Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications

US 20080109889A1
Filed: 10/31/2007
Published: 05/08/2008
Est. Priority Date: 07/01/2003
Status: Abandoned Application

First Claim

Patent Images

1. A secure supervisory control and data acquisition (SCADA) system, comprising:

a SCADA control host system configured to process SCADA information;

a remote device configured to communicate SCADA information with said control host system;

a modem coupled between said remote device and a communication line, wherein said modem is configured to allow for communication between said remote device and said communication line; and

a security module coupled between said modem and said remote device, said security module being configured to control access to said remote device by a user seeking access thereto from said communication line through said modem.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure supervisory control and data acquisition (SCADA) system is presented. The inventive system includes a SCADA control host system configured to process SCADA information, and at least one remote device configured to communicate SCADA information with the control host system. The inventive system further includes a modem coupled between the at least one remote device and a communication line, wherein the modem is configured to allow for communication between the remote device and the communication line. The system further includes a security module coupled between the modem and the remote device. The security module is configured to control access to the remote device by a user seeking access thereto from the communication line through the modem.

Citations

25 Claims

1. A secure supervisory control and data acquisition (SCADA) system, comprising:
- a SCADA control host system configured to process SCADA information;
  
  a remote device configured to communicate SCADA information with said control host system;
  
  a modem coupled between said remote device and a communication line, wherein said modem is configured to allow for communication between said remote device and said communication line; and
  
  a security module coupled between said modem and said remote device, said security module being configured to control access to said remote device by a user seeking access thereto from said communication line through said modem.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A SCADA system in accordance with claim 1 wherein said security module is configured to control access by requesting and receiving user identification information from said user through said modem, which is then compared with authorized user identification information stored in a centralized user database.
  - 3. A SCADA system in accordance with claim 2 wherein said centralized user database is stored in said control host system and said user information provided to said security module is communicated to said control host system for comparison with said information stored in said centralized database.
  - 4. A SCADA system in accordance with claim 1 wherein said control host system includes a host security device (HSD) coupled to a control host, said SCADA system further comprising:
    - a remote security device (RSD) coupled to said remote device;
      
      said HSD and said RSD are configured to establish secure communications between said control host and said remote device such that said HSD is configured to encrypt SCADA information received from said control host and to decrypt encrypted SCADA information that is encrypted by and received from said RSD, and said RSD is configured to encrypt SCADA information received from said remote device and to decrypt encrypted SCADA information that is encrypted by and received from said HSD.
  - 5. A SCADA system in accordance with claim 4 wherein said security module is coupled to and configured for communication with said RSD so as to allow communication between said security module and said control host system.
  - 6. A SCADA system in accordance with claim 1 wherein said system includes a plurality of remote devices.
  - 7. A SCADA system in accordance with claim 6 wherein said security module is configured to allow said user to select which of said plurality of remote devices said user wishes to access.
  - 8. A SCADA system in accordance with claim 7 wherein said security module is further configured to allow said user to switch from a first one of said plurality of remote devices to a second one of said plurality of remote devices, thereby allowing said user to access multiple ones of said plurality of remote devices.

9. A method of securing a supervisory control and data acquisition (SCADA) system, comprising the steps of:
- providing a SCADA control host system configured to process SCADA information;
  
  providing a remote device configured to communicate SCADA information with said control host system;
  
  providing a modem coupled between said remote device and a communication line wherein said modem is configured to allow for communication between said remote device and said communication line;
  
  providing a security module coupled between said modem and said remote device to control access to said remote device by a user seeking access thereto from said communication line;
  
  receiving, at said security module, predetermined user identification information provided by said user through said modem;
  
  comparing said user identification information with authorized user information stored in a centralized user database located within said system;
  
  if said provided user identification information matches said authorized user information, allowing access to said selected remote device, otherwise denying access.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A method in accordance with claim 9 wherein:
    - said providing a control host system step includes providing a control host system comprising a control host coupled to a host security device (HSD); and
      
      said method further including providing a remote security device (RSD) coupled to said remote device to allow for communication of SCADA information therebetween, wherein said HSD and said RSD are configured to establish secure communications between said control host system and said remote device, said RSD further coupled to said security module to allow for said security module to communicate with said control host system.
  - 11. A method in accordance with claim 9 wherein said providing a control host system step includes providing a control host system in which said centralized user database is located, said method further comprising:
    - sending said user information provided by said user at said security module to said control host system through said RSD for comparison with said authorized user information in said centralized database to authenticate said user.
  - 12. A method in accordance with claim 9 wherein said providing a remote device step comprises the substep of providing a plurality of remote devices, said method further comprising the step of:
    - prompting, by said security module, said user to select one of said plurality of remote devices for which access is sought.
  - 13. A method in accordance with claim 12 wherein said method further comprises the step of:
    - terminating access to said selected one of said plurality of remote devices;
      
      prompting said user, by said security module, to select a second one of said plurality of remote devices which said user wishes to access; and
      
      granting access to said second one of said plurality of remote devices.

14. A secure supervisory control and data acquisition (SCADA) system, comprising:
- a SCADA control host system configured to process SCADA information;
  
  a remote device configured to communicate SCADA information with said control host system;
  
  a workstation configured to communicate with said control host system and said remote device; and
  
  a security module coupled between said workstation and said remote device, said security module being configured to control access to said remote device by a user operating said workstation.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A SCADA system in accordance with claim 14 wherein said security module is configured to control access to said remote device by requesting and receiving user identification information from said user through said workstation which is then compared with authorized user information stored in a centralized database.
  - 16. A SCADA system in accordance with claim 15 wherein said centralized database is stored in said control host system and said security module is configured to send said user identification information to said control host system.
  - 17. A SCADA system in accordance with claim 14 wherein said control host system includes a host security device (HSD) coupled to a control host;
    - said SCADA system further comprising;
      
      a remote security device (RSD) coupled to said remote device;
      
      said HSD and said RSD configured to establish secure communications between said control host and said remote device such that said HSD is configured to encrypt SCADA information received from said control host and to decrypt encrypted SCADA information that is encrypted by and received from said RSD, and said RSD is configured to encrypt SCADA information received from said remote device and to decrypt encrypted SCADA information that is encrypted by and received from said HSD.
  - 18. A SCADA system in accordance with claim 14 further comprising a network, wherein said control host system and said workstation are connected to said network to allow for communication therebetween.
  - 19. A SCADA system in accordance with claim 14 wherein said system includes a plurality of remote devices.
  - 20. A SCADA system in accordance with claim 19 wherein said security module is configured to prompt said user to select which one of said plurality of remote devices said user desires to access.

21. A method of securing a supervisory control and data acquisition (SCADA) system, comprising the steps of:
- providing a SCADA control host system that is connected to a network wherein said control host system is configured to process SCADA information;
  
  providing a remote device configured to communicate SCADA information with said control host system;
  
  providing a workstation connected to said network and configured to communicate with said control host system and said remote device;
  
  providing a security module coupled between said workstation and said remote device configured to communicate with said workstation to control access to said remote device by a user operating said workstation;
  
  receiving, at said security module, predetermined said user identification information provided by said user at said workstation;
  
  comparing said user identification information with authorized user identification information stored in a centralized user database;
  
  allowing access to said remote device if said user information matches said authorized information, otherwise denying access to said remote device.
- View Dependent Claims (22, 23, 24, 25)
- - 22. A method in accordance with claim 21 wherein:
    - said providing a control host system includes providing a control host system in which said centralized database is stored;
      
      said method further including the step of sending said user identification information from said security module to said control host system for comparison with said authorized user information stored in said centralized database.
  - 23. A method in accordance with claim 22 wherein said sending said user identification information to said control host system step includes sending said user identification information to said workstation, which then, in turn, transmits said user identification information to said control host system over said network.
  - 24. A method in accordance with claim 21 wherein said providing a remote device comprises providing a plurality of remote devices, said method further comprising the step of:
    - prompting, by said security module, said user at said workstation, prior to allowing access to said remote devices, to select one of said plurality of remote devices for which access is sought.
  - 25. A method in accordance with claim 24 wherein said method further includes the steps of:
    - terminating access to said selected one of said plurality of remote devices;
      
      prompting said user, by said security module, to select a second one of said plurality of remote devices which said user wishes to access; and
      
      granting access to said second one of said plurality of remote devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Robert Thomas Sill
Original Assignee
Robert Thomas Sill
Inventors
Bartels, Andrew

Application Number

US11/980,851
Publication Number

US 20080109889A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G05B 2219/24097   Camera monitors controlled ...

G05B 2219/25205   Encrypt communication

G05B 2219/36542   Cryptography, encrypt, acce...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/12   Applying verification of th...

Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links