Process control methods and apparatus for intrusion detection, protection and network hardening
First Claim
1. A digital data network for use with process control systems, computer-based manufacturing/production control systems, environmental control systems, and/or industrial control system (collectively, “
- control systems”
), the digital data network comprising;
A. a plurality of digital data devices, B. network media that is coupled to digital data devices to support communications therewith, C. the digital data network comprising a first zone and a second zone, each zone including one or more of the digital data devices and the network media that is coupled thereto, the first zone comprising digital data devices executing business applications, the second zone comprising devices that monitor and control a control system, D. the network media of the first zone being coupled for at least selected communications to an external network by a first firewall, and E. the network media of the second zone being coupled for selected communications to the first zone by a second firewall and any of an intrusion protection system and an intrusion detection system.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention provides an improved network and methods of operation thereof for use in or with process control systems, computer-based manufacturing or production control systems, environmental control systems, industrial control system, and the like (collectively, “control systems”). Those networks utilize a unique combination of firewalls, intrusion detection systems, intrusion protection devices and/or other devices for hardening (e.g., security against hacking, intrusion or other mischievous conduct) and/or intrusion detection. The networks and methods have application, by way of example, in plants, sites and other facilities in which networks that support control systems interface with corporate, business or other networks.
-
Citations
31 Claims
-
1. A digital data network for use with process control systems, computer-based manufacturing/production control systems, environmental control systems, and/or industrial control system (collectively, “
- control systems”
), the digital data network comprising;
A. a plurality of digital data devices, B. network media that is coupled to digital data devices to support communications therewith, C. the digital data network comprising a first zone and a second zone, each zone including one or more of the digital data devices and the network media that is coupled thereto, the first zone comprising digital data devices executing business applications, the second zone comprising devices that monitor and control a control system, D. the network media of the first zone being coupled for at least selected communications to an external network by a first firewall, and E. the network media of the second zone being coupled for selected communications to the first zone by a second firewall and any of an intrusion protection system and an intrusion detection system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- control systems”
-
13. A digital data network for use with process control systems, computer-based manufacturing/production control systems, environmental control systems, and/or industrial control system (collectively, “
- control systems”
), the digital data network comprising;
A. a first network zone comprising one or more digital data processors that are coupled for communications via network media and that execute applications to provide any of a monitoring and control interface to control devices of the control system, B. a second network zone comprising one or more digital data processors that are coupled for communication via network media and that execute any of business, engineering and scientific applications and functions (collectively, “
business applications”
) connected with a manufacturing, environmental control, industrial or other operation in which control systems are employed,C. a third network zone comprising one or more digital data processors that are coupled for communication via network media and that execute business applications, D. the network media of the third network zone being coupled to a public network by a first firewall and any of a first intrusion protection system and a first intrusion detection system, E. the network media of the second network zone being coupled to the network media of the third network zone by a second firewall, F. the network media of the first network zone being coupled to the network media of the second network zone by a firewall and any of a second intrusion protection system and a second intrusion detection system. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- control systems”
-
22. A method of operating a digital data network for use with process control systems, computer-based manufacturing/production control systems, environmental control systems, and/or industrial control system (collectively, “
- control systems”
), the method comprising;
A. executing business applications on or more digital data processors that are interconnected in a first zone on the network, B. controlling the control system with one or more digital data processors that are interconnected in a second zone on the network, C. filtering with a first firewall digital data traffic between an external network and the first zone, D. filtering with a second firewall digital data traffic between the first zone and the second zone, and E. monitoring with any of an intrusion detection system and an intrusion detection system digital data traffic traveling between the first zone and the second zone. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- control systems”
Specification