×

Overlay cyber security networked system and method

  • US 10,250,619 B1
  • Filed: 05/13/2016
  • Issued: 04/02/2019
  • Est. Priority Date: 06/17/2015
  • Status: Active Grant
First Claim
Patent Images

1. An overlay cyber security method comprising:

  • providing an overlay secure network comprising a communication channel associated with a Process Control Network (PCN);

    associating, with each component of the Process Control Network (PCN), identification information that generates an identity for each component, the identity permitting timestamp information to be associated with one or more physical-level signals received or output by the component;

    receiving, by at least one security device via the communication channel of the overlay security network, physical-level signals received or output by a component of the Process Control Network (PCN);

    receiving, by the at least one security device and using the communication channel, at least one physical-level signal received by a controller of the component or at least one network-level signal output by the controller of the component;

    obtaining, by the at least one security device, derived state information associated with the component via a network, the derived state information including the timestamp information associated with the one or more physical-level signals received or output by the component;

    obtaining, by the at least one security device, stored historical state information associated with the component from a computer-readable historian device, the historical state information including stored timestamp information;

    determining, by the at least one security device, occurrence of an unexpected state associated with the component based on a vertical consistency comparison of the physical level signals received or outputted by the component and one of the derived state information and said or the historical state information, and based on a horizontal state estimation consistency comparison of a plurality of said physical-level signals including the physical level signals received or outputted by the component and physical level signals received or outputted by other components at a same level as the component in the Process Control Network (PCN);

    capturing and storing information associated with the unexpected state using an event message, the captured and stored information including the identification information associated with the component of the PCN and a unique identifier associated with the security device;

    transforming the event message into a formatted message; and

    outputting the formatted message via an interface to a forensic analysis system.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×