Contact Us
OUR SERVICES

OT (Operational Technology) Security Glossary

Plain-language definitions of key operational technology and industrial control system security terms, written by e2e-assure’s security practitioners.

Air-Gapped Security

Architecture

A security measure in which a network or system is physically isolated from external networks, including the internet. In critical OT (Operational Technology) environments, air gaps protect the most sensitive assets. They require careful management of removable media, supply chain access, and maintenance procedures, as these remain viable attack vectors even without network connectivity. True air gaps are increasingly rare due to the need for data for predictive maintenance and IIoT (Industrial Internet of Things), leading to “leaky” air gaps, “Human-in-the-Middle” or “Sneakernet” risks.

Learn more

CUMULO SOC Platform

e2e-assure

e2e-assure’s proprietary security operations platform that centralises IT (Information Technology) and OT (Operational Technology) telemetry from across the client environment. CUMULO reduces alert fatigue, cuts log ingestion costs, and integrates with Microsoft Teams via the SOC (Security Operations Centre) Channel App, giving analysts and clients real-time visibility and direct analyst communication without additional portal logins.

Learn about CUMUL

DNP3 Protocol

Protocol

Distributed Network Protocol 3. A communication protocol used primarily in SCADA (Supervisory Control and Data Acquisition) systems and utility environments for communication between control centres and field devices. Designed before cyber security was a primary concern, it lacks native authentication in many deployments. Secure Authentication version 5 (SAv5) adds challenge-response authentication, but adoption across legacy environments remains inconsistent. People often conflate authentication with encryption. DNP3 SAv5 protects against unauthorised commands but usually leaves the data payload visible (unencrypted) unless wrapped in a TLS (Transport Layer Security) tunnel. While SAv5 adds challenge-response authentication, it still does not typically provide encryption.

Learn more

ICS Security

Operations

Industrial Control System Security. The practices, technologies, and frameworks applied to protect industrial control systems from cyber threats. ICS (Industrial Control System) security prioritises availability and safety over confidentiality, as downtime or interference with physical processes can have direct safety and operational consequences in environments such as manufacturing, energy, and critical national infrastructure.

Learn more

IEC 62443

Standard

An international series of standards addressing cyber security for industrial automation and control systems (IACS). It provides a structured framework for asset owners, system integrators, and component suppliers to assess and manage OT (Operational Technology) security risk. The standard defines security levels, zone and conduit models, and lifecycle requirements from design through to operation and decommission.

Learn more

IT/OT Convergence

Architecture

The integration of information technology (IT) systems with operational technology (OT) networks. As industrial systems gain internet connectivity and connect to corporate infrastructure, previously isolated OT environments inherit IT-side vulnerabilities. Convergence demands security architectures that account for the differing priorities of IT (confidentiality) and OT (availability and safety).

Learn more

Modbus Protocol

Protocol

A serial communication protocol developed in 1979 and still widely used across industrial environments to connect PLCs (Programmable Logic Controllers), sensors, and field devices. Modbus has no built-in authentication or encryption, meaning any device on the network can read or write values without verification. This makes it a frequent target in OT (Operational Technology) attacks and a key area of focus for passive monitoring and network segmentation. Most modern comms for Modbus are now over TCP (Transmission Control Protocol) (Port 502). While “Modbus Security” (using TLS) exists, its adoption is even lower than DNP3 SAv5.

Learn more

NIS2 Directive

Standard

The EU (European Union) Network and Information Security Directive 2. An expansion of the original NIS Directive that significantly broadens mandatory cyber security obligations to cover sectors including energy, transport, water, manufacturing, and digital infrastructure. NIS2 introduces stricter incident reporting timelines, supply chain security requirements, and increased penalties, with direct accountability placed on senior management.

Learn more

OPC-UA

Protocol

OPC Unified Architecture. A platform-independent machine-to-machine communication protocol designed for industrial automation. Unlike Modbus or DNP3, OPC-UA was built with security in mind, incorporating authentication, authorisation, and encryption natively. It is increasingly adopted in modern industrial environments as part of Industry 4.0 and IT (Information Technology)/OT (Operational Technology) convergence initiatives.

Learn more

OT SOC

Operations

Operational Technology Security Operations Centre. A dedicated monitoring and response capability for industrial and OT (Operational Technology) environments. Unlike a traditional IT (Information Technology) SOC (Security Operations Centre), an OT SOC must account for legacy protocols, safety system constraints, and the operational consequences of containment actions. Effective OT SOC coverage requires passive monitoring techniques, OT-specific threat intelligence, and analysts with industrial environment experience.

Learn more

OT Threat Intelligence

Operations

Contextualised intelligence on threats specifically targeting operational technology environments. This includes known tactics, techniques, and procedures (TTPs) of threat actors targeting industrial systems, vulnerability intelligence for OT (Operational Technology) devices and firmware, and sector-specific indicators of compromise. Effective OT threat intelligence accounts for the slower patching cycles and legacy device constraints common in industrial environments.

Learn more

Passive OT Monitoring

Operations

A monitoring approach that observes OT (Operational Technology) network traffic by listening to data in transit, without sending active queries or probes to devices. This avoids disrupting sensitive industrial processes, which can be destabilised by unexpected network traffic. Passive monitoring provides full asset visibility and anomaly detection while respecting the availability-first constraints of operational environments.

Learn more

Purdue Model

Architecture

A hierarchical reference model for industrial control system network architecture. It defines five levels: Level 0 (field devices), Level 1 (control), Level 2 (supervisory), Level 3 (operations), and Levels 4/5 (enterprise). The model provides a framework for network segmentation and access control between OT (Operational Technology) and IT (Information Technology) systems, though modern IT/OT convergence has required it to evolve beyond its original form. In an IT/OT SOC (Security Operations Centre) context, Level 3.5 is the most critical area. It is where the IT/OT convergence actually happens and where most security controls (firewalls, jump servers) are placed.

Learn more

SCADA Monitoring

Operations

Continuous observation of Supervisory Control and Data Acquisition systems to detect anomalies, unauthorised access, and cyber threats. SCADA systems manage critical physical processes in sectors including energy, water, and manufacturing. Effective SCADA monitoring must distinguish between operational anomalies and genuine threats while maintaining the system availability these environments depend on.

Learn more

Zone/Conduit Architecture

Architecture

A network security model defined in IEC (International Electrotechnical Commission) 62443 that organises industrial assets into security zones based on their criticality, function, and trust level. Conduits are the controlled pathways through which data flows between zones, each subject to defined security policies. This model limits lateral movement for attackers and contains the impact of a breach to a defined zone.

Learn more

ICS Security

Operations

Industrial Control System Security. The practices, technologies, and frameworks applied to protect industrial control systems from cyber threats. ICS (Industrial Control System) security prioritises availability and safety over confidentiality, as downtime or interference with physical processes can have direct safety and operational consequences in environments such as manufacturing, energy, and critical national infrastructure.

Learn more

OT SOC

Operations

Operational Technology Security Operations Centre. A dedicated monitoring and response capability for industrial and OT (Operational Technology) environments. Unlike a traditional IT (Information Technology) SOC (Security Operations Centre), an OT SOC must account for legacy protocols, safety system constraints, and the operational consequences of containment actions. Effective OT SOC coverage requires passive monitoring techniques, OT-specific threat intelligence, and analysts with industrial environment experience.

Learn more

OT Threat Intelligence

Operations

Contextualised intelligence on threats specifically targeting operational technology environments. This includes known tactics, techniques, and procedures (TTPs) of threat actors targeting industrial systems, vulnerability intelligence for OT (Operational Technology) devices and firmware, and sector-specific indicators of compromise. Effective OT threat intelligence accounts for the slower patching cycles and legacy device constraints common in industrial environments.

Learn more

Passive OT Monitoring

Operations

A monitoring approach that observes OT (Operational Technology) network traffic by listening to data in transit, without sending active queries or probes to devices. This avoids disrupting sensitive industrial processes, which can be destabilised by unexpected network traffic. Passive monitoring provides full asset visibility and anomaly detection while respecting the availability-first constraints of operational environments.

Learn more

SCADA Monitoring

Operations

Continuous observation of Supervisory Control and Data Acquisition systems to detect anomalies, unauthorised access, and cyber threats. SCADA systems manage critical physical processes in sectors including energy, water, and manufacturing. Effective SCADA monitoring must distinguish between operational anomalies and genuine threats while maintaining the system availability these environments depend on.

Learn more

IEC 62443

Standard

An international series of standards addressing cyber security for industrial automation and control systems (IACS). It provides a structured framework for asset owners, system integrators, and component suppliers to assess and manage OT (Operational Technology) security risk. The standard defines security levels, zone and conduit models, and lifecycle requirements from design through to operation and decommission.

Learn more

NIS2 Directive

Standard

The EU (European Union) Network and Information Security Directive 2. An expansion of the original NIS Directive that significantly broadens mandatory cyber security obligations to cover sectors including energy, transport, water, manufacturing, and digital infrastructure. NIS2 introduces stricter incident reporting timelines, supply chain security requirements, and increased penalties, with direct accountability placed on senior management.

Learn more

DNP3 Protocol

Protocol

Distributed Network Protocol 3. A communication protocol used primarily in SCADA (Supervisory Control and Data Acquisition) systems and utility environments for communication between control centres and field devices. Designed before cyber security was a primary concern, it lacks native authentication in many deployments. Secure Authentication version 5 (SAv5) adds challenge-response authentication, but adoption across legacy environments remains inconsistent. People often conflate authentication with encryption. DNP3 SAv5 protects against unauthorised commands but usually leaves the data payload visible (unencrypted) unless wrapped in a TLS (Transport Layer Security) tunnel. While SAv5 adds challenge-response authentication, it still does not typically provide encryption.

Learn more

Modbus Protocol

Protocol

A serial communication protocol developed in 1979 and still widely used across industrial environments to connect PLCs (Programmable Logic Controllers), sensors, and field devices. Modbus has no built-in authentication or encryption, meaning any device on the network can read or write values without verification. This makes it a frequent target in OT (Operational Technology) attacks and a key area of focus for passive monitoring and network segmentation. Most modern comms for Modbus are now over TCP (Transmission Control Protocol) (Port 502). While “Modbus Security” (using TLS) exists, its adoption is even lower than DNP3 SAv5.

Learn more

OPC-UA

Protocol

OPC Unified Architecture. A platform-independent machine-to-machine communication protocol designed for industrial automation. Unlike Modbus or DNP3, OPC-UA was built with security in mind, incorporating authentication, authorisation, and encryption natively. It is increasingly adopted in modern industrial environments as part of Industry 4.0 and IT (Information Technology)/OT (Operational Technology) convergence initiatives.

Learn more

Air-Gapped Security

Architecture

A security measure in which a network or system is physically isolated from external networks, including the internet. In critical OT (Operational Technology) environments, air gaps protect the most sensitive assets. They require careful management of removable media, supply chain access, and maintenance procedures, as these remain viable attack vectors even without network connectivity. True air gaps are increasingly rare due to the need for data for predictive maintenance and IIoT (Industrial Internet of Things), leading to “leaky” air gaps, “Human-in-the-Middle” or “Sneakernet” risks.

Learn more

IT/OT Convergence

Architecture

The integration of information technology (IT) systems with operational technology (OT) networks. As industrial systems gain internet connectivity and connect to corporate infrastructure, previously isolated OT environments inherit IT-side vulnerabilities. Convergence demands security architectures that account for the differing priorities of IT (confidentiality) and OT (availability and safety).

Learn more

Purdue Model

Architecture

A hierarchical reference model for industrial control system network architecture. It defines five levels: Level 0 (field devices), Level 1 (control), Level 2 (supervisory), Level 3 (operations), and Levels 4/5 (enterprise). The model provides a framework for network segmentation and access control between OT (Operational Technology) and IT (Information Technology) systems, though modern IT/OT convergence has required it to evolve beyond its original form. In an IT/OT SOC (Security Operations Centre) context, Level 3.5 is the most critical area. It is where the IT/OT convergence actually happens and where most security controls (firewalls, jump servers) are placed.

Learn more

Zone/Conduit Architecture

Architecture

A network security model defined in IEC (International Electrotechnical Commission) 62443 that organises industrial assets into security zones based on their criticality, function, and trust level. Conduits are the controlled pathways through which data flows between zones, each subject to defined security policies. This model limits lateral movement for attackers and contains the impact of a breach to a defined zone.

Learn more

CUMULO SOC Platform

e2e-assure

e2e-assure’s proprietary security operations platform that centralises IT (Information Technology) and OT (Operational Technology) telemetry from across the client environment. CUMULO reduces alert fatigue, cuts log ingestion costs, and integrates with Microsoft Teams via the SOC (Security Operations Centre) Channel App, giving analysts and clients real-time visibility and direct analyst communication without additional portal logins.

Learn about CUMUL