Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
Industrial Automation and Control Systems
Definition(s)
Industrial Automation and Control Systems
Collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process.- NOTE: These systems include, but are not limited to:
- industrial control systems, including distributed control systems (DCSs), programmable logic controllers (PLCs), remote terminal units (RTUs), intelligent electronic devices, supervisory control and data acquisition (SCADA), networked electronic sensing and control, and monitoring and diagnostic systems. (In this context, process control systems include basic process control system and safety-instrumented system [SIS] functions, whether they are physically separate or integrated.)
- associated information systems such as advanced or multivariable control, online optimizers, dedicated equipment monitors, graphical interfaces, process historians, manufacturing execution systems, and plant information management systems.
- associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.
Host
Definition(s)
Host
Computer that is attached to a communication subnetwork or inter-network and can use services provided by the network to exchange data with other attached systems [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardGuard
Definition(s)
Guard
Gateway that is interposed between two networks (or computers or other information systems) operating at different security levels (one network is usually more secure than the other) and is trusted to mediate all information transfers between the two networks, either to ensure that no sensitive information from the more secure network is disclosed to the less secure network, or to protect the integrity of data on the more secure network [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardGeographic Site
Definition(s)
Geographic Site
Subset of an enterprise’s physical, geographic, or logical group of assets.- NOTE: A geographic site may contain areas, manufacturing lines, process cells, process units, control centers, and vehicles and may be connected to other sites by a wide area network.
Gateway
Definition(s)
Gateway
Relay mechanism that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables host computers on one network to communicate with hosts on the other [11].- NOTE: Also described as an intermediate system that is the translation interface between two computer networks.
Field I/O Network
Definition(s)
Field I/O Network
Communications link (wired or wireless) that connects sensors and actuators to the control equipment.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardEquipment Under Control
Definition(s)
Equipment Under Control
Equipment, machinery, apparatus or plant used for manufacturing, process, transportation, medical or other activities [14]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardEnterprise System
Definition(s)
Enterprise System
Collection of information technology elements (i.e., hardware, software and services) installed with the intent to facilitate an organization’s business process or processes (administrative or project). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardElectronic Security
Definition(s)
Electronic Security
Actions required to preclude unauthorized use of, denial of service to, modifications to, disclosure of, loss of revenue from, or destruction of critical systems or informational assets.- NOTE: The objective is to reduce the risk of causing personal injury or endangering public health, losing public or consumer confidence, disclosing sensitive assets, failing to protect business assets or failing to comply with regulations. These concepts are applied to any system in the production process and include both stand-alone and networked components.
Communications between systems may be either through internal messaging or by any human or machine interfaces that authenticate, operate, control, or exchange data with any of these control systems. Electronic security includes the concepts of identification, authentication, accountability, authorization, availability, and privacy.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardEavesdropping
Definition(s)
Eavesdropping
Monitoring or recording of communicated information by unauthorized parties.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardDomain
Definition(s)
Domain
Environment or context that is defined by a security policy, security model, or security architecture to include a set of system resources and the set of system entities that have the right to access the resources [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardDistributed Control System
Definition(s)
Distributed Control System
Type of control system in which the system elements are dispersed but operated in a coupled manner.- NOTE: Distributed control systems may have shorter coupling time constants than those typically found in SCADA systems.
- NOTE: Distributed control systems are commonly associated with continuous processes such as electric power generation; oil and gas refining; chemical, pharmaceutical and paper manufacture, as well as discrete processes such as automobile and other goods manufacture, packaging, and warehousing.
Demilitarized Zone
Definition(s)
Demilitarized Zone
Perimeter network segment that is logically between internal and external networks [9].- NOTE: The purpose of a demilitarized zone is to enforce the internal network’s policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal network from outside attacks.
- NOTE: In the context of industrial automation and control systems, the term “internal network” is typically applied to the network or segment that is the primary focus of protection. For example, a control network could be considered “internal” when connected to an “external” business network.
Defense in Depth
Definition(s)
Defense in Depth
The strategy of placing layers of increased protection between access points and critical assets, Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsDefense in Depth
Provision of multiple security protections, especially in layers, with the intent to delay if not prevent an attack.- NOTE: Defense in depth implies layers of security and detection, even on single systems, and provides the following features:
- attackers are faced with breaking through or bypassing each layer without being detected
- a flaw in one layer can be mitigated by capabilities in other layers
- system security becomes a set of layers within the overall network security.
Decryption
Definition(s)
Decryption
Process of changing cipher text into plaintext using a cryptographic algorithm and key (See “encryption”) [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardData Confidentiality
Definition(s)
Data Confidentiality
Property that information is not made available or disclosed to any unauthorized system entity, including unauthorized individuals, entities, or processes [7]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardCryptographic Key
Definition(s)
Cryptographic Key
Input parameter that varies the transformation performed by a cryptographic algorithm [11].- NOTE: Usually shortened to just "key."
Control Network
Definition(s)
Control Network
Time-critical network that is typically connected to equipment that controls physical processes (See “safety network”).- NOTE: The control network can be subdivided into zones, and there can be multiple separate control networks within one company or site.
Control Center
Definition(s)
Control Center
Central location used to operate a set of assets.- NOTE: Infrastructure industries typically use one or more control centers to supervise or coordinate their operations. If there are multiple control centers (for example, a backup center at a separate site), they are typically connected together via a wide area network. The control center contains the SCADA host computers and associated operator display devices plus ancillary information systems such as a historian.
- NOTE: In some industries the term “control room” may be more commonly used.
Compromise
Definition(s)
Compromise
Unauthorized disclosure, modification, substitution, or use of information (including plaintext cryptographic keys and other critical security parameters) [13]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardCommunication System
Definition(s)
Communication System
Arrangement of hardware, software, and propagation media to allow the transfer of messages (ISO/IEC 7498 application layer service data units) from one application to another.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardCommunication Security
Definition(s)
Communication Security
- measures that implement and assure security services in a communication system, particularly those that provide data confidentiality and data integrity and that authenticate communicating entities.
- state that is reached by applying security services, in particular, state of data confidentiality, integrity, and successfully authenticated communications entities [11].
- NOTE: This phrase is usually understood to include cryptographic algorithms and key management methods and processes, devices that implement them, and the life-cycle management of keying material and devices. However, cryptographic algorithms and key management methods and processes may not be applicable to some control system applications.
Communication Path
Definition(s)
Communication Path
Logical connection between a source and one or more destinations, which could be devices, physical processes, data items, commands, or programmatic interfaces.
- NOTE: The communication path is not limited to wired or wireless networks, but includes other means of communication such as memory, procedure calls, state of physical plant, portable media, and human interactions
Channel
Definition(s)
Channel
Specific communication link established within a communication conduit (See “conduit”). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardBorder
Definition(s)
Border
Edge or boundary of a physical or logical security zone.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardAutomated Vehicle
Definition(s)
Automated Vehicle
Mobile device that includes a control system allowing it to operate either autonomously or under remote control.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardAuthenticate
Definition(s)
Authenticate
Verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an information system, or to establish the validity of a transmission.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardAttack Tree
Definition(s)
Attack Tree
Formal, methodical way of finding ways to attack the security of a system.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard