OT security glossary

Plain-language definitions of the protocols, standards, and acronyms used in industrial cybersecurity.

Modbus

A serial communication protocol from 1979 used to connect PLCs. Widely used in water, power, and manufacturing. No built-in authentication or encryption, which is why monitoring matters.

Modbus TCP

The TCP/IP variant of Modbus, on port 502. Lets standard IT networking equipment carry industrial control traffic, and lets IT-side attackers reach OT devices with off-the-shelf tools.

DNP3 (Distributed Network Protocol)

A protocol used in electric utilities and water/wastewater SCADA, on TCP port 20000. Provides reliable communication between control centers and field devices. Event-based reporting reduces bandwidth but complicates monitoring.

EtherNet/IP

An industrial protocol that adapts the Common Industrial Protocol (CIP) to standard Ethernet. Common in manufacturing with Allen-Bradley and Rockwell PLCs. Carries both real-time control data and configuration commands on the same network.

OT (Operational Technology)

Hardware and software that monitors or controls physical processes. The PLCs, RTUs, and SCADA systems running water plants, power grids, and manufacturing lines. OT failures have immediate physical consequences.

ICS (Industrial Control Systems)

The collective term for systems that operate industrial processes: SCADA, distributed control systems (DCS), and PLCs. ICS security focuses on keeping these systems safe and reliable.

SCADA (Supervisory Control and Data Acquisition)

System architecture for monitoring and controlling geographically distributed industrial processes from a central location. Backbone of utility operations.

PLC (Programmable Logic Controller)

A ruggedized computer that automates industrial processes. Controls pumps, valves, and motors. Executes programmed logic in real time. Built for reliability, rarely for security.

RTU (Remote Terminal Unit)

A microprocessor-controlled device that interfaces sensors and actuators to SCADA, typically at remote field sites. Speaks DNP3 or Modbus over serial or TCP/IP.

HMI (Human-Machine Interface)

The display and software operators use to interact with control systems. A frequent target. Compromising an HMI gives an attacker the same capabilities as a plant operator.

NERC CIP (Critical Infrastructure Protection)

Mandatory cybersecurity standards from the North American Electric Reliability Corporation for bulk electric system operators. Covers electronic security perimeters (CIP-005), system security (CIP-007), and configuration change management (CIP-010). Penalties up to $1M per day.

IEC 62443

An international standards series for cybersecurity in industrial automation and control systems. Covers the lifecycle from design through operation. Increasingly cited in procurement requirements.

Defense-in-depth

Layering multiple independent defenses so that if one fails, others continue to protect. In OT, that means segmentation, access control, passive monitoring, and physical security. No single product is enough.

See how Kyntic monitors these protocols and generates compliance evidence automatically.

View sample report