancillary information systems such as a historian.
  • NOTE: In some industries the term “control room” may be more commonly used.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Compromise

Compromise

Definition(s)


Compromise

Unauthorized disclosure, modification, substitution, or use of information (including plaintext cryptographic keys and other critical security parameters) [13]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Communication System

Communication System

Definition(s)


Communication System

Arrangement of hardware, software, and propagation media to allow the transfer of messages (ISO/IEC 7498 application layer service data units) from one application to another.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Communication Security

Communication Security

Definition(s)


Communication Security

  1. measures that implement and assure security services in a communication system, particularly those that provide data confidentiality and data integrity and that authenticate communicating entities.
  2. state that is reached by applying security services, in particular, state of data confidentiality, integrity, and successfully authenticated communications entities [11].
  • NOTE: This phrase is usually understood to include cryptographic algorithms and key management methods and processes, devices that implement them, and the life-cycle management of keying material and devices. However, cryptographic algorithms and key management methods and processes may not be applicable to some control system applications.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Communication Path

Communication Path

Definition(s)


Communication Path

Logical connection between a source and one or more destinations, which could be devices, physical processes, data items, commands, or programmatic interfaces.

  • NOTE: The communication path is not limited to wired or wireless networks, but includes other means of communication such as memory, procedure calls, state of physical plant, portable media, and human interactions
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Channel

Channel

Definition(s)


Channel

Specific communication link established within a communication conduit (See “conduit”). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Border

Border

Definition(s)


Border

Edge or boundary of a physical or logical security zone.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Authenticate

Authenticate

Definition(s)


Authenticate

Verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an information system, or to establish the validity of a transmission.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Attack Tree

Attack Tree

Definition(s)


Attack Tree

Formal, methodical way of finding ways to attack the security of a system.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Association

Association

Definition(s)


Association

Cooperative relationship between system entities, usually for the purpose of transferring information between them [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
SIS

SIS

Definition(s)


SIS

Safety instrumented system. Source:  DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards Source: API STD 521, Pressure-relieving and Depressuring Systems, Sixth Edition, January 2014. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard

SIS

System composed of sensors, logic solvers, and final control elements for the purpose of taking the process to a safe state when predetermined conditions are met.
  • NOTE: Other terms commonly used for a SIS include emergency shutdown system (ESD, ESS), safety shutdown system (SSD), and safety interlock system (see E.3.3.1).
Source: API STD 521, Pressure-relieving and Depressuring Systems, Sixth Edition, January 2014. Global Standards
DST

DST

Definition(s)


DST

Drill stem test. Source: Norwegian Oil and Gas Association, Guideline No. 135, Recommended Guidelines for Classification and categorization of well control incidents and well integrity incidents, Rev. 4, 27 June 2017, National or Regional Standards

Source:API SPECIFICATION 19TT, Specification for Downhole Well Test Tools and Related Equipment, First Edition, October 2016. Global Standards

IT

IT

Definition(s)


IT

Information Technology. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
DDoS

DDoS

Definition(s)


DDoS

Distributed Denial-of-Service. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
DoS

DoS

Definition(s)


DoS

Denial-of-Service Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Worm

Worm

Definition(s)


Worm

A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Worm

Computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Virus

Virus

Definition(s)


Virus

A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Virus

Self-replicating or self-reproducing program that spreads by inserting copies of itself into other executable code or documents.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Incident

Security Incident

Definition(s)


Security Incident

A security event which may compromise an asset and require action. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards

Security Incident

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSG. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Security Incident

A security-related occurrence, threat, or action that has led to or could potentially lead to adversely affecting people, the environment, assets, and economic stability.

Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards  

Security Incident

Adverse event in a system or network or the threat of the occurrence of such an event [10].
  • NOTE: The term “near miss” is sometimes used to describe an event that could have been an incident under slightly different circumstances.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Plaintext

Plaintext

Definition(s)


Plaintext

Unencrypted information. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Plaintext

Unencoded data that is input to and transformed by an encryption process, or that is output by a decryption process [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Phishing

Phishing

Definition(s)


Phishing

Fraudulent process of attempting to acquire private or confidential information by masquerading as a trustworthy entity in an electronic communication.
  • NOTE Phishing can be accomplished by using social engineering or technical deception.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards

Phishing

A digital form of social engineering to deceive individuals into providing sensitive information. Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Phishing

Type of security attack that lures victims to reveal information, by presenting a forged email to lure the recipient to a web site that looks like it is associated with a legitimate source.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Malicious Code

Malicious Code

Definition(s)


Malicious Code

Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Extended Definition: Includes software, firmware, and scripts. Adapted from: CNSSI 4009. NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards

Malicious Code

Software that compromises the operation of a system by performing an unauthorized function or process. Adapted from: CNSSI 4009, NIST SP 800-83. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Malicious Code

Programs or code written for the purpose of gathering information about systems or users, destroying system data, providing a foothold for further intrusion into a system, falsifying system data and reports, or providing time-consuming irritation to system operations and maintenance personnel.
  • NOTE: Malicious code attacks can take the form of viruses, worms, Trojan Horses, or other automated exploits.
  • NOTE: Malicious code is also often referred to as “malware.”
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Firewall

Firewall

Definition(s)


Firewall

Inter-network connection device that restricts data communication traffic between two connected networks. Source:  DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards

Firewall

A capability to limit network traffic between networks and/or information systems. Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Firewall

Inter-network connection device that restricts data communication traffic between two connected networks [11].
  • NOTE: A firewall may be either an application installed on a general-purpose computer or a dedicated platform (appliance) that forwards or rejects/drops packets on a network. Typically firewalls are used to define zone borders. Firewalls generally have rules restricting which ports are open.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Denial of Service

Denial of Service

Definition(s)


Denial of Service

An attack that prevents or impairs the authorized use of information system resources or services. Adapted from: NCSD Glossary. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Denial of Service

Prevention or interruption of authorized access to a system resource or the delaying of system operations and functions [11].
  • NOTE: In the context of industrial automation and control systems, denial of service can refer to loss of process function, not just loss of data communications.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Cryptographic Algorithm

Cryptographic Algorithm

Definition(s)


Cryptographic Algorithm

Algorithm based upon the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard

Cryptographic Algorithm

A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output. From: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards