1. Home
  2. Assets
  3. Workstation

Workstation

Workstations are devices used by human operators or engineers to perform various configuration, programming, maintenance, diagnostic, or operational tasks. Workstations typically utilize standard desktop or laptop hardware and operating systems (e.g., MS Windows), but run dedicated control system applications or diagnostic/management software to support interfacing with the control servers or field devices. Some workstations have a fixed location within the network architecture, while others are transient devices that are directly connected to various field devices to support local management activities.

ID: A0001
Platforms: Linux, Windows
Sectors: General
Version: 2.1
Created: 28 September 2023
Last Modified: 23 April 2026
Version Permalink

Related Assets

Name Sectors Description
Transient Cyber Asset (TCA) Electric

A Transient Cyber Asset (TCA)[1] is a mobile workstation that is used to support management functions across multiple different networks, rather than being dedicated to any specific device/network. The TCA is often used to directly manage ICS environments that do not have any dedicated support for external remote access. Therefore, the TCA provides a mechanism for connectivity and file transfer to many networks/devices, even if they are segmented or "air gapped" from other networks.

Engineering Workstation (EWS) General

An Engineering Workstation (EWS) is used to perform various maintenance, configuration, or diagnostics functions for a control system. The EWS will likely require dedicated application software to interface with various devices (e.g., RTUs, PLCs), and may be used to transfer data or files between the control system devices and other networks.

ICS Layer
download view

Techniques

Domain ID Name
ICS T0830 Adversary-in-the-Middle
ICS T0895 Autorun Image
ICS T1695 Block Communications
.001 Serial COM
.002 Ethernet
.003 Wi-Fi
ICS T0892 Change Credential
ICS T0807 Command-Line Interface
ICS T0885 Commonly Used Port
ICS T0884 Connection Proxy
ICS T0809 Data Destruction
ICS T0893 Data from Local System
ICS T0816 Device Restart/Shutdown
ICS T0817 Drive-by Compromise
ICS T0871 Execution through API
ICS T0819 Exploit Public-Facing Application
ICS T0820 Exploitation for Evasion
ICS T0890 Exploitation for Privilege Escalation
ICS T0866 Exploitation of Remote Services
ICS T0823 Graphical User Interface
ICS T0874 Hooking
ICS T0872 Indicator Removal on Host
ICS T1694 Insecure Credentials
.001 Default Credentials
ICS T0883 Internet Accessible Device
ICS T0867 Lateral Tool Transfer
ICS T0849 Masquerading
ICS T0834 Native API
ICS T0840 Network Connection Enumeration
ICS T0842 Network Sniffing
ICS T0873 Project File Infection
.001 Siemens Project File Format
ICS T0846 Remote System Discovery
.001 Port Scan
.002 Broadcast Discovery
.003 Multicast Discovery
ICS T0888 Remote System Information Discovery
ICS T0847 Replication Through Removable Media
ICS T0851 Rootkit
ICS T0852 Screen Capture
ICS T0853 Scripting
ICS T0881 Service Stop
ICS T0865 Spearphishing Attachment
ICS T0869 Standard Application Layer Protocol
ICS T0862 Supply Chain Compromise
ICS T0894 System Binary Proxy Execution
ICS T0864 Transient Cyber Asset
ICS T0863 User Execution
ICS T0859 Valid Accounts
ICS T0860 Wireless Compromise
ICS T0887 Wireless Sniffing

References

  1. North American Electric Reliability Corporation 2021, June 28 Glossary of Terms Used in NERC Reliability Standards Retrieved. 2021/10/11