[2-3 sentence definition using transcript context and relationship to broader concepts when discussed]

[2-3 sentence definition using transcript context]

An encryption algorithm that applies the DES cipher three times to each data block, commonly offered by VSAT providers for secure data transmission.

Triple Data Encryption Standard tunneling protocol providing encrypted communication channels for securing data transmission over VSAT and cellular networks.

A standard analog sig nal range used in industrial instrumentation, where 4 milliamps represents the low end of the measurement range and 20 milliamps represents the high end. The use of 4 milliamps rather than 0 provides a "live zero" to distinguish between low readings and system failures.

Standard analog signal range used in industrial instrumentation, where 4mA represents minimum value and 20mA represents maximum value.

Wi-Fi standard operating on 5.6 GHz frequency band providing 54 Mbps data rates, representing early high-frequency Wi-Fi implementation.

Wi-Fi standard operating on 2.4 GHz frequency band with initially lower data rates than 802.11a, becoming widely adopted due to better range characteristics.

Wi-Fi standard providing backward compatibility with 802.11b while achieving 54 Mbps data rates on the 2.4 GHz band.

IEEE security standard introduced in June 2004 that formed the foundation for WPA2, implementing AES 256-bit encryption and RADIUS server integration.

Wi-Fi standard providing significantly higher data rates than previous generations through improved antenna and signal processing technologies.

An IEEE standard defining the physical layer and media access control for low-rate wireless personal area networks. This standard serves as the foundation for Zigbee, wireless HART, and ISA-100 protocols, making it crucial for industrial wireless communications.

The process of converting continuous analog signals into discrete digital values that controllers can process and store in memory.

Central wireless network device that allows Wi-Fi devices to connect to a wired network, contrasted with device-to-device connectivity.

A wireless networking device that allows Wi-Fi devices to connect to a wired network, acting as a bridge between wireless and wired infrastructure.

Established procedures for authenticating and authorizing access to OT systems, including credential management and sharing restrictions.

Acknowledgment frames sent by receiving devices to confirm successful receipt of data packets in Wi-Fi communications.

A powered network monitoring device that guarantees complete traffic capture without signal degradation, providing reliable monitoring capabilities for critical network segments.

Testing methods that actively probe systems and may potentially disrupt operations, inappropriate for live OT environments.

Powered network tap devices that guarantee complete traffic capture with no signal degradation or communication loss.

Testing methodologies that involve generating new network traffic, writing data to system storage, installing software on target systems, or otherwise changing the state of systems being tested. Active testing provides comprehensive security assessment but carries higher risk of operational disruption.

Security testing methods that involve sending test traffic, attempting to exploit vulnerabilities, or otherwise interacting with systems in ways that could potentially cause disruption. These techniques are standard in IT penetration testing but inappropriate for most ICS assessments.

A device that takes physical action in a process based on commands from a controller, such as opening a valve, starting a pump, or adjusting motor speed. Actuators are the mechanism by which control systems affect the physical world.

A sophisticated, long-term cyber attack campaign typically conducted by nation-state actors or advanced criminal groups, characterized by extended dwell time, advanced techniques, and specific strategic objectives.

A encryption algorithm commonly available in 128-bit and 256-bit implementations, used to secure wireless communications by encrypting data transmitted over spread spectrum systems.

Advanced Encryption Standard using symmetric key encryption, available in 128-bit and 256-bit key lengths for securing wireless communications.

Alberta Electric System Operator Critical Infrastructure Protection - a regional adaptation of NERC CIP standards for the Alberta electrical system.

A network security measure that involves physical isolation of systems from unsecured networks, including the Internet. True air-gapping is nearly impossible in practice due to maintenance and operational requirements.

A suite of tools for auditing wireless networks, capable of monitoring, attacking, testing, and cracking wireless network security.

Two-way communication systems that enable utilities to remotely read meter data and manage customer services, forming the foundation of smart grid operations.

An upgraded smart grid technology that enables bi-directional communication between utility companies and smart meters at customer locations, allowing remote meter reading, rate changes, and service disconnection/reconnection.

An earlier generation of smart metering technology that enabled one-way communication from customer meters to utility companies, typically collected by trucks with receivers driving through neighborhoods or via telephone/power line carriers.

A continuous variable measurement from a sensor that changes over time, such as temperature, pressure, flow rate, or level. These inputs provide precise numerical values rather than simple on/off states.

A variable control command from a controller to an actuator specifying a particular percentage, level, or position, such as commanding a valve to 75% open. This allows for fine-grained control of processes.

A cloud-based service model where SCADA and other industrial applications are hosted remotely and accessed through communication links rather than being installed on-site.

A network protocol that maps IP addresses to MAC addresses, creating tables that can be passively read to identify connected devices without generating disruptive traffic.

Network tool that passively reads Address Resolution Protocol tables to identify active devices without directly interrogating systems

A unique number assigned to autonomous systems on the internet, used to identify network ownership and routing information.

The organization responsible for running and maintaining an industrial facility on a day-to-day basis. The operator may be the same entity as the asset owner or may be a contracted company.

The organization that owns an industrial facility and bears ultimate responsibility for its operation, maintenance, and regulatory compliance. The owner may contract operations to another company.

Frame types used during Wi-Fi connection establishment to negotiate connection parameters between client devices and access points.

The most common approach to control system penetration testing where testers are provided with initial IT network access to simulate the post-compromise state following a successful phishing attack or similar initial intrusion.

A security discipline focused on ensuring that security controls are effective and that security standards or internal policies are properly implemented organization-wide. Assurance requires mature governance systems and established policies and standards.

A knowledge base of adversary tactics and techniques based on real-world observations, developed by MITRE Corporation to help organizations understand and defend against cyber threats.

The collection of systems, ports, applications, and services that an organization exposes to potential attackers, particularly those accessible from the internet or other external networks.

Any pathway or method that attackers can use to compromise systems, including software installations, network connections, and device interfaces.

A Windows feature that automatically executes programs or scripts when removable media is inserted, historically exploited by malware but now typically disabled for security reasons.

The process of rendering a physical system automatic, self-moving, and self-controlling to minimize or eliminate human intervention. Automation requires inputs (sensors), control logic (controllers), and outputs (actuators) working in a continuous loop.

In the context of security, ensuring systems and data are accessible when needed. In OT environments, availability is the top priority because process disruptions can have safety and operational consequences.

The need for OT systems to maintain extremely high uptime, often 99.99999% availability, which translates to only minutes of allowable downtime per year.

A method of bypassing normal authentication or security mechanisms to gain unauthorized access to a system, used by attackers to maintain persistent access to compromised systems.

A flat electronic circuit board containing slots for various functional modules in a PLC, similar to expansion slots in a computer but designed for industrial applications.

Specialized communication protocol designed for building automation systems, HVAC control, and utility management with support for multiple communication media and device profiles.

A category of USB-based attacks that exploit the trust model between USB devices and host systems, typically involving HID device impersonation to execute malicious commands.

The practice of using one person's access credentials to allow another person entry to secure areas, creating security vulnerabilities and accountability problems.

Highly automated airport systems that sort, store, and route luggage using conveyor belts, tracking systems, and integration with flight scheduling to ensure bags reach the correct aircraft.

An industrial control system that integrates and manages building functions including HVAC, lighting, fire suppression, security systems, and building access control. BAS typically uses protocols like BACnet or LonWorks.

Control systems that automate all aspects of large buildings including heating, cooling, emergency lighting, security, and fire suppression systems.

The speed of data transmission in serial communication, measured in bits per second, with common rates including 9600, 19200, and 38400 baud.

In wireless networking, periodic broadcast frames sent by access points to announce their presence and network parameters; attackers monitor beacons to identify target networks for cloning.

Periodic broadcast frames sent by access points containing network information including SSID, security settings, and connection parameters.

Two-way satellite communication allowing both sending and receiving data, contrast to receive-only broadcast systems.

Penetration testing approach where testers enter environments with no prior knowledge about target systems, most closely simulating real-world external attacks but carrying higher risks in control system environments.

The team responsible for defending the environment during red team exercises. The blue team typically doesn't know the specific timing, methods, or targets of the red team's attacks, creating a realistic testing environment.

Short-range wireless technology designed as replacement for RS-232 serial cables, available in Enhanced Data Rate and Low Energy variants.

Use of VSAT as secondary communication link when primary connections (MPLS, POTS) fail or become unavailable.

Information stolen from compromised systems and databases, often including usernames, passwords, and personal information that becomes available through various sources.

A device that connects two different types of networks, such as converting Zigbee communications to Wi-Fi or Ethernet.

The integration of new technology into existing industrial systems that are already deployed and operational in the field.

Integrated systems that control and monitor building services such as lighting, heating, ventilation, air conditioning, fire safety, and security systems.

A specially cut key that can open many locks of the same type through impact and turning techniques, commonly used in physical security assessments and by criminals.

The responsibility of penetration testing teams to document every step of their process through screenshots, logs, and detailed descriptions. This documentation provides defending teams with clear remediation roadmaps and prevents unsubstantiated security claims.

A communication system that allows multiple instruments to share a common communication trunk, reducing wiring requirements and enabling enhanced device capabilities.

The systematic examination of an organization's operations, revenue sources, competitive advantages, and strategic vulnerabilities to understand why it might be targeted by adversaries and which systems are most critical to protect.

An electronic component that stores electrical energy; in Kill USB devices, capacitors accumulate and amplify USB port power to destructive levels.

A device that uses cellular network infrastructure to provide wireless communication capabilities, increasingly being embedded directly into industrial equipment such as PLCs and RTUs.

Primary frequency used by direct sequence spread spectrum systems, such as channels 1, 6, or 11 in Wi-Fi networks.

Device or software component that applies spreading codes to input data before transmission, enabling spread spectrum communication by distributing signal energy across multiple frequencies.

The foundational information security model consisting of Confidentiality, Integrity, and Availability. In OT security, this triad is inverted, with availability and integrity prioritized over confidentiality.

A method for describing IP address ranges using a slash followed by a number (e.g., /24) to indicate the subnet mask.

Communication model where only designated client devices can initiate transactions, with servers responding to client requests but not initiating communication independently.

Critical infrastructure facilities subject to specific federal reporting requirements when security breaches occur, requiring notification to multiple agencies within strict timeframes.

Coaxial cable used in VSAT installations to carry RF signals between outdoor and indoor units with low signal loss.

High-fidelity transmission cables used in VSAT systems to connect outdoor and indoor units with minimal signal loss.

Infrastructure used by attackers to communicate with compromised systems, issue commands, and exfiltrate data; typically involves encrypted channels to evade detection.

Standardized rules and conventions that define how data is transmitted and received over networks, ensuring devices and systems can understand each other effectively.

Security measures that provide alternative protection when standard security controls cannot be implemented, such as physical security for shared credentials.

An action or failure to act that violates regulatory requirements, potentially resulting in fines, reputational damage, or other consequences.

The most basic type of digital twin that models a single component such as an engine, transmission, or sensor to understand its fundamental operation and test concepts.

In the context of the Purdue Model, a controlled communication pathway between security zones that manages and restricts information flow according to security policies.

The process of examining exported device settings and operational parameters to identify security misconfigurations, weak authentication, and inadequate access controls.

Multi-stage process by which Wi-Fi devices authenticate and establish communication with access points or other devices.

The operational technology (OT) network containing industrial control systems, PLCs, HMIs, and other devices that monitor and control physical processes.

The decision-making component of an automation system that receives inputs, processes them according to programmed logic, and sends commands to outputs. Examples include PLCs and DCS controllers.

The increasing integration of physical and digital worlds, which has created new capabilities for OT systems but also increased their vulnerability to cyber attacks.

Technology products that are ready-made and available for purchase, rather than custom-developed solutions.

The practice of using different usernames and passwords for IT and OT systems to prevent lateral movement between environments.

An attack method where stolen username/password combinations are tested against multiple systems to gain unauthorized access.

In NERC CIP terminology, any device with a routable interface that requires specific physical security protections including "six walls of protection" and access monitoring.

Systems and assets whose disruption would have significant impact on national security, economic security, public health, or safety. Examples include energy, water, transportation, and healthcare sectors.

The most critical assets in an OT environment, typically the control system devices at IEC 62443 levels 3, 2, 1, and 0 that directly control industrial processes.

A standardized method for ranking vulnerabilities typically using 1-through-10 scales, helping organizations prioritize remediation efforts to address the greatest amount of risk in the shortest amount of time.

Common Vulnerability Scoring System score ranging from 0 to 10 that indicates the severity of a vulnerability. Scores between 9-10 are considered critical.

Deliberate, malicious action taken by a threat actor to compromise, disrupt, or damage computer systems, networks, or data through various techniques and tools.

The ability of cyber attacks to make subtle changes that go unnoticed for weeks or months, rather than causing immediate obvious failures.

Successful penetration or compromise of security defenses resulting in unauthorized access to systems, data, or networks by threat actors.

Any occurrence in cyberspace that may have an impact on organizational operations, ranging from benign network activity to serious security incidents.

Cyber event with actual or potentially adverse effects on organizational systems, operations, or assets requiring response and investigation.

A model describing the stages of a cyber attack, from initial reconnaissance through objective achievement, used for threat analysis and defensive planning.

The process of converting digital values from controller memory into analog signals that can drive field devices such as valve actuators.

A specialized system that receives and stores process data from controllers for long-term trending, analysis, and regulatory compliance.

Microsoft technology that formed the foundation for original OPC implementations, creating significant firewall and security challenges due to random port usage.

A highly integrated, redundant control system designed for complex processes within a single geographical facility. DCS systems typically feature primary and backup controllers, redundant networking, and are common in refineries, chemical plants, and power generation.

Management frames used to forcibly disconnect devices from wireless networks, often exploited in security attacks.

A security strategy that uses multiple layers of security controls to protect systems, acknowledging that no single control is perfect.

Fictional oil company case study used to demonstrate realistic red team scenario development with multiple threat actor types including nation-state, activist, criminal, and insider threats.

An attack that disrupts or prevents legitimate access to services or systems, often by overwhelming resources or exploiting vulnerabilities.

Unique identifier (1-247 in Modbus) that specifies which field device should respond to a particular protocol message.

Direct wireless connection between two Wi-Fi devices without requiring an access point, commonly used for file transfers in early Wi-Fi implementations.

A binary input to a control system that has only two states: on or off, open or closed, true or false. Examples include limit switches, float switches, and contact closures.

A binary command from a controller that turns a device either on or off, such as starting a pump or opening a valve fully.

A virtual model of a physical process, component, or system that uses computational mathematics to replicate real-world operation. Digital twins enable testing, training, optimization, and anomaly detection without affecting actual operations.

A standardized metal mounting rail used throughout the industrial automation industry for mounting PLCs, power supplies, and other control equipment.

Underlying radio technology used by Wi-Fi to spread signals across wide frequency ranges, covered in Module 1.

A modulation technique that spreads data across multiple frequency channels simultaneously, providing resistance to interference and improved security. Used by Wi-Fi and ISA-100 systems, contrasting with frequency hopping spread spectrum approaches.

Example of publisher-subscriber VSAT model using bundled antennas in single dish for broadcast television content distribution.