ACC: Achilles® Communications Certification. The certification process assesses the network robustness of industrial devices and certifies that they meet a comprehensive set of requirements. Wurldtech offers two levels of ACC:
- Level 1: An established industry benchmark for the deployment of robust industrial devices recognized by the major automation vendors and operators.
- Level 2: Expansions of Level 1 Certification by employing more tests and more monitor pass/fail requirements.
APC: Achilles Practices Certification. Evaluates security processes according to an established set of requirements, based on the International Users Associations’ (WIB) Security Requirements for manufacturers of control systems. There are three levels of certification – bronze, silver and gold. For more information, visit our website.
ATP: Achilles Test Platform. A certification tool used to run automated network tests. Includes denial-of-service and network fuzzing tests. Used more by Quality Assurance.
ATS: Achilles Test Software. Software tool for robustness testing and is also for development teams to discover security vulnerabilities. This tool is available to developers so that security capabilities may be tested earlier in the product development lifecycle.
Air gap: Physical isolation of a network or host, relatively to another network or host. Often used to protect industrial systems from corporate networks or Internet. Traditionally considered the most effective intrusion prevention measure, it is not considered as such today, given the advent of removable media that can bridge two air-gapped systems.
ANSI: American National Standards Institute. Application Whitelisting: A version of whitelisting for applications. This technology blocks the execution of all applications in a host, except the ones explicitly allowed.
Broadcast Domain: The set of hosts that receive broadcasts frames when any of the members send Ethernet broadcasts. Typically, this means the hosts are in the same Local Area Network (LAN).
Critical Cyber Asset: A digitally connected asset responsible for performing a critical function or one that directly impacts an asset that performs a critical function.
Critical Infrastructure: Any infrastructure that could have a major impact on a nation or society if disrupted.
Cyberphysical: The merging of electronics or sensors and physical devices that are controlled by software.
Cybersecurity: The digital security of computers, computer networks and their data flow.
Default Gateway: Device where packets are forwarded to when the sending host/switch/router does not have a specific route configure for that packet. Typically, in LANs, it consists of a router or firewall.
Disaster Recovery Plan: The documented set of procedures to follow in the event of an emergency or disaster.
Distributed Control System: A type of Industrial Control System that deploys and controls systems or processes in a distributed manner, such that those systems or processes are individually controlled.
Demilitarized Zone (DMZ): A network with a security level in between the security levels of other two or more networks. It is typically used to allow communications between networks with different security levels, without establishing direct connections between them. A direct connection is replaced by two connections: one from the low security network to (from) the DMZ, and other from (to) the DMZ to the high security network. An example of a low security network is corporate network, and an example of high security network is plant network.
Electronic Security Perimeter (ESP): The boundary between secure and non-secure enclaves. The security devices policing entry to a secure enclave from a network typically consists of a firewall device and/or an Intrusion Protection System (IPS).
Firewall (FW): A gateway in an inter-network that restricts data communication traffic to and/ or from a connected network.
Hub: A hardware device that can connect to multiple systems within an LAN and copies frames it receives on a port and then distributes them to all other ports.
Industrial Control System (ICS): Not to be confused with SCADA. Refers to the systems, devices, networks and controls used to operate and/or automate an industrial process.
Industrial Internet: A term created to describe to the combination of physical machinery and networks systems and software. The industrial Internet
Intrusion Detection Systems (IDS): A passive device monitoring packets of data traveling the network from a monitoring point, comparing the traffic to configured rules and producing reports of its findings.
Intrusion Prevention Systems (IPS): Has the same features as IDS, but also records and attempts to block any malicious activity
IP Network: A network within a specific network ID and subnet mask.
IEC 62443: A set of security standards and reports detailing procedures for applying electronically secure Industrial Automation and Control Systems.
IEC 62443-2-4: A section of IEC-62443 that was approved in June 2015. It is specific to outlining the baseline for Operational Technology (OT) and OT environment security.
Learning Mode: A feature found in some IDS, IPS and FW, in which the device “learns” what is the baseline or “normal” traffic in a network. This is useful to identify anomalies by comparing the traffic pattern observed at a certain point in time with the baseline.
Link-Local Multicast Name Resolution (LLMNR): A protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link.
Modbus: Serial communications protocol established by Modicon to be used with programmable logic controllers.
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP): NERC Reliability Standards define the reliability requirements for planning and operating the North American bulk power system and are developed using a results-based approach that focuses on performance, risk management and entity capabilities. (www.nerc.com)
Operations Security (OPSEC): The process of preventing potential adversaries from the disclosure of critical information.
OSI Model: Open Systems Interconnection Model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard of their underlying internal structure and technology. Its goal is the interoperability of diverse communication systems with standard protocols. The model partitions a communication system into abstraction layers. The defined model system has seven layers.
Patch Management: Set of policies, processes, procedures, standards and guidelines that mitigate known vulnerabilities in a system. It typically consists of a continuous cycle that includes approval of the patch by the main industrial vendor, internal testing, prioritization of the patch, backup before and after patching, and involvement of the Management of Change procedures.
Phishing: The act of sending an email or web pop-up that falsely claims to be an established or legitimate enterprise in an attempt to scam the user into surrendering private information such as credit card numbers and passwords, which will be used for identity theft.
Red Team: A team or unit within an organization that specifically searches for anomalies and shortcomings on a specific system or asset.
Router: A device that connects multiple networks, which selectively exchange packets of data between the networks it is connecting. It routes and sends packets that contain a source and destination IP address.
Supervisory Control & Data Acquisition (SCADA): A type of software application program used for process control and to gather real time data from remote locations for exercising this control on equipment and conditions. Consists of hardware and software components. (www.scadaworld.net)
Secure Sockets Layer (SSL): A standard security technology used to establish an encrypted link between a web server and browser. This link ensures that all data passed between the web server and browsers remain private and integral. A web server requires an SSL Certificate to create an SSL connection.
Security Certification: An assessment and accreditation of management and functional security controls in a government service to determine the extent to which the controls are implemented correctly. This means the controls operate as intended and produce desired outcomes while meeting the security risk requirements for the services.
Segmentation: A security measure for major digital systems. Involves identifying perimeters of an industrial system and which parts of that system communicate with another. Any part of the system (devices, business, operations systems, etc.) that communicate with another are zoned together so that only necessary data is exchanged between those devices.
Signatures: A mathematical way (code) for identifying data flows and demonstrating if data is authentic.
Smart Grid: A system that includes a variety of operational and energy measures including smart meters, smart appliances, renewable energy resources, and energy efficiency resources. Electronic power conditioning and control of the production and distribution of electricity are important aspects of the smart grid.
Social Engineering: A collection of techniques used to manipulate people into revealing sensitive or other critical information. Most common type of social engineering is done by phone. It can occur through online forums, professional conferences and non-work social events.
Switch: Hardware device that connects multiple systems within a LAN. It switches frames that contain a source and destination MAC address.
Two-factor Authentication: An authentication technique that requires two different factors to verify the identity of the connecting user. Three most typical types of authentication:
- An item the user physically has (ex. ID card or a security token)
- Something the user knows (such as a password)
- Something the user is or does (fingerprint)
WIB: The Werkgroup Instrument Beoorderling (English Translation: International Instrument Users Association). A Netherlands based group of 75+ global members. A WIB subgroup led by Shell’s cyber security team initiated cyber security standardization. IEC 62443-2-4 is based on PROCESS CONTROL DOMAIN-SECURITY REQUIREMENTS FOR VENDORS, published by WIB in October 2010.
Commonly Used Acronyms
ACL: Access Control List
AM: Application Module
ANSI: American National Standards Institute
APC: Advanced Process Control
ALARP: As Low As Reasonably Practical
AMADAS: Analyzer Management and Data Acquisition System
BCP: Business Continuity Plan
CIS: Critical Infrastructure Security
CVA: Cyber Vulnerability Assessment
CVE: Common Vulnerability & Exposure
DNP3: Distributed Network Protocol
DPI: Deep Packet Inspection
EDI: Electronic Data Interchange
EDSA: Embedded Device Security Assessment
E&MN: Engineering & Management Network
FAT: Factory Acceptance Testing
FCS: Field Control Station
HIS: Human Interface Station
HMI: Human Machine Interface
IACS: Industrial Automation and Control Systems
ICS-CERT: Industrial Control Systems Cyber Emergency Response Team
IPF: Instrumented Protective Function
LAN: Local Area Network
MMS: Manufacturing Message Specification
NAT: Network Address Translation
NCR: Network Control Room
NIM: Network Interface Module
NIST: National Institute of Standards and Technology
OPC: Open Platform Communications
PACO: Process Automation, Controls and Optimization
PAN: Process Area Network
PCAD: Process Control Access Domain
PAS: Process Automation System
PHD: Process Historian Database
PI: Process Information
PLC: Programmable Logic Computer
PIMS: Plant Information Management Systems
PRM: Plant Resource Management
RTG: Remote Tank Gauging
RTU: Remote Terminal Unit
SAT: Systems Acceptance Testing
SIS: Safety instrumented Systems
SIOS: System Integration OPC Station
ToR: Transfer of Responsibility
VLAN: Virtual Local Area Network