D
Glossary

An attack surface consists of the set of all possible access pathways through which an attacker could engage with a cyber system and its operations.

Cyber refers to the technology and culture of computers, information technology, and communications. Cyber encompasses all technical artifacts that incorporate programmable digital devices (as opposed to analog and fixed function devices). There are many related definitions, for example, see Cybersecurity Myths and Misconceptions.¹

Cyber-enabled refers to devices and systems that incorporate or embed cyber technology.

Cyber-physical system (CPS) is a system that incorporates programmable logic, sensors, and actuators that enable it to perceive and engage with the “real world.” CPS are employed in industrial controls (control systems), domestic devices (cameras, digital thermostats), network control (routers and switches), and infrastructure operations. Modern cars are examples of CPS and contain many subordinate elements that are themselves CPS. Most modern buildings are also examples, using diverse sensors and actuators for HVAC, elevators, lighting, security, and the like.

Cyber resilience is the ability of an organization, system, or function to withstand and recover from cyberattacks.

Cybersecurity is the use of technologies and practices to protect systems, networks, and data from cyberattacks.

Internet of Things (IoT) refers to “small” cyber-physical systems (CPS) that are connected on a network, and often also to the public Internet. Because most CPS are network connected, the distinction between operational technology (OT) and IoT, if there is one, centers around the “smallness” of the related system. OT is used to distinguish between operational systems like automated machinery and conventional “IT” systems that support business operations. Needless to say, the distinction is increasingly muddled.

Large language model (LLM) is a type of neural-network-based artificial intelligence model that uses deep learning to perform natural language processing tasks, typically by predicting, in response to a prompt, the next tokens (roughly, words) in a stream of natural language. The models are fundamentally statistical predictors that are trained on large amounts of data to learn patterns and rules of language.

Least privilege is a principle of systems design and operation whereby those who perform tasks, whether they be humans or other system elements, are granted access and other privileges just sufficient to perform the intended task. It is analogous to the security concept of “need to know.”

Memory safety, similar to type safety, is a property of some programming languages. Memory safety means that memory cannot be accessed except according to the identified rules. These rules generally include prohibiting access to regions of memory outside of the regions or defined bounds of storage associated with a particular computational process. Memory safety also includes prohibiting access to memory that is not currently allocated to specific objects—memory not in use cannot be referenced. Memory safety can also include mechanisms to regulate access to memory that might be exposed to multiple threads of execution, for example to prevent data races where one thread sees objects that are currently being modified by another thread. Memory safety and type safety can dramatically reduce vulnerabilities that enable buffer overflow attacks and use-after-free attacks. Go, Rust, and Java are examples of languages that are both type safe and memory safe. C is decidedly not memory or type safe. In C, for example, the bit sequences in memory are always exposed, and can be interpreted as many kinds of objects and modified without regard to those interpretations.

NPM stands for node package manager. NPM is a library and registry for more than 1 million JavaScript software packages used in the development and operation of web applications.

Reliability refers to the quality of being trustworthy or of performing consistently well. See also the definition of resilience and trustworthiness below.

Resilience: The classic definition is “the capacity to withstand or to recover quickly from difficulties.” There is an entire discipline of resilient engineering that evolved with a focus on critical infrastructure like bridges, highways, municipal water and sewer systems, and electrical distribution systems. In these cases, there are traditional core resilience metrics such as availability and recovery time (https://in.nau.edu/comptroller/bcdr-glossary has an extensive list of related definitions). For cyber systems, resilience more often refers to the capacity of a system to continue to operate in an effective manner when there are internal faults and attacks, though perhaps in a degraded manner. Faults can include human errors by operators and users. The military uses a term “operate through” to refer to this important characteristic. When multiple systems are interconnected, resilience includes avoidance of cascading failures and other amplifying effects, instead localizing and when necessary isolating portions of the overall system that have been impaired or compromised. A challenge for cyber systems is that they often do not have clearly measurable qualities—because vulnerabilities and faulty operations are often not visible and even unknown. In common usage, a resilient cyber system can repel or otherwise protect against attacks whose effects may not be visible thus incorporating the notion of trustworthiness inherent in reliability.

Root of Trust (RoT) refers to a small “secure” component that measures aspects of software and firmware content in order to assure integrity of configurations. The RoT component typically contains long-term, critical secrets that allow a system to attest to safety properties. RoT is important, for example, in ensuring a provider of confidential information that a remote system will only operate on that information in a permitted manner.

Safe is the condition of being protected from or unlikely to cause danger, risk, or injury, including to human operators, users, and others.

Secure is the state of being free from danger or threat, and operating in a trustworthy manner (see reliability). In the context of cyber, secure systems are resistant to attack.

Software bill of materials (SBOM) is an inventory that identifies the software elements that are assembled into an integrated software application, including components, libraries, and services. These can include components and libraries from vendors, custom developers, and open-source projects, as well as services from public and private cloud providers of various kinds, including commercial software as a service. The SBOM inventory can be structured hierarchically to represent how system elements are recursively composed from subordinate system elements. It is sometimes appropriate to interpret the scope of SBOM more broadly, to also include elements such as architectural design patterns, code snippets copied from example code, and other elements that may not have identified producers.

A system is a set of components and services operating as an ensemble as parts of a mechanism or in an interconnecting network. Examples range from software systems to a railroad system.

Trust is a judgment made by people regarding the reliability or cybersecurity risk associated with a system. The best basis for trust is trustworthiness of the system. But trust can also be derived from reputation, alignment of business incentives, and other extrinsic attributes.

Trusted computing base (TCB) refers to the collection of software and hardware technology that is most critical to secure and reliable operations of a system. A TCB is intended to be the smallest portion of a system for which operations must be completely trustworthy and reliable. Elements of a system not in the TCB might possibly misbehave but without catastrophic consequence.

Trustworthiness is an attribute of a system or other artifact that relates to its reliability and security. Judgments of trustworthiness are derived from intrinsic attributes of a system and its design, with judgments generally based on evidence.

Type safety is a property of some programming language designs where there is enforcement of the manner in which lower-level representations, such as a sequence of bits, are interpreted as higher level abstract objects, such as sensor signals, data from a table, or imagery. The various kinds of objects are referred to as types or abstractions, and given names. Type safety additionally assures that low-level representations cannot be interpreted or tampered with except according to the rules associated with the higher-level types.

Vulnerabilities are exposed features of attack surface that could admit the possibility of a successful attack, or exploit. Attack surface could be exposed network portals, web application programming interfaces (APIs) exposed to browsers, software APIs exposed to rogue software elements, physical components attached to a shared hardware bus, and so on. Attack surfaces can also include physical elements of hardware, such as for timing and power attacks. The span or extent of attack surface can be difficult to quantify. In larger systems, some attack surfaces offer more opportunity for an attacker than others, and it is a security design principle to minimize these “high consequence” attack surfaces (see trusted computing base).

Work factor refers to the extent of human attention and computational resources to perform an identified attack. It is often used in an adversarial context such as the “extent of computational effort to break a cipher without the key.” It is also used to describe the extent of difficulty presented to an attacker to successfully penetrate a vulnerable attack surface. For example, there may be less work factor in an attack launched over a network than in an attack that requires a human agent to be physically proximate to the target.

Zero trust (ZT) is a design methodology for interconnected systems and for larger systems with multiple subordinate subsystems that emphasizes the principle of least privilege supported by identity and authorization techniques whereby credentials must be reasserted when internal system and operational boundaries are crossed. ZT is designed to avoid Maginot-Line situations where an agent (e.g., a human operator or malware code), having penetrated a perimeter, then has unrestricted access to everything contained. Instead, there are repeated challenges for identity and authorization that have the effect of creating resilience in operations, as described above.