The goal of this article is to explore a few of the industrial cybersecurity terms that you may come across, as there can be some confusion surrounding the correct usage, and the multitude of acronyms can make your head spin. From Operational Technology (OT) to Supervisory Control and Data Acquisition (SCADA) systems, understanding these terms is an important foundation for navigating this essential industry.
We aim to clarify these key concepts and explain their definitions, relationships, and relevance to modern industrial environments. We’ll also share both the National Institute of Standards and Technology (NIST) definition, if available, and the results of a ChatGPT search for the same term. Looking at both will help us to compare the technical definition with an explanation that comes from the large language model’s amalgamation of sources. Think of it as a comparison between what the textbook says and what you’ll hear from real people in the field.
Operational Technology (OT) refers to hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events. In broad terms, it’s the technology responsible for manipulating a physical environment.
While often used synonymously with industrial controls, OT also applies to non-industrial applications like building management systems and medical devices. Understanding OT is pivotal as it encompasses the entire ecosystem that supports industrial processes.
[NIST SP 800-37 Rev 2] Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms.
[ChatGPT 4] OT encompasses the hardware and software dedicated to monitoring and controlling physical devices and processes within industries. It’s a broad category that includes everything from the machinery on a factory floor to the control systems managing a power plant. OT is the umbrella under which all other technologies (ICS, SCADA, DCS, DCN) operate. It represents the entire spectrum of technologies involved in the physical manipulation and control of industrial environments.
We think it’s interesting that the ChatGPT definition goes a step further and notes that this is both hardware and software dedicated to monitoring and controlling things. OT is the umbrella under which other technologies, like ICS, SCADA, DCS, and DCN, all fall, and OT represents the whole spectrum of technology that’s involved in physical things and controls of industrial and other environments. ChatGPT does lose a point, though, because it specifies “industrial environments” only, and OT isn’t solely focused on industrial environments. Take that, robot overlords!
Industrial Control Systems (ICS) are integral to the functioning of OT. These systems encompass various control mechanisms used to monitor and manage industrial operations, including manufacturing, production, and distribution.
[NIST SP 800-30 Rev 1] An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition systems used to control geographically dispersed assets, as well as distributed control systems and smaller control systems using programmable logic controllers to control localized processes.
[NIST SP 800-37 Rev 2] General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).
[Chat GPT 4] ICS are the direct implementers of control and automation within the OT framework. They are the systems through which OT achieves its goal of monitoring and controlling industrial processes.
According to the NIST definitions, ICS incorporates both SCADA and Distributed Control Systems (DCS), representing an amalgamation of technologies that function cohesively. ICS directly implements control and automation, harnessing the capabilities of OT to achieve designated industrial objectives. The ChatGPT explanation calls out that ICS are the direct implementers of control and automation within the OT framework.
One core question that comes up regarding these terms is, if ICS and OT are different, what is OT but is not ICS? (Sounds like something Gollum might have asked Bilbo during their game of riddles)
Technically, building management systems and building automation systems are physical things in the physical world controlled by computers, but they’re not considered industrial control systems. This is also the case with medical devices, environmental monitoring, physical security systems, and the fire systems in many buildings. Oftentimes, those can be OT systems, but they’re not necessarily tied to industrial uses or industrial control itself. Even PLCs are not just used in industrial control systems.
SCADA systems represent a specific category within ICS, focusing on supervising and gathering data over extended geographical distances. They are commonly employed in industries like oil and gas, where centralized monitoring plays a crucial role. SCADA’s strength lies in its ability to collect data from remote locations and centralize that information for analysis and operational decision-making.
[NIST SP 800-82 Rev 2] A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.
[ChatGPT 4] SCADA systems are designed to perform data acquisition and high-level process supervisory control. SCADA systems are used to control dispersed assets where centralized data acquisition is as crucial as control.
[ChatGPT 4] Within the OT and ICS frameworks, SCADA systems provide the capability to monitor and control processes over large geographical areas, such as utility networks or nationwide oil and gas pipelines. They extend the reach of industrial control beyond the confines of a single facility.
The ChatGPT definition notes that SCADA systems provide the ability to monitor and control processes over huge areas. In contrast, DCS systems deal with smaller geographic areas, often a centrally located single unit.
[NIST SP 800-82 Rev 2] In a control system, refers to control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit.
[ChatGPT 4] DCS are used predominantly in complex process industries (e.g., chemical, pharmaceutical, power generation) where high-reliability control of various plant systems is required. DCS architecture distributes control functions across multiple nodes to ensure process continuity and reliability. DCS is a subset of ICS focused specifically on continuous, complex processes. Within OT, DCS provides granular, real-time control and monitoring of plant operations, emphasizing stability, efficiency, and safety.
In reviewing all of the definitions, the distinction between SCADA and DCS becomes apparent in their geographic application, with SCADA often extending over vast networks while DCS operates within a localized environment.
At the heart of many industrial systems lie Programmable Logic Controllers (PLCs), which are housed in ruggedized computers designed for the harsh conditions of industrial environments. PLCs control machinery and processes by processing inputs and delivering outputs based on pre-defined logic.
[NIST SP 800-82 Rev 2] A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as I/O control, logic, timing, counting, three mode (PID) control, communication, arithmetic, and data and file processing.
[ChatGPT 4] A Programmable Logic Controller (PLC) is an industrial digital computer which has been ruggedized and adapted for the control of manufacturing processes, such as assembly lines, or any process that requires high reliability, ease of programming, and process fault diagnosis.
PLCs are designed to perform a single set of tasks, except under real-time constraints, with superior reliability and performance. In the context of Operational Technology (OT) and Industrial Control Systems (ICS), PLCs are the workhorses that directly control machinery and processes on the factory floor.
They receive data from sensors and input devices, process this data based on pre-programmed parameters, and output control commands to machinery or actuation devices to execute operations such as opening or closing valves, starting motors, and running conveyors. PLCs are fundamental components in automation, playing a critical role in both discrete manufacturing and process control environments. Their rugged design allows them to operate reliability in harsh industrial environments, making them a key element in industrial control systems.
The ChatGPT definition does a good job of explaining that a PLC is basically an industrial digital computer, ruggedized, designed for putting out in the field. They’re really good at the single set of tasks that are under that ladder logic, generally under real-time constraints.
PLCs really are those workhorses. When you think about the building blocks that make up DCS and SCADA networks, PLCs are those individual computers that are the Lego blocks of that process, and they form the building blocks of both SCADA and DCS, acting as essential drivers for operational efficiency.
Remote Terminal Units (RTUs) play a critical role in extending the capabilities of SCADA. Designed for remote monitoring and control, RTUs gather and transmit data from field locations back to a central system. They often work in conjunction with PLCs, enhancing the flexibility and responsiveness of industrial control networks.
[NIST SP 800-82 Rev 2] Special purpose data acquisition and control unit designed to support DCS and SCADA remote stations. RTUs are field devices often equipped with network capabilities, which can include wired and wireless radio interfaces to communicate to the supervisory controller. Sometimes PLCs are implemented as field devices to serve as RTUs; in this case, the PLC is often referred to as an RTU.
[ChatGPT 4] Special purpose data acquisition and control unit designed to support DCS and SCADA remote stations. RTUs are field devices often equipped with network capabilities, which can include wired and wireless radio interfaces to communicate to the supervisory controller.
Sometimes PLCs are implemented as field devices to serve as RTUs; in this case, the PLS is often referred to as an RTU. RTUs serve as the remote eyes and hands of SCADA systems, collecting data from sensors and executing control commands sent from the central SCADA master station.
They are typically deployed in the field in locations that are geographically dispersed—such as in oil and gas pipelines, water distribution systems, and electrical substations—to monitor and control equipment and environmental conditions. Unlike PLCs, which are primarily focused on controlling local industrial processes, RTUs are optimized for remote data acquisition and control tasks.
They play a crucial role in the extension of industrial control systems over wide geographic areas, enabling industries to monitor and control infrastructure and processes that span large distances.
You may see a PLC serve as an RTU, and then that might be referred to as an RTU in the field, even though it is technically a PLC. Understanding RTUs is vital for anyone involved in industrial cybersecurity, as they bridge the gap between the physical world and digital systems.
There is also some variance on where the definitions might group RTU. In our visual for this article, you can see that we’ve placed RTU in SCADA. Under the NIST definition, they group RTU under both DCS and SCADA. So, while you may see it grouped under different areas, one thing is clear—RTUs are the remote eyes and hands of the SCADA system.
You may hear Human Machine Interface (HMI) and Engineering Workstation (EWS) being used interchangeably, but they are not the same.
[NIST SP 800-82 Rev 2] The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software.
[ChatGPT 4] HMI is a user interface or dashboard that connects a person to a machine, system, or device. In industrial settings, HMIs are used for interacting with the controlling system, providing data visualization, system monitoring, and control functions. They allow operators to see schematics of the systems, track production time, trends, logs, and historical data.
The NIST definition is our preferred version here, as it clearly states that the HMI is hardware or software that the operator uses to interact with the controller. The controller doesn’t have a keyboard or monitor plugged in directly, so the HMI is how you actually interface with the controller or the network itself. HMIs provide data visualization, system monitoring, and control, and they allow operators to really see parts of the system.
[No NIST definition for EWS]
[ChatGPT 4] Engineering Workstations (EWS) are critical components in both Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition (SCADA) systems, used by engineers and system integrators for system configuration, programming, monitoring, and diagnostic tasks.
Interestingly, there is no NIST definition for EWS, so we weren’t able to compare the two sources for this term. To clarify the differences between HMI and EWS, the HMI is used for more of the day-to-day monitoring and simple configuration, whereas the EWS is used for logic writing, diagnostic and programming tasks, and configuration change tasks.
By comparing definitions from multiple sources, our goal was to reveal the importance of understanding both the “textbook” definitions provided by authoritative bodies like NIST and the practical, more colloquial understandings that emerge in a wider dataset. Both the NIST and ChatGPT definitions serve a valuable purpose; the former offers a rigorous, vetted basis that the community largely agrees upon, while the latter reflects how the community may perceive and utilize these terms in their everyday communications.
As we navigate the complexities of industrial cybersecurity, it becomes crucial to recognize the nuances in language and application, ensuring clarity and coordination in an industry that is as dynamic as it is essential. Being mindful of the official definitions while also appreciating colloquial interpretations allows us to communicate effectively and uphold security standards across the vital infrastructure we rely on.
We hope you found this review of terms to be helpful. You can also watch a video of our founder and CEO, Dan Gunter, going through these terms in a previous Tech Talk Tuesday video here: Industrial Cybersecurity Terms Defined: OT, SCADA and RTUs Oh My!
Our products are designed to work with
you and keep your network protected.
Insane Cyber © All Rights Reserved 2025
