Glossary
OT security, in plain language.
The terms you'll meet across OT and ICS network detection — defined simply.
- OT (Operational Technology)
- The hardware and software that monitors and controls physical processes — the systems running plants, grids, pipelines, and factories.
- ICS (Industrial Control System)
- The control systems within OT — including SCADA, DCS, PLCs, and RTUs — that automate industrial processes.
- SCADA
- Supervisory Control and Data Acquisition: systems that centrally monitor and control distributed industrial assets.
- PLC (Programmable Logic Controller)
- A ruggedised industrial computer that executes the control logic for machines and processes.
- RTU (Remote Terminal Unit)
- A field device that collects data and relays commands, common in utilities and pipelines.
- HMI (Human-Machine Interface)
- The operator-facing screen used to monitor and control a process.
- Purdue Model
- A reference architecture that organises OT/IT into hierarchical levels (zones), used to reason about segmentation.
- NDR (Network Detection & Response)
- Detecting threats by analysing network-traffic behaviour rather than relying on endpoint agents or signatures alone.
- Anomaly detection
- Identifying activity that deviates from learned-normal behaviour — effective against novel, signature-less attacks.
- Signature-based detection
- Matching traffic against a library of known-bad patterns; blind to anything not seen before.
- Passive monitoring
- Observing a copy of network traffic (via SPAN/TAP) without injecting packets — no risk to the process.
- SPAN / TAP
- A switch port mirror (SPAN) or a hardware Test Access Point (TAP) that provides a copy of network traffic to a sensor.
- MITRE ATT&CK for ICS
- A knowledge base of adversary tactics and techniques specific to industrial control systems.
- IEC 62443
- The leading international standard for OT/ICS security, built around zones, conduits, and security levels.
- Self-baselining
- Learning a network's normal behaviour automatically, without rules or labelled training data.
- Composition drift
- A change in the overall make-up of network traffic — new devices, new flows, or shifted patterns.