Terms

See: Tutorial under "Trusted Computer System Evaluation Criteria".

A computer system feature which may be (a) an unintentional flaw, (b) a mechanism deliberately installed by the system's creator, or (c) a mechanism surreptitiously installed by an intruder that provides access to a system resource by other than the usual procedure and usually is hidden or otherwise not well known. (See: maintenance hook. Compare: Trojan Horse.)

A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application

Create a reserve copy of data or, more generally, provide alternate means to perform system functions despite loss of system resources. (See: contingency plan. Compare: archive.)

Refers to alternate means of performing system functions despite loss of system resources. (See: contingency plan).

"An entity, such as a program or a computer, that fails to work or that works in a remarkably clumsy manner. A person who has caused some trouble, inadvertently or otherwise, typically by failing to program the computer properly." [NCSSG] (See: flaw.)

An "opaque encrypted tuple, which is included in a SET message but appended as external data to the PKCS encapsulated data. This avoids superencryption of the previously encrypted tuple, but guarantees linkage with the PKCS portion of the message." [SET2]

The inclusion of security mechanisms in an information system beginning at an early point in the system's lifecycle, i.e., during the design phase, or at least early in the implementation phase. (Compare: add on security.)

The total width of the frequency band that is available to or used by a communication channel; usually expressed in Hertz (Hz). (RFC 3753) (Compare: channel capacity.)

The digits of a credit card number that identify the issuing bank. (See: primary account number.)

A standard for representing ASN.1 data types as strings of octets. [X690] (See: Distinguished Encoding Rules.)

See: secondary definition under "IPSO".

A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few) in the network that can be directly accessed from networks on the other side of the firewall. (See: firewall.)

The research and development company (originally called Bolt Baranek and Newman, Inc.) that built the ARPANET.

password hashing function based on the Blowfish cipher and presented at USENIX in 1999

the extent to which an individual practices several types of cybersecurity measures to avoid or attenuate the types of cyber threats that they are vulnerable to

A formal, mathematical, state transition model of confidentiality policy for multilevel secure computer systems [Bell]. (Compare: Biba model, Brewer Nash model.)

"Condition of cryptographic data [such] that [the data] cannot be compromised by human access [to the data]." [C4009]

Process by which keying material is generated, distributed, and placed into an ECU without exposure to any human or other system entity, except the cryptographic module that consumes and uses the material. (See: benign.)

A level of security assurance that is beyond the highest level (level A1) of criteria specified by the TCSEC. (See: Tutorial under "Trusted Computer System Evaluation Criteria".)

Synonym for "source integrity".

A formal, mathematical, state transition model of integrity policy for multilevel secure computer systems [Biba]. (See: source integrity. Compare: Bell LaPadula model.)

Adversaries may use an existing, legitimate external Web service channel as a means for sending commands to and receiving output from a compromised system. Compromised systems may leverage popular websites and social media to host command and control (C2) instructions. Those infected systems can then send the output from those commands back over that Web service channel. The return traffic may occur in a variety of ways, depending on the Web service being utilized. For example, the return traffic may take the form of the compromised system posting a comment on a forum, issuing a pull request to development project, updating a document hosted on a Web service, or by sending a Tweet.

"A personnel position or assignment that may be filled by one person." [JCP1] (Compare: principal, role, user.)

To inseparably associate by applying some security mechanism.

refers to the use of biometric data for authentication and access control to improve cybersecurity

making small, strategic changes to habits and behaviors to improve things like cognitive function and weight management.

use unique physical or behavioral traits like fingerprints, facial features, and voice patterns for cybersecurity authentication

A method of generating authentication information for a person by digitizing measurements of a physical or behavioral

A systematic process of gathering near real time biological information to detect, monitor, and characterize threats to human, animal, plant, and environmental health, enabling early warning and identification of potential outbreaks.

A class of attacks against cryptographic functions, including both encryption functions and hash functions. The attacks take advantage of a statistical property: Given a cryptographic function having an N bit output, the probability is greater than 1/2 that for 2 (N/2) randomly chosen inputs, the function will produce at least two outputs that are identical. (See: Tutorial under "hash function".)

A contraction of the term "binary digit"; the smallest unit of information storage, which has two possible states or values. The values usually are represented by the symbols "0" (zero) and "1" (one). (See: block, byte, nibble, word.)

A sequence of bits, each of which is either "0" or "1".

a form of testing that is performed with no knowledge of a target system's internals

An experimental, end to end, network packet encryption system developed in a working prototype form by BBN and the Collins Radio division of Rockwell Corporation in the 1975 1980 time frame for the U.S. DoD. BCR was the first network security system to support TCP/IP traffic, and it incorporated the first DES chips that were validated by the U.S. National Bureau of Standards (now called NIST). BCR also was the first to use a KDC and an ACC to manage connections.

A key that is protected with a key encrypting key and that must be decrypted before use. (See: BLACK. Compare: RED key.)

A type of network based attack method that does not require the attacking entity to receive data traffic from the attacked entity; i.e., the attacker does not need to "see" data packets sent by the victim. Example: SYN flood.

A bit string or bit vector of finite length. (See: bit, block cipher. Compare: byte, word.)

Blockchain is a decentralized ledger that records and verifies transactions across a network of computers. It's a database that stores data in blocks that are linked together in a chain.

An encryption algorithm that breaks plain text into fixed size segments and uses the same key to transform each plaintext segment into a fixed size segment of cipher text. Examples: AES, Blowfish, DEA, IDEA, RC2, and SKIPJACK. (See: block, mode. Compare: stream cipher.)

Adversaries may block a command message from reaching its intended target to prevent command execution. In OT networks, command messages are sent to provide instructions to control system devices. A blocked command message can inhibit response functions from correcting a disruption or unsafe condition. (Citation: Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011) (Citation: Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems March 2016)

A list of entities that are blocked or denied privileges or access.

Adversaries may block or prevent a reporting message from reaching its intended target. In control systems, reporting messages contain telemetry data (e.g., I/O values) pertaining to the current state of equipment and the industrial process. By blocking these reporting messages, an adversary can potentially hide their actions from an operator.

Adversaries may block access to serial COM to prevent instructions or configurations from reaching target devices. Serial Communication ports (COM) allow communication with control system devices. Devices can receive command and configuration messages over such serial COM. Devices also use serial COM to send command and reporting messages. Blocking device serial COM may also block command messages and block reporting messages.

A symmetric block cipher with variable length key (32 to 448 bits) designed in 1993 by Bruce Schneier as an unpatented, license free, royalty free replacement for DES or IDEA. [Schn] (See: Twofish.)

an attack in which someone sends unsolicited messages to a Bluetooth enabled device

a hacking technique in which a hacker accesses a wireless device through a Bluetooth connection

A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

Adversaries may use bootkits to persist on systems. A bootkit is a malware variant that modifies the boot sectors of a hard drive, allowing malicious code to execute before a computer's operating system has loaded. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.

A bootkit is a type of malware that infects a computer's boot process, giving the attacker control over the system. Bootkits are a major security threat because they can bypass standard security measures and remain hidden.