METHODS, SYSTEMS AND DEVICES FOR SECURING SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) COMMUNICATIONS
First Claim
1. A secure supervisory control and data acquisition (SCADA) system for communicating with a plurality of remote terminal units (RTUs), the secure SCADA system comprising:
- a SCADA control host configured to process SCADA information;
a transceiver configured to transfer the SCADA information between the SCADA control host and at least one of the plurality of remote terminal units; and
a host security device (HSD) operatively coupled between the SCADA control host and the transceiver, wherein the HSD is configured to transparently encrypt and decrypt the SCADA information passing through the HSD to thereby establish secure communications between the SCADA control host and the at least one of the plurality of remote terminal units, and to stream the SCADA information passing therethrough such that a portion of a first packet of SCADA information is encrypted/decrypted as it is received by the HSD and transferred to the at least one of the plurality of RTUs or the control host, respectively, concurrent with the receipt of another portion of the first packet by the HSD.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure supervisory control and data acquisition (SCADA) system includes a SCADA control host system and any number of remote terminal unit (RTU) systems. Each RTU system includes an RTU transceiver, an RTU and a remote security device (RSD) coupling the RTU to the RTU transceiver. The SCADA control host system includes a SCADA control host configured to exchange SCADA information with each of the RTUs in a SCADA format, and a host security device (HSD) coupling the SCADA control host to a host transceiver. The host transceiver is configured to establish communications with each of the plurality of RTU transceivers. The HSD communicates with the RSDs to transparently encrypt the SCADA information using a cryptographic protocol that is independent of the SCADA protocol to thereby secure the communications between the HSD and each of the RSDs.
48 Citations
61 Claims
-
1. A secure supervisory control and data acquisition (SCADA) system for communicating with a plurality of remote terminal units (RTUs), the secure SCADA system comprising:
-
a SCADA control host configured to process SCADA information; a transceiver configured to transfer the SCADA information between the SCADA control host and at least one of the plurality of remote terminal units; and a host security device (HSD) operatively coupled between the SCADA control host and the transceiver, wherein the HSD is configured to transparently encrypt and decrypt the SCADA information passing through the HSD to thereby establish secure communications between the SCADA control host and the at least one of the plurality of remote terminal units, and to stream the SCADA information passing therethrough such that a portion of a first packet of SCADA information is encrypted/decrypted as it is received by the HSD and transferred to the at least one of the plurality of RTUs or the control host, respectively, concurrent with the receipt of another portion of the first packet by the HSD. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 53, 54, 55, 56, 57)
-
-
15. A secure supervisory control and data acquisition (SCADA) system comprising:
-
a plurality of remote terminal units (RTUs) systems, each RTU system comprising an RTU transceiver, an RTU and a remote security device (RSD) coupling the RTU to the RTU transceiver; and a SCADA control host system comprising a SCADA control host configured to exchange SCADA information with each of the RTUs in a SCADA format, and a host security device (HSD) coupling the SCADA control host to a host transceiver, wherein the host transceiver is configured to establish communications with each of the plurality of RTU transceivers; wherein the HSD is configured to communicate with the plurality of RSDs to transparently encrypt the SCADA information using a cryptographic protocol that is independent of the SCADA protocol to thereby secure the communications between the HSD and each of the plurality of RSDs, and to stream the SCADA information passing therethrough such that a portion of a first packet of SCADA information is encrypted as it is received by the HSD and transferred to at least one of the plurality of RSDs concurrent with the receipt of another portion of the first packet by the HSD. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A host security device (HSD) for securing communications between a SCADA control host and a remote security device (RSD) via a transceiver, the HSD comprising:
-
a clear interface configured to communicate with the SCADA control host to thereby exchange clear data between the HSD and the SCADA control host; a secure interface configured to communicate with the transceiver to thereby exchange encrypted data between the HSD and the RSD; and a processing module configured to encrypt a portion of a first packet of clear data received at the clear interface to thereby create encrypted data for transmission via the secure interface, the processing module being further configured to transmit the encrypted portion of the first packet via the secure interface, while concurrently receiving another portion of the first packet at the clear interface; and
to decrypt a portion of a second packet of data comprising encrypted data received at the secure interface to thereby extract clear data for transmission via the clear interface, the processing module being further configured to transmit the decrypted portion of the second packet via the clear interface while concurrently receiving another portion of the second packet at the secure interface. - View Dependent Claims (23)
-
-
24. A remote security device (RSD) for securing communications between a host security device (HSD) and a remote terminal unit (RTU) via a transceiver, the RSD comprising:
-
a clear interface configured to communicate with the RTU to thereby exchange clear data between the RSD and the RTU;
a secure interface configured to communicate with the transceiver to thereby exchange encrypted data between the RSD and the HSD; anda processing module configured to encrypt a portion of a first packet of clear data received at the clear interface to thereby create encrypted data for transmission via the secure interface, the processing module being further configured to transmit the encrypted portion of the first packet via the secure interface, while concurrently receiving another portion of the first packet at the clear interface; and
to decrypt a portion of a second packet of data comprising encrypted data received at the secure interface to thereby extract clear data for transmission via the clear interface, the processing module being further configured to transmit the decrypted portion of the second packet via the clear interface while concurrently receiving another portion of the second packet at the secure interface. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A method of transferring SCADA information from a sender to a receiver, the method comprising the steps of:
-
receiving a portion of a first packet of SCADA information from a sender at a clear interface; encrypting the received portion of the first packet of SCADA information using a cryptographic protocol that is independent of the SCADA information to create an encrypted data stream; and providing the encrypted portion of the first packet to a secure interface for transmission to the receiver, while concurrently receiving another portion of the first packet at the clear interface. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 58)
-
-
52. A computerized means for transferring SCADA information from a sender to a receiver, the computerized means comprising:
-
means for receiving the SCADA information from the sender; means for encrypting the SCADA information using a cryptographic protocol that is independent of the SCADA information to create an encrypted data stream; and means for providing the encrypted data stream for transmission to the receiver; wherein the SCADA information is streamed from the sender to the receiver such that a portion of a first packet of SCADA information is encrypted as it is received from the sender and then transferred to the receiver concurrent with the receipt of another portion of the first packet from the sender.
-
-
59. A secure supervisory control and data acquisition (SCADA) system comprising:
-
a SCADA control host system; and a remote terminal system; wherein said control host system includes a control host, and said remote terminal system includes a remote terminal unit, said control host system and said remote terminal system configured such that SCADA information can be communicated between said control host and said RTU; said control host system further comprising a host security device (HSD) coupled to said control host, and said remote terminal system further comprising a remote security device (RSD) coupled to said RTU; wherein each of said HSD and said RSD are configured to transparently encrypt and decrypt the SCADA information passing therethrough to thereby establish secure communications between said control host and said RTU and between said HSD and said RSD; said HSD including a first module configured to generate a control message comprising instructions relating to the operation of said RSD and to communicate said control message to said RSD; and said RSD including a second module configured to receive said control message, to interpret said control message and to carry out said instructions of said control message.
-
-
60. A host security device (HSD) for use in a secure supervisory control and data acquisition (SCADA) system, wherein said HSD is configured to secure communications between a SCADA control host and a remote security device (RSD), said HSD comprising:
-
a clear interface configured to communicate with said control host to thereby exchange clear data between said HSD and said control host; a secure interface configured to communicate with said RSD and to thereby exchange encrypted data between said HSD and said RSD; and a module configured to encrypt the clear data received at said clear interface to thereby create encrypted data for transmission via said secure interface, and to decrypt encrypted data received at said secure interface to thereby extract clear data for transmission via said clear interface; said module further configured to generate a control message comprising instructions relating to the operation of said RSD and to communicate said control message to said RSD.
-
-
61. A remote security device (RSD) for use in a supervisory control and data acquisition (SCADA) system, wherein said RSD is configured to secure communications between a host security device (HSD) and a remote terminal unit (RTU), said RSD comprising:
-
a clear interface configured to communicate with said RTU to thereby exchange clear data between said RSD and RTU; a secure interface configured to communicate with said HSD and to thereby exchange encrypted data between said RSD and said HSD; and a module configured to encrypt clear data received at said clear interface to thereby create encrypted data for transmission via said secure interface, and to decrypt encrypted data received at said secure interface to thereby extract clear data for transmission via said clear interface; said module further configured to receive a control message comprising instructions relating to the operation of said RSD generated and communicated by said HSD, to interpret said control message, and to carry out said instructions.
-
Specification