Secured process control communications
First Claim
1. A system for securely transporting communications from a process plant to another system, the secured communications transport system comprising:
- a data diode disposed between a network of the process plant and a network of the other system, the data diode including one or more input ports, one or more output ports, and a communication link interconnecting the one or more input ports to the one or more output posts;
an edge gateway interconnecting the one or more output ports of the data diode and the network of the other system, the edge gateway storing a respective copy of a first key; and
a field gateway interconnecting the process plant network and the one or more input ports of the data diode, the field gateway storing a respective copy of the first key and including one or more non-transitory memories storing computer-readable instructions thereon that, when executed by one or more processors of the field gateway, cause the field gateway to generate a second key, encrypt the second key using the first key, and transmit, via the data diode, the encrypted second key to the edge gateway,the computer-readable instructions of the field gateway are further executable to cause the field gateway to (i) encrypt, using the second key, data that is generated by devices of the process plant while the process plant is operating to control an industrial process, the data generated by the devices of the process plant while the process plant is operating to control the industrial process being process plant data, and the process plant data secured by the devices of the process plant for delivery, via the process plant network, to the field gateway, and (ii) transmit the encrypted process plant data across the data diode to the edge gateway, andthe edge gateway including one or more non-transitory memories storing computer-readable instructions thereon that, when executed by one or more processors of the edge gateway, cause the edge gateway to decrypt, using the second key, the encrypted process plant data received via the data diode, secure the decrypted process plant data, and transmit the secured process plant data to the network of the other system.
1 Assignment
0 Petitions
Accused Products
Abstract
Securing communications from a process plant to a remote system includes a data diode disposed therebetween that allows data to egress from the plant but prevents ingress of data into the plant and its associated systems. Data is secured across the data diode by securely provisioning a sending device at the plant end of the diode to a receiving device at the remote system end. The sending and receiving devices share secret key material that is recurrently updated. To ensure fidelity of communications across the unidirectional data diode, the sending device recurrently provides context information that is descriptive of data sources of the plant. Additionally, data transmitted from plant data sources to the sending device of the data diode may be secured using a respective security mechanism/technique, and data transmitted from the receiving device of the data diode to the remote system may be secured using a respective security mechanism/technique.
-
Citations
51 Claims
-
1. A system for securely transporting communications from a process plant to another system, the secured communications transport system comprising:
-
a data diode disposed between a network of the process plant and a network of the other system, the data diode including one or more input ports, one or more output ports, and a communication link interconnecting the one or more input ports to the one or more output posts; an edge gateway interconnecting the one or more output ports of the data diode and the network of the other system, the edge gateway storing a respective copy of a first key; and a field gateway interconnecting the process plant network and the one or more input ports of the data diode, the field gateway storing a respective copy of the first key and including one or more non-transitory memories storing computer-readable instructions thereon that, when executed by one or more processors of the field gateway, cause the field gateway to generate a second key, encrypt the second key using the first key, and transmit, via the data diode, the encrypted second key to the edge gateway, the computer-readable instructions of the field gateway are further executable to cause the field gateway to (i) encrypt, using the second key, data that is generated by devices of the process plant while the process plant is operating to control an industrial process, the data generated by the devices of the process plant while the process plant is operating to control the industrial process being process plant data, and the process plant data secured by the devices of the process plant for delivery, via the process plant network, to the field gateway, and (ii) transmit the encrypted process plant data across the data diode to the edge gateway, and the edge gateway including one or more non-transitory memories storing computer-readable instructions thereon that, when executed by one or more processors of the edge gateway, cause the edge gateway to decrypt, using the second key, the encrypted process plant data received via the data diode, secure the decrypted process plant data, and transmit the secured process plant data to the network of the other system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method of securing communications between a process plant and an other system, the method comprising:
-
receiving, at a field gateway from a process plant network, data generated by one or more devices of the process plant while the process plant is operating to control an industrial process, the data generated by the one or more devices of the process plant being process plant data, and respective process plant data is secured, by each of the one or more devices via a first security mechanism, for transmission from the each of the one or more devices to the field gateway; securing, by the field gateway, the received process plant data via a second security mechanism, the second security mechanism including (i) a first key that is provisioned into one of;
an edge gateway communicatively connected to the other system, or the field gateway, the first key shared between the edge gateway and the field gateway, (ii) a second key that is encrypted based on the first key, and (iii) an encryption, by the field gateway and utilizing the second key, of the received process plant data; andtransporting the secured, process plant data across a data diode to the edge gateway for delivery to the other system, the communicative connection between the edge gateway and the other system secured by the edge gateway and the other system via a third security mechanism, and the data diode configured to prevent ingress of any data transmitted by the edge gateway into the field gateway. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
-
36. A method of securing communications between a process plant and an other system servicing the process plant, the method comprising:
-
(i) receiving, at an edge gateway via a data diode that is communicatively connected to a field gateway of the process plant, data generated by one or more devices of the process plant while the process plant is operating to control an industrial process, the data generated by the one or more devices of the process plant being process plant data, wherein; respective process plant data is secured, by each of the one or more devices via a first security mechanism, for transmission from the each of one or more devices to the field gateway, and is further secured, by the field gateway via a second security mechanism, for transport from the field gateway across the data diode to the edge gateway, the second security mechanism including (i) a first key that is provisioned into one of the edge gateway or the field gateway, the first key shared between the edge gateway and the field gateway, (ii) a second key that is encrypted based on the first key, and (iii) an encryption, by the field gateway and utilizing the second key, of the process plant data; and the data diode is configured to prevent ingress of any data transmitted by the edge gateway into the field gateway; (ii) decrypting, by the edge gateway using the second key, the process plant data encrypted by the field gateway and received at the edge gateway via the data diode; (iii) securing, by the edge gateway, the decrypted process plant data via a third mechanism; and (iv) transmitting, by the edge gateway to the other system, the process plant data secured by the edge gateway. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
Specification