Glossary

A method of mitigating the possibility of an active handset inadvertently allowing background discussions to be heard by a remote party. This can be achieved through the use of a hold feature, mute feature, push-to-talk handset or equivalent.

Activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks.

Non-classified information identified as requiring basic protection (i.e. information marked as OFFICIAL or OFFICIAL: Sensitive).

An encryption method relying on a pre-shared key which is larger than or equal to the size of the plaintext to create ciphertext. While the OTP is the only scheme to hold certain theoretical security properties, key management renders it impractical for modern use-cases.

Services accessed by users over the internet (also known as internet-facing services).

Data that can be freely used, reused and redistributed by anyone.

An open-source implementation of Pretty Good Privacy, a widely available cryptographic toolkit.

System software that manages hardware and software resources and provides common services for executing various applications on a computer.

Systems that detect or cause a direct change to the physical environment through the monitoring or control of devices, processes and events. Operational technology is predominantly used to describe industrial control systems which include supervisory control and data acquisition systems and distributed control systems.

Open System Interconnect

Any device that can process, store or communicate data or signals within OT environments, such as programmable logic controllers and remote terminal units.

An agreement in which one company hires another company to be responsible for a planned or existing activity that is or could be done internally, and sometimes involves transferring employees and assets from one firm to another.

Open Web Application Security Project