METHOD AND SYSTEM FOR USE IN FACILITATING PATCH CHANGE MANAGEMENT OF INDUSTRIAL CONTROL SYSTEMS

US 20140130033A1
Filed: 11/06/2012
Published: 05/08/2014
Est. Priority Date: 11/06/2012
Status: Active Grant

First Claim

Patent Images

1. An offline patch change management system for an industrial facility including at least one industrial control system that includes at least one cyber asset, said offline patch change management system comprising:

at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein;

a memory device coupled to said at least one reader device, said memory device configured to store said patch update information; and

a processor coupled to said memory device, said processor programmed to;

scan the at least one cyber asset; and

generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset, wherein said scan report comprises a deployment temporal period value for deployment of the at least one patch.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An offline patch change management system for an industrial facility includes at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein. The industrial facility includes an industrial control system that includes at least cyber asset. The system also includes a memory device coupled to the reader device. The memory device is configured to store the patch update information. The system further includes a processor coupled to the memory device. The processor is programmed to scan the at least one cyber asset. The processor is also programmed to generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset. The scan report includes a deployment temporal period value for deployment of the patch.

Citations

20 Claims

1. An offline patch change management system for an industrial facility including at least one industrial control system that includes at least one cyber asset, said offline patch change management system comprising:
- at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein;
  
  a memory device coupled to said at least one reader device, said memory device configured to store said patch update information; and
  
  a processor coupled to said memory device, said processor programmed to;
  
  scan the at least one cyber asset; and
  
  generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset, wherein said scan report comprises a deployment temporal period value for deployment of the at least one patch.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The offline patch change management system in accordance with claim 1, wherein said processor is further programmed to generate said scan report further comprising a criticality rating of the at least one patch.
  - 3. The offline patch change management system in accordance with claim 1, wherein said processor is further programmed to generate said scan report further comprising a restart requirement of the at least one patch.
  - 4. The offline patch change management system in accordance with claim 1, wherein said processor is further programmed to facilitate backups of at least a portion of the at least one industrial control system.
  - 5. The offline patch change management system in accordance with claim 1, wherein said processor is further programmed to determine a presence of previous scan reports.
  - 6. The offline patch change management system in accordance with claim 1, wherein said processor is further programmed to generate a cumulative scan report.
  - 7. The offline patch change management system in accordance with claim 1, wherein said processor is further programmed to read updated patch database files that are hash encrypted.

8. An offline method for patch change management of cyber assets, said method comprising:
- providing at least one computing device;
  
  coupling at least one reader device to the at least one computing device;
  
  reading patch update information stored on computer-readable storage media using the at least one reader device;
  
  scanning at least portions of an industrial control system that includes at least one cyber asset using the at least one computing device; and
  
  generating a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset, wherein the scan report includes a deployment temporal period value for deployment of the at least one patch.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method in accordance with claim 8, wherein generating a scan report further comprises generating the scan report further including a criticality rating of the at least one patch.
  - 10. The method in accordance with claim 8, wherein generating a scan report further comprises generating the scan report further including a restart requirement of the at least one patch.
  - 11. The method in accordance with claim 8, wherein reading patch update information stored on computer-readable storage media using the at least one reader device comprises inserting a hash encrypted computer-readable storage media with XML files that identify predetermined patches within the patch update information.
  - 12. The method in accordance with claim 8, wherein reading patch update information stored on computer-readable storage media using the at least one reader device further comprises running a software update scan tool directly from the computer-readable storage media through the at least one reader device.
  - 13. The method in accordance with claim 12 further comprising using a human to determine the portions of the industrial control system to be scanned.
  - 14. The method in accordance with claim 12 further comprising generating a software update baseline in a database.
  - 15. The method in accordance with claim 14, wherein generating a scan report comprises determining a presence of previous scan reports and generating cumulative reports by adding scan data to the database.

16. An industrial facility comprising:
- at least one industrial control system comprising at least one cyber asset; and
  
  an offline patch change management system comprising;
  
  at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein;
  
  a memory device coupled to said at least one reader device, said memory device configured to store said patch update information; and
  
  a processor coupled to said memory device, said processor programmed to;
  
  scan said at least one cyber asset; and
  
  generate a scan report including a patch status for at least one patch not operatively resident on said at least one cyber asset, wherein said scan report comprises a deployment temporal period value for deployment of the at least one patch.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The industrial facility in accordance with claim 16, wherein said processor is further programmed to:
    - generate said scan report further comprising a criticality rating of the at least one patch; and
      
      generate said scan report further comprising a restart requirement of the at least one patch.
  - 18. The industrial facility in accordance with claim 16, wherein said processor is further programmed to facilitate backups of at least a portion of said at least one industrial control system.
  - 19. The industrial facility in accordance with claim 16, wherein said processor is further programmed to:
    - determine a presence of previous scan reports; and
      
      generate a cumulative scan report.
  - 20. The industrial facility in accordance with claim 16, wherein said processor is further programmed to read updated patch database files that are hash encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Baker Hughes Holdings LLC (Baker Hughes Company)
Original Assignee
General Electric Company
Inventors
Alls, Lindy Lawrence, Peterson, Susan Ruth, Taylor, Eric Fiedler

Granted Patent

US 8,869,133 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/172
CPC Class Codes

G06F 8/65 Updates security arrangemen...

METHOD AND SYSTEM FOR USE IN FACILITATING PATCH CHANGE MANAGEMENT OF INDUSTRIAL CONTROL SYSTEMS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR USE IN FACILITATING PATCH CHANGE MANAGEMENT OF INDUSTRIAL CONTROL SYSTEMS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links