Glossary

This page contains a glossary of terms used across the Toolkit. It is based on and develops further the glossary from the Tallinn Manual 2.0, which appears here with the kind permission of Cambridge University Press.

A

 * Active Cyber Defence
 * The taking of proactive defensive measures outside the defended cyber infrastructure. A hack-back is a type of active cyber defence.

B

 * Bandwidth
 * The capacity of a communication channel to pass data through the channel in a given amount of time, usually expressed in bits per second.


 * Botnet
 * A network of compromised computers, so-called ‘bots’, remotely controlled by an intruder, ‘the botherder’, used to conduct coordinated cyber operations, such as distributed denial of service operations. There is no practical limit on the number of bots that can be assimilated into a botnet.

C

 * Close Access Operation
 * A cyber operation requiring the actor’s physical proximity to the targeted system.


 * Cloud Computing
 * A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (such as networks, servers, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing allows for efficient pooling of computer resources and the ability to scale resource to demand.


 * Common Criteria
 * International standard for evaluating the security properties of IT products.


 * Computer Emergency Response Team (CERT)
 * A team that provides initial emergency response aid and triage services to the victims or potential victims of cyber operations or cyber crimes, usually in a manner that involves coordination between private sector and government entities. These teams also maintain situational awareness about malicious cyber activities and new developments in the design and use of malware, providing defenders of computer networks with advice on how to address security threats and vulnerabilities associated with those activities and malware.


 * Computer Network
 * An infrastructure of interconnected devices or nodes that enables the exchange of data. The data exchange medium may be wired (e.g., Ethernet over twisted pair, fibre-optic, etc.), wireless (e.g., Wi-Fi, Bluetooth), or a combination of the two.


 * Computer System
 * One or more interconnected computers with associated software and peripheral devices. It can include sensors and/or (programmable logic) controllers, connected over a computer network. Computer systems can be general purpose (e.g. a laptop) or specialised (e.g. the ‘blue force tracking system’).


 * Critical Infrastructure
 * Physical or virtual systems and assets of a State that are so vital that their incapacitation or destruction may debilitate a State’s security, economy, public health or safety, or the environment.


 * Cyber
 * Connotes a relationship with information technology.


 * Cyber Activity
 * Any activity that involves the use of cyber infrastructure or employs cyber means to affect the operation of such infrastructure. Such activities include, but are not limited to, cyber operations.


 * Cyber Infrastructure
 * The communications, storage, and computing devices upon which information systems are built and operate.


 * Cyber Operation
 * The employment of cyber capabilities to achieve objectives in or through cyberspace. In this Toolkit, the term is generally used in an operational context (see also cyber activity).


 * Cyber Reconnaissance
 * The use of cyber capabilities to obtain information about activities, information resources, or system capabilities.


 * Cyber System
 * See computer system.


 * Cyberspace
 * The environment formed by physical and non-physical components to store, modify, and exchange data using computer networks.

D

 * Data
 * The basic element that can be processed or produced by a computer to convey information. The fundamental digital data measurement is a byte.


 * Data Centre
 * A physical facility used for the storage and processing of large volumes of data. A data centre can be used solely by users belonging to a single enterprise or shared among multiple enterprises, as in cloud computing data centres. A data centre can be stationary or mobile (e.g., housed in a cargo container transported via ship, truck, or aircraft).


 * Database
 * A collection of interrelated data stored together in one or more computerised files.


 * Deep Fake
 * A fabricated video created through the use of machine learning techniques and human image synthesis. A deep fake can contain statements and conduct by real persons that never occurred in reality.


 * Denial of Service (DoS)
 * The non-availability of computer system resources to their users. A denial of service can result from a cyber operation.


 * Distributed Denial of Service (DDoS): A technique that employs multiple computing devices (e.g., computers or smartphones), such as the bots of a botnet, to cause a denial of service to a single or multiple targets.
 * Domain Name
 * A unique, alphanumeric, human-readable name for a computer. All computers that are addressable via the Internet have a unique globally routable Internet protocol (IP) address. IP addresses can be registered with a Domain Name System (DNS) service provider. A DNS server uses a structured zone file to translate domain names into IP addresses and vice versa. The Internet Assigned Numbers Authority (IANA) is the central authority for assigning top-level domain (TLD) names and IP addresses. The term top-level domain name refers to the highest level in the hierarchy of the Internet domain name system. Examples of such TLDs, also sometimes referred to as domain name extensions, include: ‘.org’, ‘.int’, and ‘.mil’.

E

 * Electronic Warfare
 * The use of electromagnetic (EM) or directed energy to exploit the electromagnetic spectrum. It may include interception or identification of EM emissions (e.g., SIGINT), employment of EM energy, prevention of hostile use of the EM spectrum by an adversary, and actions to ensure efficient employment of that spectrum by the user-State. An example of electronic warfare is radio frequency jamming.

F

 * Firmware
 * Low level programming that acts as an interface between hardware and software.

H

 * Hack-back
 * A type of active cyber defence, the main purpose of which is to take action against an identified source of a malicious cyber operation. Typically, a hack-back is designed to mitigate the effects of, or stop, the malicious activity, or to gather technical evidence that can be used for attribution purposes.


 * Hacktivist
 * A private citizen who on his or her own initiative engages in hacking for, inter alia, ideological, political, religious, or patriotic reasons.


 * Hardware
 * See cyber infrastructure.


 * Honeynet
 * A virtual environment consisting of multiple honeypots, designed to deceive an intruder into assuming that he or she has located a network of computing devices of targeting value.


 * Honeypot
 * A deception technique in which a person seeking to defend computer systems against malicious cyber operations uses a physical or virtual environment designed to lure the attention of intruders with the aim of: deceiving the intruders about the nature of the environment; having the intruders waste resources on the decoy environment; and gathering counter-intelligence about the intruder’s intent, identity, and means and methods of cyber operation. Typically, the honeypot is co-resident with the actual systems the intruder wishes to target.

I

 * Industrial Control System (ICS)
 * A general term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).


 * Internet
 * A global system of interconnected computer networks that use the Internet Protocol suite and a clearly defined routing policy.


 * Internet Protocol (IP)
 * A protocol for addressing hosts and routing datagrams (i.e., packets) from a source host to the destination host across one or more IP networks.


 * Internet Protocol (IP) Address
 * A unique identifier for a device on an IP network, including the Internet.


 * Internet Service Provider (ISP)
 * An organisation that provides the network connectivity that enables computer network users to access the Internet.

J

 * Jamming
 * See electronic warfare.

K

 * Kill switch
 * A mechanism used to shut down or disable a cyber device or a cyber capability (such as a malware) after a specified time period or when remotely activated.

L

 * Logic Bomb
 * Malware that is designed to initiate a malicious sequence of actions if specified conditions are met.

M

 * Malware
 * Software that may be stored and executed in other software, firmware, or hardware that is designed adversely to affect the performance of a computer system. Examples of malware include Trojan horses, rootkits, viruses, and worms.


 * Metadata
 * Data that provides information about other data, such as its time of creation and origin. Metadata is essential when categorising, searching, storing, and understanding information.

N

 * Network Segmentation
 * The division of a computer network into smaller, distinct parts (subnetworks), usually for the purposes of enhancing performance and improving security.


 * Network Sniffer
 * Software used to observe and record network traffic.


 * Network Throttling
 * A technique to limit the availability of bandwidth to users of communications networks, also known as ‘bandwidth throttling’ and ‘network bandwidth throttling’.

P

 * Passive Cyber Defence
 * The taking of measures for detecting and mitigating cyber intrusions and the effects of cyber operations that does not involve launching a preventive, pre-emptive, or counter-operation against the source. Examples of passive cyber defence measures are firewalls, patches, anti-virus software, and digital forensics tools.


 * Phishing
 * A type of social engineering attack most commonly executed by the use of email, social networks, or instant messaging. The perpetrator attempts to lure unsuspecting victims into visiting a malicious website, opening an infected document, or executing actions on behalf of the attacker. The purpose of a phishing operation is generally to acquire sensitive information, such as user credentials, personal data, or credit card details.


 * Programmable logic controller (PLC)
 * An electronic device, which carries out the control functions of various automatized processes in a broad range of industries, including manufacturing, travel, and agriculture. A PLC may be further networked to other PLCs and SCADA systems.

R

 * Rootkit
 * Malware installed on a compromised computer that allows a perpetrator to maintain privileged access to that computer and to conceal his or her activities therein from the operating system and the legitimate users of that computer.

S

 * Server
 * A physical or virtual computer dedicated to running one or more computing services. Examples include network and database servers.


 * Server Farm
 * A form of cluster computing in which a large number of servers are collocated in a data centre.


 * Software
 * The non-physical components of a computer system and cyber infrastructure. These components encompass programs, including operating systems, applications, and related configuration and run-time data.


 * Software Agent
 * A computer process, managed by a computer operating system, which performs one or more tasks on behalf of a human user. It is possible for software agents to operate autonomously or to communicate and coordinate their actions with other software agents in a distributed computing environment. For instance, software agents are used for executing queries across distributed repositories of information available via the World Wide Web (WWW).


 * Spear-phishing
 * A phishing operation that targets particular individuals and involves a higher level of sophistication and tailored content. Many malicious cyber operations begin with a spear-phishing campaign.


 * Spoofing
 * Impersonating a legitimate resource or user to gain unauthorised entry into an information system or to make it appear that some other organisation or individual has initiated or undertaken certain cyber activity.


 * Steganography
 * The technique of hiding content within other content. For example, there are computer-based steganographic techniques and tools for embedding the contents of a computer file containing engineering diagrams and text into an image file (e.g., a JPG document) such that the existence of the engineering data in the image file is difficult for the observer to detect.


 * Stuxnet
 * A computer worm that was designed to target Supervisory Control and Data Acquisition (SCADA) systems developed by Siemens Corporation. The payload of the Stuxnet malware included a programmable logic controller rootkit. Stuxnet was used to target centrifuges involved in the enrichment of uranium in Iran. For further information, see Stuxnet (2010).


 * Supervisory Control and Data Acquisition (SCADA)
 * Computer systems and instrumentation that provide for monitoring and controlling industrial, infrastructure, and facility-based processes, such as the operation of power plants, water treatment facilities, electrical distribution systems, oil and gas pipelines, airports, and factories.

V

 * Virus
 * A type of malware with self-replicating capability that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence.


 * Very Small Aperture Terminal (VSAT)
 * A portable satellite ground station used for two-way communications. VSATs are commonly used for broadband satellite communications at remote locations, for instance by emergency rescue teams and vessels at sea.

W

 * Website
 * A set of related web pages containing information. A website is hosted on one or more web servers. The World Wide Web (WWW) is comprised of all of the publicly accessible websites.


 * Whaling
 * Also known as whale phishing, is a type of spear-phishing attack that specifically targets an organisation’s senior management, executives, and other high profile individuals.


 * Wi-Fi
 * A type of high-speed wireless networking.


 * Worm
 * A type of malware that is able to self-replicate and autonomously spread across computer networks, unlike a virus that relies on embedding in another application in order to propagate to other computer systems.

X

 * XML Tag
 * A markup construct that is part of the open standard known as the Extensible Markup Language (XML). The tag is both human- and machine-readable and used to encode the syntactic parts of the content of a document. For example, references in this Toolkit are delimited by the opening and closing tags  and.