DETECTION AND RESPONSE TO UNAUTHORIZED ACCESS TO A COMMUNICATION DEVICE

US 20140109182A1
Filed: 03/14/2013
Published: 04/17/2014
Est. Priority Date: 10/12/2012
Status: Active Grant

First Claim

Patent Images

1. A communication device configured to provide a communication path to an intelligent electronic device (IED) and configured to detect and remediate unauthorized access, the communication device comprising:

an IED communications port configured to communicate with an IED;

a network port configured to transmit information received from the IED via a network and to transmit information received from the network to the IED; and

control logic in communication with the IED communications port and the network port, the control logic configured to;

receive an intrusion detection signal;

determine that the intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the communication device, the IED, and a device in communication with the communication device; and

take a security action based upon the determination that the intrusion detection signal is indicative of the attempt to gain unauthorized access.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication gateway consistent with the present disclosure may detect unauthorized physical or electronic access and implement security actions in response thereto. A communication gateway may provide a communication path to an intelligent electronic device (IED) using an IED communications port configured to communicate with the IED. The communication gateway may include a physical intrusion detection port and a network port. The communication gateway may further include control logic configured to evaluate physical intrusion detection signal. The control logic may be configured to determine that the physical intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the communication gateway, the IED, and a device in communication with the gateway; and take a security action based upon the determination that the indication is indicative of the attempt to gain unauthorized access.

59 Citations

View as Search Results

30 Claims

1. A communication device configured to provide a communication path to an intelligent electronic device (IED) and configured to detect and remediate unauthorized access, the communication device comprising:
- an IED communications port configured to communicate with an IED;
  
  a network port configured to transmit information received from the IED via a network and to transmit information received from the network to the IED; and
  
  control logic in communication with the IED communications port and the network port, the control logic configured to;
  
  receive an intrusion detection signal;
  
  determine that the intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the communication device, the IED, and a device in communication with the communication device; and
  
  take a security action based upon the determination that the intrusion detection signal is indicative of the attempt to gain unauthorized access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The communication device of claim 1, wherein the control logic is further configured to generate a baseline representative of communication on one of the network port and the IED communications port, and the intrusion detection signal comprises a divergence of communication from the baseline on one of the network port and the IED communications port.
  - 3. The communication device of claim 2, wherein the divergence comprises detecting a communication originating from one of an unauthorized machine access control address, an unauthorized Internet protocol address, an unauthorized port, and an unauthorized peripheral device.
  - 4. The communication device of claim 1, further comprising a physical intrusion detection port;
    - and wherein the intrusion detection signal comprises a physical intrusion detection signal including an output of at least one of a door sensor and a light sensor.
  - 5. The communication device of claim 1, further comprising:
    - a physical intrusion detection port; and
      
      a microphone in communication with the physical intrusion detection port;
      
      wherein the control logic is further configured to differentiate sounds received by the microphone corresponding to unauthorized access from sounds corresponding with natural phenomenon and environmental conditions.
  - 6. The communication device of claim 1, further comprising:
    - a physical intrusion detection port; and
      
      a microphone in communication with the physical intrusion detection port;
      
      wherein the control logic is further configured to;
      
      transmit a sound received via the microphone to a central monitoring station via the network port, andreceive via the network port an indication from the central monitoring station that the sound received via the microphone is indicative of unauthorized access.
  - 7. The communication device of claim 1, further comprising:
    - a physical intrusion detection port; and
      
      an accelerometer in communication with the physical intrusion detection port, the accelerometer configured to detect an acceleration, wherein the control logic is further configured to;
      
      differentiate between an acceleration corresponding to unauthorized access from an acceleration corresponding to a natural phenomenon and an acceleration corresponding to an environmental condition.
  - 8. The communication device of claim 7, wherein the control logic is further configured to communicate to a central monitoring station information regarding the environmental condition to allow the central monitoring station to implement a control strategy in response to the environmental condition.
  - 9. The communication device of claim 1, further comprising:
    - a camera in communication with the control logic;
      
      wherein the control logic is further configured to transmit images captured by the camera to a central monitoring station via the network port based upon the determination that the intrusion detection signal is indicative of the attempt to gain unauthorized access.
  - 10. The communication device of claim 9, wherein the information received from the network comprises an indication from a device in physical proximity to the communication device that the acceleration was detected by the proximate IED.
  - 11. The communication device of claim 1, wherein the control logic is further configured to temporarily suspend the security action upon receipt of a supervisory override.
  - 12. The communication device of claim 1, wherein the security action comprises adjusting a cybersecurity profile of the communication device.
  - 13. The communication device of claim 1, wherein the security action comprises alerting a supervisory control and data acquisition system of the attempt to gain unauthorized access.
  - 14. The communication device of claim 1, wherein the security action comprises alerting upstream network devices of the attempt to gain unauthorized access.
  - 15. The communication device of claim 14, wherein altering upstream network devices comprises invoking a network access control protocol.
  - 16. The communication device of claim 1, wherein the security action comprises triggering a security device.
  - 17. The communication device of claim 1, wherein the control logic is further configured to temporarily disable the security action for engineering access.
  - 18. The communication device of claim 1, wherein the control logic is further configured to receive an alternative indication that is indicative of the attempt to obtain unauthorized access prior to taking the security action.
  - 19. The communication device of claim 18, wherein the control logic is further configured to generate a baseline representative of communication on one of the network port and the IED communications port, and the alternative indication comprises a divergence of communication from the baseline on one of the network port and the IED communications port.
  - 20. The communication device of claim 18, wherein the intrusion detection signal is generated based on input received from a first sensor component, and the alternative indication is generated based on input received from a second sensor component.
  - 21. The communication device of claim 18, wherein the alternative indication is received via the network port from a remote device in communication with the network.

22. A method to detect and remediate unauthorized access to equipment associated with an electric power delivery system contained in an enclosure, the method comprising:
- communicating information with an IED via an IED communications port;
  
  transmitting information received from the IED to a network via a network port;
  
  transmitting to the IED information received from the network;
  
  receiving an intrusion detection signal;
  
  determining that the intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of a communication device and a device in communication with the communication device; and
  
  taking a security action based upon the determination that the intrusion detection signal is indicative of the attempt to gain unauthorized access.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The method of claim 22, further comprising:
    - generating a baseline representative of communication on one of the network port and the IED communications port;
      
      wherein the intrusion detection signal comprises a divergence of communication from the baseline on one of the network port and the IED communications port.
  - 24. The method of claim 22, wherein the security action comprises adjusting a cybersecurity profile of the communication device.
  - 25. The method of claim 22, wherein the security action comprises alerting a supervisory control and data acquisition system of the attempt to gain unauthorized access.
  - 26. The method of claim 22, wherein the security action comprises alerting upstream network devices of the attempt to gain unauthorized access.
  - 27. The method of claim 22, wherein the security action comprises triggering a security device.
  - 28. The method of claim 22, further comprising:
    - receiving an alternative indication that is indicative of the attempt to obtain unauthorized access prior to taking the security action.
  - 29. The method of claim 28, further comprising:
    - generating a baseline representative of communication on one of the network port and the IED communications port, and the alternative indication comprises a divergence of communication from the baseline on one of the network port and the IED communications port.

30. An intelligent electronic device (IED) and configured to detect and remediate unauthorized access, the IED comprising:
- an IED communications port configured to communicate with monitored equipment in electrical communication with an electric power delivery system;
  
  a network port configured to transmit information received from the monitored equipment via a network and to transmit information received from the network to the monitored equipment; and
  
  control logic in communication with the IED communications port and the network port, configured to;
  
  receive an intrusion detection signal;
  
  determine that the physical intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the IED and a device in communication with the IED; and
  
  take a security action based upon the determination that the indication is indicative of the attempt to gain unauthorized access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schweitzer Engineering Laboratories, Incorporated
Original Assignee
Schweitzer Engineering Laboratories, Incorporated
Inventors
Smith, Rhett, Gordon, Colin

Granted Patent

US 9,130,945 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/1416   Event detection, e.g. attac...

Y04S 40/20   Information technology spec...

DETECTION AND RESPONSE TO UNAUTHORIZED ACCESS TO A COMMUNICATION DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTION AND RESPONSE TO UNAUTHORIZED ACCESS TO A COMMUNICATION DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links