METHOD AND SYSTEM FOR CYBER SECURITY MANAGEMENT OF INDUSTRIAL CONTROL SYSTEMS

US 20110039237A1
Filed: 04/14/2009
Published: 02/17/2011
Est. Priority Date: 04/17/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing an integrated command and control user interface in a Supervisory Control And Data Acquisition (SCADA) to enhance situational awareness and cyber security management for industrial control systems, the method comprising:

providing a centralized System Security Manager (SSM) program module executable by a processing device and integrated into a SCADA wherein the SSM collects security related data for the industrial control system;

displaying by the SSM program module an integrated command and control user interface comprising a system monitoring pane comprising security related data collected by the SSM, a system security status pane comprising a system security level, and a system security settings pane allowing for changing of system security settings for the industrial control system; and

wherein the integrated command and control user interface allows setting of the system security level based on the security related data collected and changes in operational state of the SCADA based on the security level to restrict use of system interfaces and system accesses.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for cyber security management of Supervisory Control And Data Acquisition (SCADA) systems is provided to enhance situational awareness and cyber security management for industrial control systems. A centralized System Security Manager (SSM) is integrated into a SCADA to collect security related data for the industrial control system and an integrated command and control user interface displays security related data, a system security level, and interfaces with a user to allows for changing of system security settings for the industrial control system based on the security related data collected and manages changes in operational state of the SCADA based on the security level to restrict use of system interfaces and system accesses.

128 Citations

20 Claims

1. A computer-implemented method for providing an integrated command and control user interface in a Supervisory Control And Data Acquisition (SCADA) to enhance situational awareness and cyber security management for industrial control systems, the method comprising:
- providing a centralized System Security Manager (SSM) program module executable by a processing device and integrated into a SCADA wherein the SSM collects security related data for the industrial control system;
  
  displaying by the SSM program module an integrated command and control user interface comprising a system monitoring pane comprising security related data collected by the SSM, a system security status pane comprising a system security level, and a system security settings pane allowing for changing of system security settings for the industrial control system; and
  
  wherein the integrated command and control user interface allows setting of the system security level based on the security related data collected and changes in operational state of the SCADA based on the security level to restrict use of system interfaces and system accesses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20)
- - 2. The computer-implemented method of claim 1 wherein the system security level comprises a plurality of levels where each level includes restrictions from lower levels.
  - 3. The computer-implemented method of claim 1 wherein the system security level is associated with cyber security and physical security of the industrial control system.
  - 4. The computer-implemented method of claim 1 wherein the integrated command and control user interface further comprises a configuration pane to configure the SCADA including defining of criticality indices of power system assets of the industrial control system.
  - 5. The computer-implemented method of claim 4 wherein the criticality indices comprise a measurement of critical infrastructure importance associated with power system assets of the industrial control system.
  - 6. The computer-implemented method of claim 5 wherein the SSM calculates and displays in the integrated command and control user interface an overall Criticality Index for each Remote Terminal Units (RTU) line and Inter Control-Center Communications Protocol (ICCP) link based on the criticality indices of power system assets to provide Situational Awareness of the critical infrastructure importance associated with a communications link.
  - 7. The computer-implemented method of claim 1 further comprising disabling less secure connections and accesses to the system based on the system security level.
  - 8. The computer-implemented method of claim 6 further comprising automatically isolating communications in a prioritized fashion based on the overall Criticality Index in response to an elevation of the security level.
  - 9. The computer-implemented method of claim 1 further comprising automatically implementing predictive state changes in operational state of the SCADA due to predetermined patterns in the security related data.
  - 10. The computer-implemented method of claim 1 wherein the security related data comprises one or more of Intrusion Detection System (IDS) monitoring with SCADA signatures, SCADA security alarms, SCADA user connections, SCADA Remote Terminal Unit (RTU) and Inter Control-Center Communications Protocol (ICCP) link status, SCADA security related telemetry, health monitoring events collected via Web Based Enterprise Management (WBEM) for SCADA computer monitoring, Simple Network Management Protocol (SNMP) for network devices via third party products, system events correlated by a third party event correlation product, and system statistics.
  - 11. The computer-implemented method of claim 1 further comprising providing an interface for the SSM to an Independent SCADA Health Monitor to monitor the health of SCADA computers and networking devices.
  - 12. The computer-implemented method of claim 1 wherein the SSM is further interfaced with an Event Correlation Engine (ECE) to send the SSM key events from the ECE to provide a wider system view.
  - 13. The computer-implemented method of claim 1 further comprising providing a white list functionality that allows IP addresses or ranges to be defined which are trusted and not deemed as high a security risk so that white list traffic will not set an alarm.
  - 14. The computer-implemented method of claim 1 further comprising providing a black list functionality that allows IP addresses or ranges to be defined which are deemed a security risk so that black listed traffic will always set an alarm.
  - 15. The computer-implemented method of claim 1 further comprising trace-back of identified security event sources when a security event is identified.
  - 16. The computer-implemented method of claim 1 further comprising a selectable autopilot function to allow the SSM to automatically set the security level based on security related data collected.
  - 17. The computer-implemented method of claim 1 further comprising a simulation mode for training purposes.
  - 20. A computer program product having a computer readable storage medium operable to store computer program logic embodied in computer program code encoded as a set of processor based instructions thereon for, when executed by a processor in a computer, perform steps of claim 1.

18. A system for providing an integrated command and control user interface in a Supervisory Control And Data Acquisition (SCADA) to enhance situational awareness and cyber security management for industrial control systems, comprising:
- a centralized System Security Manager (SSM) program module executable by a processing device and integrated into a SCADA wherein the SSM collects security related data for the industrial control system; and
  
  an integrated command and control user interface for displaying security related data collected by the SSM, a system security level, system security settings, wherein the user interface provides for changing of system security settings for the industrial control system and setting of the system security level based on the security related data collected and changing operational state of the SCADA based on the security level to restrict use of system interfaces and system accesses.
- View Dependent Claims (19)
- - 19. The system of claim 18 further comprising an integrated Operator Training Simulator for training operators on the use of the command and control user interface combined with security traffic and event scenarios.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Skare, Paul M.

Granted Patent

US 8,595,831 B2
Time in Patent Office

Days
Field of Search
US Class Current

434/118
CPC Class Codes

G05B 23/0267   Fault communication, e.g. h...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/14   for detecting or protecting...

H04L 63/20   for managing network securi...

METHOD AND SYSTEM FOR CYBER SECURITY MANAGEMENT OF INDUSTRIAL CONTROL SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR CYBER SECURITY MANAGEMENT OF INDUSTRIAL CONTROL SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links