Near-real-time export of cyber-security risk information

US 10,135,855 B2
Filed: 01/19/2016
Issued: 11/20/2018
Est. Priority Date: 01/19/2016
Status: Active Grant

First Claim

Patent Images

1. A method for exporting cyber-security risk information in an industrial control system, comprising:

monitoring, by a risk manager system, a plurality of connected devices in the industrial control system that are vulnerable to cyber-security risks;

detecting, by the risk manager system, a cyber-security risk to one or more devices of the plurality of connected devices being monitored;

identifying, by the risk manager system, an external system to be notified of the cyber-security risk;

determining whether to send one or more filtered data streams or one or more unfiltered data streams to the external system based on a user selection option, the user selection option based on whether the external system is (i) a first system configured to process the one or more unfiltered data streams and not qualified for data collection in the industrial control system, or (ii) a second system configured to display the one or more filtered data streams to a user;

receiving at least one filtering option for the one or more filtered data streams or the one or more unfiltered data streams; and

sending cyber-security risk data, by the risk manager system, to the external system according to the cyber-security risk and the at least one filtering option.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides an apparatus and method for near-real-time export of cyber-security risk information, including but not limited to in industrial control systems and other systems. A method includes monitoring, by a risk manager system, a plurality of connected devices that are vulnerable to cyber-security risks. The method includes detecting a cyber-security risk to one or more of the devices being monitored. The method includes identifying an external system to be notified of the detected cyber-security risk. The method includes sending cyber-security risk data to the external system according to the detected cyber-security risk and at least one filtering option.

Citations

20 Claims

1. A method for exporting cyber-security risk information in an industrial control system, comprising:
- monitoring, by a risk manager system, a plurality of connected devices in the industrial control system that are vulnerable to cyber-security risks;
  
  detecting, by the risk manager system, a cyber-security risk to one or more devices of the plurality of connected devices being monitored;
  
  identifying, by the risk manager system, an external system to be notified of the cyber-security risk;
  
  determining whether to send one or more filtered data streams or one or more unfiltered data streams to the external system based on a user selection option, the user selection option based on whether the external system is (i) a first system configured to process the one or more unfiltered data streams and not qualified for data collection in the industrial control system, or (ii) a second system configured to display the one or more filtered data streams to a user;
  
  receiving at least one filtering option for the one or more filtered data streams or the one or more unfiltered data streams; and
  
  sending cyber-security risk data, by the risk manager system, to the external system according to the cyber-security risk and the at least one filtering option.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the at least one filtering option specifies an output format of the cyber-security risk data.
  - 3. The method of claim 2, wherein the output format is one of an email message, a syslog service output, and a text messaging notification.
  - 4. The method of claim 2, wherein the output format is one of a comma-separated values format and a key-value pairs format.
  - 5. The method of claim 1, wherein the at least one filtering option specifies at least one of a source of the cyber-security risk, a severity of the cyber-security risk, the one or more devices affected by the cyber-security risk, or an affected zone of the one or more devices affected by the cyber-security risk.
  - 6. The method of claim 1, wherein the at least one filtering option specifies only sending data when the detected cyber-security risk crosses above a defined threshold.
  - 7. The method of claim 1, wherein identifying the external system to be notified of the cyber-security risk comprises identifying at least one of an IP address and a port of the external system.

8. A risk manager system for exporting cyber-security risk information in an industrial control system, comprising:
- at least one processing device;
  
  at least one network interface; and
  
  at least one memory containing instructions,wherein the at least one processing device is configured, when executing the instructions, to;
  
  monitor a plurality of connected devices, in the industrial control system, that are vulnerable to cyber-security risks;
  
  detect a cyber-security risk to one or more devices of the plurality of connected devices being monitored;
  
  identify an external system to be notified of the cyber-security risk;
  
  determine whether to send one or more filtered data streams or one or more unfiltered data streams to the external system based on a user selection option, the user selection option based on whether the external system is (i) a first system configured to process the one or more unfiltered data streams and not qualified for data collection in the industrial control system, or (ii) a second system configured to display the one or more filtered data streams to a user;
  
  receive at least one filtering option for the one or more filtered data streams or the one or more unfiltered data streams; and
  
  send cyber-security risk data to the external system according to the cyber-security risk and the at least one filtering option.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The risk manager system of claim 8, wherein the at least one filtering option specifies an output format of the cyber-security risk data.
  - 10. The risk manager system of claim 9, wherein the output format is one of an email message, a syslog service output, or a text messaging notification.
  - 11. The risk manager system of claim 9, wherein the output format is one of a comma-separated values format and a key-value pairs format.
  - 12. The risk manager system of claim 8, wherein the at least one filtering option specifies at least one of a source of the cyber-security risk, a severity of the cyber-security risk, the one or more devices affected by the cyber-security risk, or an affected zone of the one or more devices affected by the cyber-security risk.
  - 13. The risk manager system of claim 8, wherein the at least one filtering option specifies only sending data when the detected cyber-security risk crosses above a defined threshold.
  - 14. The risk manager system of claim 8, wherein the at least one processing device is configured to identify the external system to be notified of the cyber-security risk by identifying at least one of an IP address and a port of the external system.

15. A non-transitory machine-readable medium encoded with executable instructions for exporting cyber-security risk information in an industrial control system that, when executed, cause one or more processors of a risk manager system to:
- monitor a plurality of connected devices, in the industrial control system, that are vulnerable to cyber-security risks;
  
  detect a cyber-security risk to one or more devices of the plurality of connected devices being monitored;
  
  identify an external system to be notified of the cyber-security risk;
  
  determine whether to send one or more filtered data streams or one or more unfiltered data streams to the external system based on a user selection option, the user selection option based on whether the external system is (i) a first system configured to process the one or more unfiltered data streams and not qualified for data collection in the industrial control system, or (ii) a second system configured to display the one or more filtered data streams to a user;
  
  receive at least one filtering option for the one or more filtered data streams or the one or more unfiltered data streams; and
  
  send cyber-security risk data to the external system according to the cyber-security risk and the at least one filtering option.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the at least one filtering option specifies an output format of the cyber-security risk data.
  - 17. The non-transitory machine-readable medium of claim 16, wherein the output format is at least one of an email message, a syslog service output, a text messaging notification, a comma-separated values format, or a key-value pairs format.
  - 18. The non-transitory machine-readable medium of claim 15, wherein the at least one filtering option specifies at least one of a source of the cyber-security risk, a severity of the cyber-security risk, the one or more devices affected by the cyber-security risk, or an affected zone of the one or more devices affected by the cyber-security risk.
  - 19. The non-transitory machine-readable medium of claim 15, wherein the at least one filtering option specifies only sending data when the detected cyber-security risk crosses above a defined threshold.
  - 20. The non-transitory machine-readable medium of claim 15, wherein the executable instructions when executed cause the one or more processors to identify the external system to be notified of the cyber-security risk by identifying at least one of an IP address and a port of the external system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Carpenter, Seth G., Knapp, Eric D.
Primary Examiner(s)
Lwin, Maung T

Application Number

US15/001,073
Publication Number

US 20170208086A1
Time in Patent Office

1,036 Days
Field of Search

None
US Class Current
CPC Class Codes

G05B 19/0428   Safety, monitoring G05B19/0...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1433   Vulnerability analysis

H04L 67/12   specially adapted for propr...

Near-real-time export of cyber-security risk information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Near-real-time export of cyber-security risk information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links