Cybersecurity Glossary for Critical Sectors

A practical guide for mining, energy and government professionals in Colombia and Peru.

A reference guide to understand essential critical infrastructure cybersecurity terms.

Introduction

Cybersecurity in sectors such as mining, energy and government requires a specific vocabulary. This glossary translates complex technical concepts into clear and practical language, with real examples of implementation in Colombia.

Terms included: 80+ essential concepts
Level: Intermediate - Professional
Sectors: Mining, Energy, Petroleum, Government

A

APT (Advanced Persistent Threat)

Validated: NIST SP 800-39

Sophisticated attacks that remain hidden in systems for months or years, typically backed by organized groups or states. In mining, they seek to steal valuable geological information or disrupt mining operations.

Practical example: An attacker infiltrates the network of a gold mine and slowly extracts information about reserves and expansion plans for 8 months before being detected.

Two-Factor Authentication (2FA)

Security method that requires two different forms of verification before allowing access to critical systems.

Sectoral application: In remote mining operations, passwords are combined with codes sent to satellite radios when there is no cellular coverage.

B

Backup 3-2-1

Golden rule for data backup

Strategy that recommends having 3 copies of critical data, on 2 different media, with 1 copy off the main site. Essential for mining operations where loss of geological data can cost millions.

Sector implementation: In subway mining, copies are kept in the operations center (SSD), local servers (hard drives) and secure cloud (off-site).

BES (Bulk Electric System).

Source: NERC

Electrical transmission facilities operating at 100kV or higher, including designated generators. Subject to strict cybersecurity regulations in North America.

Regional relevance: Colombian electric companies that export energy must comply with these international standards.

Botnet

Network of infected devices remotely controlled by cybercriminals. In industrial environments, they can include compromised security cameras, IoT sensors and monitoring systems.

C

Security Operations Center (SOC)

Specialized equipment that monitors, detects and responds to cyber threats 24 hours a day. For critical sectors, requires specific knowledge of industry protocols and operations.

Key difference: A traditional SOC detects malware on office computers. An industrial SOC detects when someone tries to sabotage a water pump in a mine.

OT vs. IT cybersecurity

IT (Information Technology): Prioritizes protecting data and office systems.
OT (Operational Technology): Prioritizes keeping industrial equipment such as pumps, generators and mine ventilation systems running.

Critical difference: In IT, you can restart a server at midnight. In OT, restarting a system can shut down the entire mining operation and put human lives at risk.

CSMS (cybersecurity management system).

Source: IEC 62443-2-1

Comprehensive framework for managing cybersecurity in industrial operational technology. Includes specific policies, procedures and controls for critical environments.

Key components: Risk analysis, response plans, specialized training and continuous audits.

D

DCS (Distributed Control Systems)

Source: NIST SP 800-82

Systems that control continuous industrial processes through multiple interconnected controllers. Common in oil refineries and mining processing plants.

Practical example: In a refinery, the DCS automatically controls temperature, pressure and flow in dozens of tanks simultaneously.

DDoS (Denial of Service Attack)

Attempt to crash a service by sending massive traffic from multiple sources. In mining, it can target environmental monitoring systems or emergency communications.

Industry case: DDoS attack on toxic gas monitoring system in subway mine interrupted safety alarms for 3 hours.

Disaster Recovery

Detailed plan to restore critical operations after a cyber incident or massive system failure.

Critical times per sector:

• • Government hospitals: 4 hours maximum
  • Power plants: 24 hours maximum
  • Mining operations: 72 hours maximum

E

Endpoint Security

Protection of end devices such as computers, tablets and smartphones that connect to corporate networks. In mining includes ruggedized endpoints and field devices.

Industry challenge: Mining devices must withstand extreme dust, humidity and vibration while maintaining cybersecurity protections.

F

Industrial Firewall

Security appliance designed specifically to protect industrial systems networks, capable of understanding and filtering specialized mining and energy protocols.

Crucial difference: An office firewall blocks malicious websites. An industrial firewall understands and protects specific commands sent to a mine drainage pump.

Industrial Protocols Handled: Modbus, DNP3, Profinet, EtherNet/IP

G

Identity Management

Control who has access to which systems and for how long. Critical in operations where unauthorized access can cause physical damage.

Mining example: An entry-level operator can view seismic sensor data, but only the senior engineer can modify evacuation alarm parameters.

Cybersecurity Governance

NIST 2024 Update

Establishment of policies and structures to manage cybersecurity at the executive level. Includes allocation of budgets and clear responsibilities.

Practical application: The board of directors of a mining company should review and approve the annual cybersecurity budget, not delegate completely to IT.

H

HMI (Human Machine Interface)

Displays and controls that allow human operators to interact with automated industrial systems.

Mining example: Touch screen in control room showing real-time status of all fans, pumps and conveying systems in a subway mine.

Security risk: If an attacker compromises the HMI, they can cause operators to see false information or execute dangerous commands without knowing it.

I

ICS (Industrial Control Systems)

Source: NIST SP 800-82

Broad term that includes SCADA, DCS, PLC and other systems that control physical processes in industries such as power, water, petroleum and mining.

IEC 62443

Source: International Electrotechnical Commission

Series of international standards for cybersecurity in industrial automation systems. Defines security levels from 1 to 4 according to the sophistication of the threats.

Security levels:

• • Level 1: Protection against accidental errors.
  • Level 2: Protection against intentional basic attacks
  • Level 3: Protection against sophisticated attacks
  • Level 4: Protection against nation-state level attacks.

Incident Response

Structured process to detect, contain, investigate and recover from cyber attacks or security breaches.

Critical phases:

1. 1. Detection: What is happening?
   2. Containment: How do we stop the damage?
   3. Eradication: How do we eliminate the threat?
   4. Recovery: How do we return to normal operations?
   5. Lessons learned: How do we prevent it from happening again?

L

Legacy Systems.

Legacy industrial systems, often 10-25 years old, that remain critical to operations but lack modern cybersecurity protections.

Mining challenge: A mine may have a ventilation control system from 1995 that works perfectly but was never designed to connect to the internet securely.

M

Industrial Malware

Malicious software specifically designed to attack industrial control systems. Unlike traditional malware, it seeks to cause actual physical damage.

Historical cases:

• Stuxnet (2010): Attacked Iranian nuclear centrifuges.
• TRITON (2017): Attacked security systems in petrochemical plants.

Microsegmentation

Division of networks into very small, highly controlled segments to limit lateral movement of attackers.

Mining application: If an attacker compromises the administrative office network, he cannot move to systems controlling water drainage pumps.

N

NERC CIP

Source: North American Electric Reliability Corporation

Series of 14 mandatory cybersecurity standards with which all companies operating the U.S. and Canadian electric system must comply.

Real Penalties: Fines can exceed $1 million for serious violations.

International relevance: Utilities in other countries that plan to export power to North America must comply with these standards.

O

OT (Operational Technology)

Source: NIST SP 800-82 Rev. 3

Hardware and software that directly controls physical industrial processes. Includes sensors, actuators, PLCs and SCADA systems that operate equipment such as pumps, valves and motors.

Fundamental difference: IT handles digital information. OT controls the real physical world.

OWASP Top 10

Source: OWASP Foundation, version 2021

List of the 10 most critical vulnerabilities in web applications, updated every 3-4 years. Next version (2025) is under development.

Current top 3:

1. 1. Broken access control: Users get permissions they shouldn't have.
   2. Cryptographic flaws: Sensitive data poorly protected
   3. Injection: Attackers insert malicious code into applications

P

Penetration Testing

Authorized mock cyber attack to identify vulnerabilities before they are exploited by real attackers.

Difference in OT: Testing industrial systems requires extreme care because a mistake can stop critical operations or cause physical damage.

Industrial Phishing

Deceptive emails specifically targeting employees in critical sectors, using industrial terminology and context to appear more credible.

Example: fake email pretending to be from a SCADA system vendor, asking for credentials for "urgent security upgrade."

PLC (Programmable Logic Controller)

Source: IEC 61131

Ruggedized industrial computer that controls automated processes using programmed logic. Basis of automation in mining, petroleum and manufacturing.

Mining example: PLC that automatically activates drainage pumps when sensors detect dangerous groundwater accumulation.

Vulnerability: Older PLCs often lack authentication, allowing anyone with network access to modify their programming.

R

Ransomware

Malware that encrypts files or entire systems and demands payment to restore access. Particularly dangerous in critical sectors where disruptions can have serious consequences.

Recent industry cases:

• • Colonial Pipeline (2021): Major US gas pipeline shut down for 6 days.
  • JBS (2021): World's largest meat processor temporarily shut down
  • Multiple Hospitals: Surgeries cancelled, patients transferred

Recovery Time Objective (RTO)

Maximum acceptable time to restore a system after an outage.

Examples by sector:

• • Hospital life support systems: 0 minutes (full redundancy).
  • Water treatment plants: 4-8 hours
  • Payroll systems: 24-48 hours

S

SCADA (Supervisory Control and Data Acquisition)

Source: NIST SP 800-82

Systems that allow monitoring and control of industrial processes from remote locations. They combine supervisory software with communication networks to connect to equipment in the field.

Mining application: SCADA system allows surface operators to monitor and control equipment located miles inside subway tunnels.

Main components:

• • HMI: Operator displays
  • Servers: Process and store data
  • RTUs/PLCs: Connect to physical equipment
  • Communication network: Connects all components

Security by Design

Principle of incorporating security measures from the initial design of systems, rather than adding them later as a patch.

Example: Design a new mining monitoring system with authentication, encryption and audit trails from the beginning, not add them after the system is already running.

SIEM (Security Information and Event Management).

Source: Gartner

Platform that collects, correlates and analyzes security logs from multiple sources to detect threats in real time.

Key capabilities:

• • Centralized log collection
  • Correlation of suspicious events
  • Automated alerts
  • Forensic investigation

Industrial challenge: Traditional SIEMs do not understand OT protocols, require specialization for industrial environments.

T

Threat Hunting

Proactive search for threats that may have evaded automated security measures. In industrial environments, includes analysis of anomalous patterns in OT protocols.

Mining example: Security analyst reviews historical logs and discovers that someone has been accessing seismic data after hours for weeks.

Two-Person Integrity

Security principle requiring two authorized persons to perform critical actions, common in nuclear operations and weapons systems.

Industrial application: Changes to critical safety systems (such as mine evacuation alarms) require simultaneous authorization by two senior engineers.

V

Vulnerability Assessment

Systematic evaluation of security weaknesses in systems, applications and networks.

Typical process:

1. 1. Asset inventory: What systems do we have?
   2. Vulnerability scan: What is misconfigured or outdated?
   3. Risk assessment: Which vulnerabilities are most dangerous?
   4. Prioritization: What should we fix first?
   5. Remediation: How do we fix the problems?

Z

Zero Trust

Source: NIST SP 800-207

Security model that assumes that no user, device or network should be trusted automatically, regardless of its location or previous credentials.

Fundamental principle: "Never trust, always verify".

Industrial application: Even if a technician has valid credentials and is logged in from the internal network, he must authenticate specifically for each critical system he needs to access.

Zero-Day

Previously unknown software vulnerability that can be exploited before a security patch is available.

Special danger in OT: Industrial systems often cannot be upgraded immediately due to continuous availability requirements, leaving them vulnerable for extended periods.

Validated sources: NIST, IEC, NERC, CISA, OWASP, ISA
Geographical Context: Colombia and Latin America
Target Sectors: Mining, Energy, Petroleum, Government

This glossary is a living document that is regularly updated as threats and technologies evolve. For specific technical suggestions or queries, please contact our team of industrial cybersecurity specialists.