Glossary
The glossary is based on the excellent work found in Quantitatively Assessing and Visualising Industrial System Attack Surfaces by Eireann Leverett. This directly reflect the structure of our categorization system.
Systems
HMI
Human Machine Interface sometimes called the (Man Machine Interface) MMI or (Human Computer Interface) HCI. These are nodes at which control engineers monitor their plants, factories, pipelines, and field devices. Often found in control rooms, but sometimes dispersed across the plant oor. These are often running a well known operating system and any internet reachability is of particular concern as these nodes are in control of field or plant devices. Anecdotally, changing a display on an HMI can cause an operator to perform a detrimental safety critical action under false pretences, in a similar manner to Phishing attacks on banking customers today.
SCADA Server
Supervisory Control and Data Acquisition Server. This system typically interacts with multiple HMIs and control engineers. They are often replicated for redundancy and availability reasons.
Historian
These computers store values for various processes or states of interest to the industrial system. Sometimes they are regulatory records, and provide data reporting functionality designed to translate raw engineering values into CEO level reports. They are often the point of connection between the corporate network and the control network.
Telemetry
This is the sensor data, process data, and other engineering values of interest to control engineers. It may also refer to the server used to collect such data and there is some crossover in these systems with an Historian.
EMS
Energy Management System. Essentially a SCADA server tailored for the energy industry. In some cases this will refer to a large electrical network, and in other products this refers to the energy used within a building. From a technical point of view they are similar, but the criticality of the former is likely to be national and the criticality of the latter much reduced to that of a few businesses.
DMS
Distribution Management System. A SCADA server tailored for the energy distribution companies.
Home Area/Automation Network
This is a small energy management system for the home, but also refers to the appliances in the home which will communicate with it to determine the best time of day to function while saving energy or money. The smart meter may be part of this system directly or indirectly.
Building Management System
This is a system designed to control doors, elevators, access control, CCTV cameras and display their footage. They often contain some energy management elements and sometimes HVAC as well. Compromising one of these can lead to physical site compromise or CCTV footage of personnel and their daily tasks.
HVAC
Heating Venting Air Conditioning. These systems tend to be regarded as 'lightweight' by control systems security personnel. They are mini control systems, but focus on an individual building or site. They can be equally critical though as they may be found in a hospital or data centre, both of which have some stringent restrictions on temperature for various reasons. Thus, considering them of lesser criticality is a false comfort.
ICS
A system that performs the functions of target acquisition, tracking, data computation, and engagement control, primarily using electronic means and assisted by electromechanical devices.
Devices
RTU
Remote Terminal Unit or sometimes Remote Telemetry Unit. This is a microprocessor used to transmit telemetry back from the field and to control devices in the field. They are often widely geographically dispersed, and use diverse wireless communications accordingly. They can run simple safety logic programs for redundancy and to reduce control delays.
PLC
Programmable Logic Controller. These are similar to RTUs, but are more often deployed without their own power supply and using wired communications. They are more often found on a plant oor or factory, where controllers are close to the centre of control.
PAC
Programmable Automation Controller. These provide very similar functions to PLCs, but are programmed differently, and use an open, modular, architecture. They typically differ in how they do things from PLCs, but still serve the same purpose of acquiring data and performing process control.
IED
Intelligent Electronic Device. Once again this performs similar functions to a PLC, but is primarily deployed in the electrical sector, for example in substations. Since these devices sometimes have to function in the presence of high voltages, they can be constructed with substantial protections for hostile environments. However, from an outsider's perspective they still gather data, provide protective logic, and execute simple controls as does a PLC or RTU.
Meter
A meter is a device capable of providing telemetry readings, and is functionally the same as your electrical meter. However, in process control they serve a different purpose such as monitoring the energy going through each substation, or water purified per day to measure business enfficency. Some meters are process critical, in that they monitor the levels of a chemical into a water supply, or amount of water into a reactor cooling tower. Others are much smaller and cheaper, and only serve to show the electricity you consume in a home.
Protocol Bridge
These are points where one protocol is translated to another. Mainly in our study they are points where TCP/IP traffic is converted to some (often proprietary) control protocol such as Modbus, LonWorks, BACNet, etc. These other protocols are often industry specific and there are too many serving different purposes to list them all here. We are interested in these bridges because they are specifically places where an automation or control network connects to an IP network. Thus it is a great place to look for the internet connectivity of an industrial system.
Embedded Web Server
These are micro webservers designed for embedded systems. They are commonly found in industrial system devices, but also in many other embedded system devices. Disambiguating those designed for industrial systems from others is sometimes necessary.