OTサイバーセキュリティ用語集

Advanced Persistent Threat(APT)

Sophisticated cyberattacks that maintain a hidden presence within a network for an extended period. APTs are typically state-sponsored or conducted by well-funded criminal organizations targeting industrial and critical infrastructure systems.

関連項目：Lateral Movement, Ransomware, Zero-Day Vulnerability, ICS Cyber Kill Chain, Threat Intelligence

Air Gap

A network security measure that physically isolates a computer or network from unsecured networks, including the internet. While historically common in OT environments, true air gaps are increasingly rare as organizations adopt IT-OT convergence, remote monitoring, and cloud-based services.

関連項目：Network Segmentation, Removable Media Security, Secure Remote Access (SRA), Legacy System, Demilitarized Zone (DMZ)

Anomaly Detection

A security technique that establishes baselines of normal network traffic, device behavior, or process operations and then identifies deviations that may indicate cyber threats, equipment malfunctions, or unauthorized changes. In OT environments, anomaly detection must account for the predictable, repetitive nature of industrial communications while distinguishing between legitimate operational changes and potential security incidents.

関連項目：Intrusion Detection System (IDS), Security Information and Event Management (SIEM), Network Monitoring, Threat Hunting, Threat Intelligence

Application Whitelisting

A security technique that allows only pre-approved applications and processes to run on a system while blocking all others. In OT environments, application whitelisting (also called trust listing) prevents unauthorized software execution on endpoints such as HMIs and engineering stations without requiring constant signature updates.

関連項目：Endpoint Protection Platform (EPP), Legacy System, Protocol Whitelisting, Change Management

Asset Inventory

A comprehensive and continuously maintained catalog of all hardware, software, firmware, and communication pathways within an OT environment. An accurate asset inventory is the foundation of effective cybersecurity because it enables organizations to identify what needs protection, detect unauthorized devices, track software versions and patch status, and prioritize security efforts based on asset criticality to operations.

関連項目：Asset Visibility, Attack Surface, Shadow OT, Network Monitoring, Operational Technology Network (OT Network)

Asset Visibility

The ability to discover, identify, and continuously monitor all devices, software, and communication patterns within an OT environment. Asset visibility forms the foundation of any OT security program because organizations cannot protect assets they do not know exist.

関連項目：Asset Inventory, Attack Surface, Network Monitoring, Shadow OT, Operational Technology Network (OT Network)

Attack Surface

The total number of points where an unauthorized user can attempt to enter or extract data from an environment. In OT settings, the attack surface spans networks, endpoints, removable media, remote access connections, and industrial protocols, each requiring purpose-built security controls.

関連項目：Vulnerability Management, Risk Assessment, Industrial Internet of Things (IIoT), Shadow OT, Asset Visibility

Change Management

A structured process for requesting, reviewing, approving, and implementing changes to industrial control systems, network configurations, and software. Effective change management in OT environments prevents unauthorized modifications that could introduce vulnerabilities or disrupt production, maintains configuration baselines for security monitoring, and ensures all changes are tested and documented before deployment in the operational environment.

関連項目：Patch Management, Application Whitelisting, Legacy System, Operational Resilience, Security Audit

Common Industrial Protocol(CIP)

A comprehensive suite of messages and services for manufacturing automation applications. CIP enables the control, configuration, and collection of data from industrial devices.

Critical Infrastructure

Physical and virtual systems and assets so vital to a nation that their incapacitation or destruction would have a debilitating impact on national security, economic stability, public health, or safety. Sectors include energy, water, transportation, manufacturing, and communications.

関連項目：Operational Technology (OT), Industrial Control Systems (ICS), NERC CIP, NIS2 Directive, Operational Resilience

Cyber Hygiene

The fundamental security practices and routines that maintain the health and security of systems and data. In OT environments, cyber hygiene includes maintaining accurate asset inventories, applying patches when operationally feasible, using strong authentication, disabling unnecessary services and ports, controlling removable media usage, and regularly reviewing access permissions. Good cyber hygiene significantly reduces the attack surface even in environments where advanced security tools cannot be deployed.

関連項目：Phishing, Removable Media Security, Patch Management, Change Management, Security Audit

Cyber-Physical Attack

A cyberattack specifically designed to manipulate physical processes or cause physical damage through the exploitation of digital control systems. Unlike traditional cyberattacks focused on data theft or system disruption, cyber-physical attacks target the interface between digital controls and physical operations, potentially causing equipment damage, environmental hazards, production sabotage, or threats to human safety. Notable examples include Stuxnet, which damaged uranium enrichment centrifuges, and TRITON, which targeted safety instrumented systems.

関連項目：Cyber-Physical Systems (CPS), ICS Cyber Kill Chain, Safety Instrumented System (SIS), Industrial Control Systems (ICS), Ransomware

Cyber-Physical System Detection and Response(CPSDR)

An integrated security approach that combines asset discovery, risk assessment, and threat protection specifically designed for environments where cyber and physical systems converge. CPSDR extends beyond traditional IT security by understanding the operational context of industrial devices and processes, enabling organizations to discover assets across their OT environment, assess vulnerabilities in operational context, and protect systems without disrupting production.

関連項目：Cyber-Physical Systems (CPS), Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Operational Technology (OT), Asset Visibility

Cyber-Physical Systems(CPS)

Digital systems that integrate computing, communication, and physical processes. CPS are the foundation of modern industrial automation, where software controls physical equipment in manufacturing, energy, and critical infrastructure.

関連項目：Operational Technology (OT), Industrial Control Systems (ICS), Industrial Internet of Things (IIoT), Cyber-Physical System Detection and Response (CPSDR), Cyber-Physical Attack

DNP3(DNP3)

Distributed Network Protocol version 3, a set of communication protocols used between components in process automation systems, primarily in the electric utility and water treatment industries. DNP3 facilitates communication between SCADA masters, RTUs, and intelligent electronic devices across wide-area networks.

関連項目：Modbus, OPC UA, Supervisory Control and Data Acquisition (SCADA), Remote Terminal Unit (RTU), Common Industrial Protocol (CIP)

Deep Packet Inspection(DPI)

A network analysis method that examines the full content of data packets as they pass through a checkpoint, rather than inspecting only the packet header. In OT security, protocol-aware DPI understands industrial communication commands, enabling threat detection and prevention at the application layer.

関連項目：Intrusion Prevention System (IPS), Intrusion Detection System (IDS), Protocol Whitelisting, Network Monitoring, Firewall

Defense-in-Depth(DiD)

A layered security strategy that combines people, technology, and operations to provide multiple defensive barriers. If one layer fails, others continue to protect the system, making it especially critical for OT environments.

関連項目：Network Segmentation, Firewall, Intrusion Prevention System (IPS), IEC 62443

Demilitarized Zone(DMZ)

A network segment positioned between internal and external networks that provides an additional layer of security. In OT environments, DMZs separate IT networks from industrial control systems.

関連項目：Network Segmentation, Firewall, Purdue Model, Industrial Demilitarized Zone (IDMZ), Network Access Control (NAC)

Distributed Control System(DCS)

An automated control system distributed throughout a plant or process to control complex, continuous operations such as chemical processing, oil refining, and power generation. DCS architectures distribute control functions across multiple controllers connected by communication networks.

関連項目：Supervisory Control and Data Acquisition (SCADA), Industrial Control Systems (ICS), Programmable Logic Controller (PLC), Human-Machine Interface (HMI), Purdue Model

Endpoint Detection and Response(EDR)

A continuous device monitoring tool that uses behavior-centric analysis to detect and respond to threats on endpoints. In OT environments, EDR must be adapted to work with legacy systems and minimize operational impact.

関連項目：Endpoint Protection Platform (EPP), Indicators of Compromise (IoC), Malware, Incident Response (IR), Threat Hunting

Endpoint Protection Platform(EPP)

A security solution deployed on endpoint devices to prevent threats through capabilities such as application control, anti-malware, and device management. OT-specific EPP solutions are designed for minimal resource consumption and compatibility with legacy operating systems common in industrial environments.

関連項目：Endpoint Detection and Response (EDR), Application Whitelisting, Malware, Legacy System, Virtual Patching

EtherNet/IP

An industrial network protocol that adapts the Common Industrial Protocol for Ethernet-based communication. Widely used in discrete manufacturing, EtherNet/IP supports both real-time I/O messaging and explicit messaging for configuration and diagnostics across automation devices from multiple vendors.

関連項目：Modbus, PROFINET, Common Industrial Protocol (CIP), OPC UA, Industrial Control Systems (ICS)

Firewall

A network security device that monitors and controls incoming and outgoing traffic based on predefined security rules. In OT environments, firewalls must support industrial protocol inspection to distinguish between legitimate control commands and malicious traffic. Next-generation firewalls designed for industrial use understand protocols such as Modbus, EtherNet/IP, and OPC UA, enabling granular policy enforcement without disrupting operational communications.

関連項目：Intrusion Prevention System (IPS), Network Segmentation, Demilitarized Zone (DMZ), Network Access Control (NAC), Defense-in-Depth (DiD)

Firmware

Specialized software embedded in the read-only memory of hardware devices that provides low-level control for the device's specific functionality. In OT environments, firmware runs on PLCs, RTUs, network switches, sensors, and other industrial devices. Firmware vulnerabilities are particularly concerning because updates often require physical access, production downtime, and careful validation to ensure compatibility with existing control logic and process configurations.

関連項目：Supply Chain Attack, Secure Boot, Legacy System, Vulnerability Management, Patch Management

Hardware Bypass

A failsafe mechanism in inline network security appliances that automatically allows traffic to pass through uninterrupted if the security device experiences a failure, power loss, or maintenance event. Hardware bypass ensures that network security devices never become a single point of failure in critical industrial operations.

関連項目：Intrusion Prevention System (IPS), Operational Resilience, Firewall, Defense-in-Depth (DiD), Network Segmentation

Human-Machine Interface(HMI)

A user interface or dashboard that connects operators to industrial control systems, allowing them to monitor processes, view alarms, adjust setpoints, and control equipment. HMIs are frequent targets in OT cyberattacks because compromising them can disrupt operator visibility and process control.

関連項目：Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controller (PLC), Industrial Control Systems (ICS), Distributed Control System (DCS), Remote Terminal Unit (RTU)

ICS Cyber Kill Chain

A two-stage model describing how cyberattacks progress against industrial control systems. Stage 1 covers initial intrusion into the enterprise or OT network. Stage 2 describes the attack development, testing, and execution of actions specifically targeting industrial processes and equipment.

関連項目：Advanced Persistent Threat (APT), Lateral Movement, Incident Response (IR), Industrial Control Systems (ICS), Cyber-Physical Attack

IEC 62443

The international standard series for industrial automation and control systems security. Provides a framework for securing industrial communication networks and systems throughout their lifecycle.

関連項目：NIST Cybersecurity Framework (NIST CSF), NIS2 Directive, NERC CIP, Defense-in-Depth (DiD), Risk Assessment

IT-OT Convergence

The integration of information technology and operational technology systems through common network connections to enable unified monitoring and control. While convergence improves operational efficiency, it also expands the attack surface by connecting previously isolated industrial systems to enterprise networks and the internet.

関連項目：Operational Technology (OT), Purdue Model, Demilitarized Zone (DMZ), Industrial Demilitarized Zone (IDMZ), Industrial Internet of Things (IIoT)

Incident Response(IR)

The organized approach to addressing and managing the aftermath of a security breach or cyberattack. In OT environments, incident response planning must balance containment and remediation with the critical need to maintain safe and continuous industrial operations.

関連項目：Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Indicators of Compromise (IoC), Ransomware, ICS Cyber Kill Chain

Indicators of Compromise(IoC)

Observable artifacts or evidence that indicate a system or network may have been breached or compromised. IoCs include file hashes, IP addresses, domain names, registry modifications, unusual network traffic patterns, and unexpected process behaviors. In OT security, IoCs must be correlated with industrial process context to distinguish between genuine threats and legitimate operational activities.

関連項目：Threat Intelligence, Threat Hunting, Security Information and Event Management (SIEM), Incident Response (IR), Endpoint Detection and Response (EDR)

Industrial Control Systems(ICS)

A broad category of control systems used to operate and automate industrial processes. ICS includes SCADA systems, distributed control systems, programmable logic controllers, and other control system configurations found in manufacturing, utilities, and critical infrastructure.

関連項目：Supervisory Control and Data Acquisition (SCADA), Distributed Control System (DCS), Programmable Logic Controller (PLC), Human-Machine Interface (HMI), Operational Technology (OT)

Industrial Demilitarized Zone(IDMZ)

A dedicated network segment positioned between enterprise IT networks and industrial OT networks that controls and monitors all traffic flowing between the two environments. The IDMZ acts as a buffer zone where shared services such as historians, patch servers, and remote access gateways can operate without creating direct connections between IT and OT networks, following the Purdue Model's recommended architecture.

関連項目：Demilitarized Zone (DMZ), Purdue Model, IT-OT Convergence, Network Segmentation, Firewall

Industrial Internet of Things(IIoT)

The extension of Internet of Things technology into industrial applications, connecting sensors, instruments, and other devices in manufacturing and process environments. IIoT enables advanced analytics, remote monitoring, and predictive maintenance but introduces new cybersecurity challenges in environments with legacy infrastructure.

関連項目：Cyber-Physical Systems (CPS), IT-OT Convergence, OPC UA, Shadow OT, Attack Surface

Intrusion Detection System(IDS)

A security system that monitors network traffic or system activities for malicious behavior or policy violations and generates alerts when suspicious activity is detected. Unlike an Intrusion Prevention System (IPS), an IDS operates in a passive monitoring mode and does not actively block threats. In OT environments, IDS solutions with industrial protocol awareness can detect anomalous control system commands without the risk of disrupting legitimate operations.

関連項目：Intrusion Prevention System (IPS), Anomaly Detection, Network Monitoring, Deep Packet Inspection (DPI), Security Information and Event Management (SIEM)

Intrusion Prevention System(IPS)

A network security system that monitors network traffic and actively blocks or prevents identified threats. In OT environments, IPS must understand industrial protocols to avoid disrupting legitimate operations.

関連項目：Intrusion Detection System (IDS), Firewall, Deep Packet Inspection (DPI), Virtual Patching, Defense-in-Depth (DiD)

Lateral Movement

A technique used by attackers to move through a network after initial compromise, expanding access to additional systems. Network segmentation is a key defense against lateral movement in OT environments.

関連項目：Advanced Persistent Threat (APT), Network Segmentation, Ransomware, Micro-Segmentation, ICS Cyber Kill Chain

Legacy System

Outdated technology that remains in use due to familiarity, cost, or operational importance. Legacy systems are common in OT environments where equipment may run for decades, creating significant security challenges.

関連項目：Virtual Patching, Patch Management, Application Whitelisting, Endpoint Protection Platform (EPP), Operational Technology (OT)

Malware

Malicious software designed to infiltrate, damage, or gain unauthorized access to computer systems. In OT environments, malware poses unique risks because industrial endpoints often run legacy operating systems, lack regular patching, and cannot tolerate the performance overhead of traditional antivirus solutions. OT-targeted malware variants have been specifically engineered to manipulate industrial processes and equipment.

関連項目：Ransomware, Advanced Persistent Threat (APT), Phishing, Endpoint Detection and Response (EDR), Indicators of Compromise (IoC)

Micro-Segmentation

A security technique that divides networks into small, isolated segments to enable precise security control. This limits lateral movement of attackers and contains potential breaches to specific areas.

関連項目：Network Segmentation, Lateral Movement, Firewall, Demilitarized Zone (DMZ)

Modbus

A serial communication protocol originally published in 1979 that has become one of the most widely used industrial protocols. Modbus TCP, the Ethernet variant, enables communication between PLCs, HMIs, sensors, and other industrial devices. The protocol lacks built-in authentication or encryption, making network-level security essential.

関連項目：OPC UA, DNP3 (DNP3), PROFINET, Common Industrial Protocol (CIP), EtherNet/IP

NERC CIP

North American Electric Reliability Corporation Critical Infrastructure Protection standards, a set of mandatory cybersecurity requirements for the bulk electric system in North America. NERC CIP standards define security controls for electronic perimeters, access management, incident response, and system monitoring for electric utilities.

関連項目：IEC 62443, NIST Cybersecurity Framework (NIST CSF), NIS2 Directive, Critical Infrastructure, Security Audit

NIS2 Directive

The European Union directive on Network and Information Security (NIS2), expanding cybersecurity requirements for critical infrastructure and essential service providers across EU member states. NIS2 broadens the scope of sectors covered and introduces stricter supervisory measures, enforcement actions, and incident reporting obligations.

関連項目：IEC 62443, NIST Cybersecurity Framework (NIST CSF), NERC CIP, Critical Infrastructure, Incident Response (IR)

NIST Cybersecurity Framework(NIST CSF)

A voluntary framework developed by the U.S. National Institute of Standards and Technology that provides a structured approach to managing cybersecurity risk. The framework organizes security activities into six core functions: Govern, Identify, Protect, Detect, Respond, and Recover.

関連項目：IEC 62443, NERC CIP, NIS2 Directive, Risk Assessment, Incident Response (IR)

Network Access Control(NAC)

A security approach that enforces policies for devices connecting to a network, ensuring only authorized and compliant devices gain access. In OT environments, NAC helps prevent unauthorized laptops, contractor devices, and infected equipment from connecting to industrial control networks.

関連項目：Firewall, Network Segmentation, Demilitarized Zone (DMZ), Privileged Access Management (PAM)

Network Monitoring

The continuous observation and analysis of network traffic, device communications, and system performance within an OT environment. OT network monitoring solutions must understand industrial protocols to accurately characterize normal operations, detect anomalies, identify unauthorized devices, and provide visibility into asset communications without introducing latency or disrupting real-time control processes.

関連項目：Intrusion Detection System (IDS), Anomaly Detection, SPAN Port, Deep Packet Inspection (DPI), Asset Visibility

Network Segmentation

The practice of dividing a computer network into smaller, isolated subnetworks to improve security and performance. In OT environments, network segmentation separates operational zones from enterprise IT networks and limits the pathways available to attackers who gain initial access.

関連項目：Micro-Segmentation, Demilitarized Zone (DMZ), Firewall, Defense-in-Depth (DiD), Purdue Model

OPC UA

Open Platform Communications Unified Architecture - a machine-to-machine communication protocol for industrial automation. Provides secure, reliable data exchange between industrial devices from different manufacturers.

関連項目：Modbus, DNP3 (DNP3), Common Industrial Protocol (CIP), PROFINET, Industrial Internet of Things (IIoT)

OT Security Operations Center(OT SOC)

A dedicated facility or function responsible for continuously monitoring, detecting, analyzing, and responding to cybersecurity events across an organization's operational technology environment. An OT SOC requires analysts with specialized knowledge of industrial processes, control system protocols, and OT-specific threat landscapes, distinguishing it from traditional IT SOCs. Effective OT SOCs integrate data from network sensors, endpoint agents, and asset management systems to provide unified visibility.

関連項目：Security Information and Event Management (SIEM), Incident Response (IR), Threat Hunting, Threat Intelligence, Indicators of Compromise (IoC)

Operational Resilience

An organization's ability to anticipate, prepare for, respond to, and adapt to both incremental changes and sudden disruptions in order to maintain continuous business operations. In industrial settings, operational resilience encompasses cybersecurity, physical safety, business continuity planning, and disaster recovery, with the goal of keeping critical production processes running even when facing adverse conditions or active cyber threats.

関連項目：Critical Infrastructure, Incident Response (IR), Hardware Bypass, Safety Instrumented System (SIS), Change Management

Operational Technology(OT)

Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events. OT encompasses the systems that run industrial operations including manufacturing, energy production, water treatment, and transportation.

関連項目：Industrial Control Systems (ICS), Cyber-Physical Systems (CPS), IT-OT Convergence, Critical Infrastructure, Operational Technology Network (OT Network)

Operational Technology Network(OT Network)

The communication infrastructure connecting industrial control devices, sensors, actuators, and supervisory systems within an operational environment. OT networks carry real-time control traffic using industrial protocols and are designed for deterministic, low-latency communication. Unlike IT networks that prioritize confidentiality and data integrity, OT networks must prioritize availability and reliability to ensure continuous, safe industrial operations.

関連項目：Operational Technology (OT), Network Segmentation, Purdue Model, Asset Visibility, Asset Inventory

PROFINET

An industrial Ethernet standard for automation maintained by PROFIBUS International. PROFINET supports real-time and isochronous communication for demanding motion control applications and is widely adopted in European manufacturing environments for connecting PLCs, drives, and I/O devices.

関連項目：Modbus, EtherNet/IP, OPC UA, Common Industrial Protocol (CIP), Industrial Control Systems (ICS)

Patch Management

The process of planning, testing, and applying software updates to fix vulnerabilities and improve system stability. In OT environments, patch management is significantly more complex than in IT because production systems often cannot be taken offline for updates, patches may not be available for legacy or end-of-life systems, and updates must be thoroughly tested to ensure they do not disrupt industrial processes. Virtual patching provides an alternative protection method when traditional patching is not feasible.

関連項目：Vulnerability Management, Virtual Patching, Legacy System, Zero-Day Vulnerability, Change Management

Penetration Testing

An authorized simulated cyberattack performed to evaluate the security of a system, network, or application by identifying exploitable vulnerabilities. OT penetration testing requires extreme caution because aggressive scanning or exploitation techniques that are routine in IT environments can crash industrial controllers, disrupt communications, or cause unsafe conditions. OT-specific penetration testing methodologies prioritize passive reconnaissance and carefully scoped active testing during maintenance windows.

関連項目：Vulnerability Management, Security Audit, Risk Assessment, Attack Surface, Threat Hunting

Phishing

A social engineering attack that uses fraudulent communications, typically email, to trick recipients into revealing sensitive information or installing malicious software. Phishing targeting OT personnel is a common initial access vector in attacks against industrial control systems and critical infrastructure.

関連項目：Malware, Ransomware, Supply Chain Attack, Advanced Persistent Threat (APT), Cyber Hygiene

Privileged Access Management(PAM)

A security framework for controlling, monitoring, and auditing access by users with elevated system privileges, such as administrators, engineers, and maintenance personnel. In OT environments, PAM is critical because privileged accounts often have direct access to control systems, engineering workstations, and safety systems. Effective PAM enforces least-privilege principles, requires multi-factor authentication, records session activities, and limits the duration and scope of privileged access.

関連項目：Secure Remote Access (SRA), Network Access Control (NAC), Defense-in-Depth (DiD), Industrial Demilitarized Zone (IDMZ)

Programmable Logic Controller(PLC)

A ruggedized industrial computer designed to control manufacturing processes, assembly lines, robotic devices, and other automation activities. PLCs execute control logic in real time and communicate with sensors, actuators, and supervisory systems across the plant floor.

関連項目：Industrial Control Systems (ICS), Remote Terminal Unit (RTU), Human-Machine Interface (HMI), Supervisory Control and Data Acquisition (SCADA), Distributed Control System (DCS)

Protocol Whitelisting

A network security technique that permits only approved industrial communication protocols and specific protocol commands to traverse network segments while blocking all unauthorized traffic. Protocol whitelisting leverages deep packet inspection of industrial protocols such as Modbus, EtherNet/IP, and OPC UA to enforce granular policies that control which devices can communicate, what commands are permitted, and what data can be transferred across protected network boundaries.

関連項目：Application Whitelisting, Deep Packet Inspection (DPI), Intrusion Prevention System (IPS), Modbus

Purdue Model

A reference architecture for industrial network segmentation that organizes systems into hierarchical levels, from Level 0 (physical processes and sensors) through Level 5 (enterprise and internet-facing systems). The model provides a structured framework for aligning security controls with operational requirements at each layer.

関連項目：Network Segmentation, Demilitarized Zone (DMZ), Industrial Control Systems (ICS), Industrial Demilitarized Zone (IDMZ), IT-OT Convergence

Ransomware

Malware that encrypts files and systems, demanding payment for restoration. Ransomware attacks on industrial systems can halt production and cause significant financial and operational damage.

関連項目：Malware, Incident Response (IR), Lateral Movement, Advanced Persistent Threat (APT), Phishing

Remote Terminal Unit(RTU)

A microprocessor-controlled device that monitors and controls field devices installed at remote locations. RTUs collect data from sensors and send commands to equipment in SCADA systems.

関連項目：Programmable Logic Controller (PLC), Supervisory Control and Data Acquisition (SCADA), Industrial Control Systems (ICS), Human-Machine Interface (HMI), Modbus

Removable Media Security

Security controls and procedures governing the use of USB drives, portable hard drives, and other removable storage devices in industrial environments. Removable media remains one of the primary vectors for introducing malware into air-gapped or isolated OT networks, particularly through maintenance activities and vendor interactions. Portable inspection solutions scan and validate removable media before it connects to production systems.

関連項目：Air Gap, Supply Chain Attack, Malware, Cyber Hygiene, Legacy System

Risk Assessment

The systematic process of identifying assets, evaluating threats and vulnerabilities, and determining the potential impact and likelihood of security incidents. In OT environments, risk assessment must consider both cyber and physical consequences, weigh operational impact alongside traditional security metrics, and account for the unique characteristics of industrial systems such as safety implications, production dependencies, and regulatory requirements.

関連項目：Vulnerability Management, Attack Surface, IEC 62443, NIST Cybersecurity Framework (NIST CSF), Security Audit

SPAN Port

A designated switch port configured to mirror traffic from other ports for monitoring and analysis purposes. In OT security, SPAN port connections enable passive network monitoring and asset discovery without introducing inline devices, though they cannot actively block threats.

関連項目：Network Monitoring, Intrusion Detection System (IDS), Deep Packet Inspection (DPI), Network Segmentation, Asset Visibility

Safety Instrumented System(SIS)

An automated system designed to bring a process to a safe state when predetermined conditions are violated, protecting personnel, equipment, and the environment. SIS operates independently from the basic process control system and is engineered with high reliability to perform safety functions. Cyberattacks targeting SIS, such as the TRITON/TRISIS malware, represent some of the most dangerous threats to industrial environments because they can disable the last line of defense against catastrophic events.

関連項目：Industrial Control Systems (ICS), Programmable Logic Controller (PLC), Operational Resilience, Cyber-Physical Attack, Distributed Control System (DCS)

Secure Boot

A security mechanism that ensures a device only executes authenticated and trusted firmware and software during the startup process. Secure boot validates the integrity of each component in the boot chain using cryptographic signatures, preventing unauthorized or tampered code from running. In OT environments, secure boot protects industrial controllers and edge devices from firmware-level attacks that could compromise control system integrity.

関連項目：Firmware, Supply Chain Attack, Application Whitelisting, Legacy System

Secure Remote Access(SRA)

Controlled methods for connecting to OT networks from outside the facility while maintaining security. Secure remote access solutions for industrial environments enforce authentication, session recording, and least-privilege access to protect critical systems from unauthorized remote connections.

関連項目：Privileged Access Management (PAM), Air Gap, IT-OT Convergence, Network Access Control (NAC)

Security Audit

A systematic evaluation of an organization's security posture against established standards, policies, or regulatory requirements. OT security audits assess the effectiveness of controls across networks, endpoints, access management, incident response procedures, and compliance with frameworks such as IEC 62443, NIST CSF, NERC CIP, and NIS2. Audits identify gaps between current security practices and required baselines, providing actionable recommendations for improvement.

関連項目：Penetration Testing, Risk Assessment, IEC 62443, NIST Cybersecurity Framework (NIST CSF), Change Management

Security Information and Event Management(SIEM)

A platform that aggregates and analyzes security event data from across an organization's infrastructure to provide centralized threat detection, investigation, and compliance reporting. Integrating OT security data into SIEM systems enables unified visibility across both IT and OT environments.

関連項目：Incident Response (IR), Indicators of Compromise (IoC), Threat Hunting, Anomaly Detection, OT Security Operations Center (OT SOC)

Shadow OT

Unauthorized or unmanaged operational technology devices, connections, and systems that exist within an industrial environment without the knowledge or oversight of security teams. Shadow OT can include unauthorized wireless access points, personal devices connected to control networks, undocumented remote access connections, and legacy equipment that was never inventoried. These hidden assets create blind spots in an organization's security posture and expand the attack surface.

関連項目：Asset Inventory, Asset Visibility, Industrial Internet of Things (IIoT), Attack Surface, Risk Assessment

Supervisory Control and Data Acquisition(SCADA)

A system architecture that uses computers, networked data communications, and graphical user interfaces for high-level supervisory management of industrial processes. SCADA systems collect real-time data from remote terminal units and programmable logic controllers across geographically distributed sites.

関連項目：Industrial Control Systems (ICS), Programmable Logic Controller (PLC), Remote Terminal Unit (RTU), Human-Machine Interface (HMI), Distributed Control System (DCS)

Supply Chain Attack

A cyberattack that targets the less-secure elements in the supply chain to compromise the ultimate target. In OT environments, supply chain attacks can occur through compromised vendor software updates, infected removable media from maintenance contractors, or tampered hardware components.

関連項目：Advanced Persistent Threat (APT), Malware, Removable Media Security, Firmware, Vulnerability Management

Threat Hunting

The proactive practice of searching through networks and systems to detect and isolate advanced threats that have evaded existing security defenses. In OT environments, threat hunting requires specialized knowledge of industrial protocols, control system behaviors, and normal operational patterns. Hunters analyze network traffic, endpoint telemetry, and system logs to identify subtle signs of compromise that automated tools may miss.

関連項目：Threat Intelligence, Indicators of Compromise (IoC), Endpoint Detection and Response (EDR), Anomaly Detection, Security Information and Event Management (SIEM)

Threat Intelligence

Evidence-based knowledge about existing or emerging cyber threats, including information about threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise, and targeted vulnerabilities. OT-specific threat intelligence focuses on industrial malware families, vulnerabilities in industrial control systems and protocols, and threat actor groups known to target critical infrastructure and manufacturing sectors.

関連項目：Indicators of Compromise (IoC), Threat Hunting, Advanced Persistent Threat (APT), Security Information and Event Management (SIEM), Anomaly Detection

Virtual Patching

A security measure that blocks exploits targeting known or unknown vulnerabilities without modifying the original system. Essential for protecting legacy OT systems that cannot be patched or updated.

関連項目：Vulnerability Management, Patch Management, Legacy System, Zero-Day Vulnerability, Intrusion Prevention System (IPS)

Vulnerability Management

The continuous process of identifying, classifying, prioritizing, remediating, and mitigating security vulnerabilities in systems and software. In OT environments, vulnerability management must account for systems that cannot be patched during production and prioritize operational impact alongside traditional risk scoring.

関連項目：Virtual Patching, Patch Management, Zero-Day Vulnerability, Risk Assessment, Attack Surface

Zero-Day Vulnerability

A previously unknown software vulnerability that is exploited by attackers before the vendor has released a patch. In OT environments, zero-day vulnerabilities are particularly dangerous because industrial systems often cannot be updated quickly, making alternative protections such as virtual patching essential.

関連項目：Vulnerability Management, Virtual Patching, Patch Management, Advanced Persistent Threat (APT), Attack Surface