Systems and Methods for Securing Control Systems

US 20100265039A1
Filed: 04/17/2009
Published: 10/21/2010
Est. Priority Date: 04/17/2009
Status: Abandoned Application

First Claim

Patent Images

1. A security system for identifying operators accessing a control system for critical infrastructure, complex networks, and/or industrial processing facilities, the security system comprising:

A proximity-based user identification device that generates a computer-readable identification of operators who are in proximity to a control device in the control system;

An imaging device that captures a visual likeness of operators in proximity to the control device;

A network sensor that reads operation data from the control system;

An overlay network interconnecting the proximity-based identification device, the imaging device, and the network sensor, wherein the overlay network is interfaced to the control system without modifying the control system; and

Processing hardware executing processor-implemented instructions to generate a correlation between at least a portion of the operation data in the control system, the computer-readable identification, and the visual likeness and to associate the correlation with the portion of the operation data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and a method for securing control systems for critical infrastructure, complex networks and/or industrial processing facilities. Aspects of the invention can include a proximity-based user identification device that generates a computer-readable identification of operators who are in proximity to a control device in the control system and an imaging device that captures a visual likeness of operators in proximity to the control device. A network sensor can read operation data from the control system. An overlay network can interconnect the proximity-based identification device, the imaging device, and the network sensor, and can interface to the control system without modifying the control system. Processing hardware can execute processor-implemented instructions to generate a correlation between at least a portion of the operation data and the control system, the computer-readable identification, and the visual likeness. The processor can then associate the correlation with the portion of the operation data.

Citations

14 Claims

1. A security system for identifying operators accessing a control system for critical infrastructure, complex networks, and/or industrial processing facilities, the security system comprising:
- A proximity-based user identification device that generates a computer-readable identification of operators who are in proximity to a control device in the control system;
  
  An imaging device that captures a visual likeness of operators in proximity to the control device;
  
  A network sensor that reads operation data from the control system;
  
  An overlay network interconnecting the proximity-based identification device, the imaging device, and the network sensor, wherein the overlay network is interfaced to the control system without modifying the control system; and
  
  Processing hardware executing processor-implemented instructions to generate a correlation between at least a portion of the operation data in the control system, the computer-readable identification, and the visual likeness and to associate the correlation with the portion of the operation data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The security system of claim 1, wherein the proximity-based identification device is not a login/logout authentication device.
  - 3. The security system of claim 1, further comprising synchronization hardware to activate tie imaging device when predetermined actions are performed in the control system by the operator.
  - 4. The security system of claim 1, wherein the imaging device is not a constant video monitoring device.
  - 5. The security system of claim 1, wherein the imaging device and the proximity-based user identification device is a combined apparatus employing a facial recognition algorithm.
  - 6. The security system of claim 1, wherein the network sensor is configured to block operation data that is not correlated with a computer-readable identification, a visual likeness, or both.
  - 7. The security system of claim 1, wherein the processing hardware executes processor-implemented instructions to log in a data storage device the operation data, the computer-readable identification, and the visual likeness that are correlated with one another.

8. A method for identifying operators accessing a control system for critical infrastructure, complex networks, and/or industrial processing facilities, the method comprising:
- Generating a proximity-based, computer-readable identification of an operator who is located in proximity to a control device in the control system;
  
  Capturing a visual likeness of the operator who is located in proximity to the control device;
  
  Reading operation data from the control system;
  
  Generating a correlation between at least a portion of the operation data in the control system, die computer-readable identification, and the visual likeness without modifying the control system; and
  
  Associating the correlation with the portion of the operation data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the computer-readable identification is not a login/logout authentication.
  - 10. The method of claim 8, further comprising synchronizing said generating the computer-readable identification and said capturing the visual likeness to occur when predetermined actions are performed in the control system by the operator.
  - 11. The method of claim 8, wherein said capturing the visual likeness is not constantly monitoring operators with video.
  - 12. The method of claim 8, wherein said generating the computer-readable identification and said capturing the visual likeness occur substantially together by employing a facial recognition algorithm.
  - 13. The method of claim 8, further comprising blocking operation data that is not correlated with a computer-readable identification, a visual likeness, or both.
  - 14. The method of claim 8, further comprising logging the correlation between the operation data, the computer-readable identification, and the visual likeness in a data storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Battelle Memorial Institute
Original Assignee
Battelle Memorial Institute
Inventors
Hadley, Mark D., Clements, Samuel L., Edgar, Thomas W.

Application Number

US12/425,979
Publication Number

US 20100265039A1
Time in Patent Office

Days
Field of Search
US Class Current

340/5.830
CPC Class Codes

G05B 19/418 Total factory control, i.e....

Y02P 90/02 Total factory control, e.g....

Systems and Methods for Securing Control Systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Securing Control Systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links