APPARATUS FOR PREVENTING ILLEGAL ACCESS OF INDUSTRIAL CONTROL SYSTEM AND METHOD THEREOF

US 20140380458A1
Filed: 04/04/2014
Published: 12/25/2014
Est. Priority Date: 06/20/2013
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for preventing illegal access of industrial control system, comprising:

a first interface communicating a packet by interoperating with a management network group that requests a control command;

a second interface communicating a packet by interoperating with a control network group that receives a control command from the management network group and processes it; and

a control device, which, when a packet flows therein from the management network group or the control network group, checks whether or not at least one filter rule is set and controls the packet flow between the management network group and the control network group using the filter where the rule is set.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is an apparatus for preventing illegal access of industrial control system and a method thereof in accordance with the present invention. The apparatus for preventing illegal access of industrial control system includes: a first interface communicating a packet by interoperating with a management network group that requests a control command; a second interface communicating a packet by interoperating with a control network group that receives a control command from the management network group and processes it; and a control device, which, when a packet flows therein from the management network group or the control network group, checks whether or not at least one filter rule is set and controls the packet flow between the management network group and the control network group using the filter where the rule is set.

25 Citations

View as Search Results

16 Claims

1. An apparatus for preventing illegal access of industrial control system, comprising:
- a first interface communicating a packet by interoperating with a management network group that requests a control command;
  
  a second interface communicating a packet by interoperating with a control network group that receives a control command from the management network group and processes it; and
  
  a control device, which, when a packet flows therein from the management network group or the control network group, checks whether or not at least one filter rule is set and controls the packet flow between the management network group and the control network group using the filter where the rule is set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus for preventing illegal access of industrial control system of claim 1, wherein the control device includes a default filter which passes or blocks the packet in accordance with a preset value, and, if no filter rule is set, the control device passes or blocks the packet using the default filter.
  - 3. The apparatus for preventing illegal access of industrial control system of claim 1, wherein the control device includes a SCADA I/F filter which performs access control of the packet from the management network group, based on a rule having a source'"'"'s address, and if a SCADA I/F filter rule is set, the control device passes or blocks the packet based on SCADA I/F filter rule.
  - 4. The apparatus for preventing illegal access of industrial control system of claim 3, wherein the control device includes a flow filter which performs access control of the packet from the management network group or the control network group, based on a rule having a protocol, a source'"'"'s address, a destination address, a source'"'"'s port, and a destination'"'"'s port and, if no rule is set in the SCADA I/F filter or after the control device controls the packet through the SCADA I/F filter, the control device passes or blocks the packet according to whether or not the packet satisfies the flow filter rule.
  - 5. The apparatus for preventing illegal access of industrial control system of claim 4, wherein the control device includes a command filter which performs access control of the packet from the management network group or the control network group based on a rule which includes a command and, if no rule is set in the flow filter or after the packet is controlled through the flow filter, the control device passes or blocks the packet according to whether or not the packet satisfies the command filter rule.
  - 6. The apparatus for preventing illegal access of industrial control system of claim 1, wherein the control device includes a control I/F filter which performs access control of the packet from the control network group, based on a rule which includes a source'"'"'s address, and the control device passes or blocks the packet according to whether or not the packet satisfies the control I/F filter rule set in the control I/F filter rule.
  - 7. The apparatus for preventing illegal access of industrial control system of claim 6, wherein the control device includes a flow filter which performs access control of the packet from the management network group or the control network group based on a rule which includes a protocol, a source'"'"'s address, a destination address, a source'"'"'s port, and a destination'"'"'s port and if no rule is set in the control I/F filter or after the control device controls the packet through the control I/F filter, the control device passes or blocks the packet according to whether or not the packet satisfies the flow filter rule.
  - 8. The apparatus for preventing illegal access of industrial control system of claim 7, wherein the control device has a command filter which performs access control of the packet from the management network group or the control network group, based on a rule which includes a command and if no rule is set in the flow filter or after the control device controls the packet through the flow filter, the control device passes or blocks the packet according to whether or not the packet satisfies the command filter rule.

9. A method for preventing illegal access of industrial control system, comprising:
- checking if a packet is received from a management network group which requests a control command or a control network group which receives and processes the control command;
  
  checking whether or not at least one filter rule exists if the packet is received either from the management network group or the control network group; and
  
  controlling a packet flow between the management network group and the control network group using a filter where the rule is set.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method for preventing illegal access of industrial control system of claim 9, wherein the controlling comprises:
    - checking a default filter which controls passing or blocking of a packet according to a preset value, if there is no other filter rule set; and
      
      controlling passing or blocking of the packet according to the preset value.
  - 11. The controlling method for preventing illegal access of industrial control system of claim 9, wherein the controlling comprises:
    - checking a SCADA I/F filter which performs access control of a packet from the management network group based on a rule which includes a source'"'"'s address, if the at least one filter rule is set; and
      
      controlling passing or blocking the packet according to whether or not the packet satisfies the SCADA I/F filter rule if the check result shows the SCADA I/F filter rule is set.
  - 12. The controlling method for preventing illegal access of industrial control system of claim 11, wherein the controlling comprises:
    - if no rule is set in the SCADA I/F filter or after the packet'"'"'s passing or blocking is controlled by use of the SCADA I/F filter, checking a flow filter which performs access control of the packet from the management network group or the control network group based on a rule which includes a protocol, a source'"'"'s address, a destination address, a source'"'"'s port, and a destination'"'"'s port; and
      
      controlling passing or blocking the packet according to whether or not the packet satisfies the flow filter rule if the check result shows the flow filter rule is set.
  - 13. The controlling method for preventing illegal access of industrial control system of claim 12, wherein the controlling comprises:
    - if no rule is set in the flow filter or after the packet'"'"'s passing or blocking is controlled by use of the flow filter, checking a command filter which performs access control of the packet from the management network group or the control network group based on a rule which includes a command; and
      
      controlling passing or blocking the packet according to whether or not the packet satisfies the command filter rule, if the check result shows the command filter rule is set.
  - 14. The controlling method for preventing illegal access of industrial control system of claim 9, wherein the controlling comprises:
    - checking a control I/F filter which performs access control of the packet from the control network group based on a rule which includes a source'"'"'s address; and
      
      controlling passing or blocking the packet according to whether or not the packet satisfies the control filter rule if the control I/F filter rule is set.
  - 15. The controlling method for preventing illegal access of industrial control system of claim 14, wherein the controlling comprises:
    - if no rule is set in the control I/F filter or after the packet'"'"'s passing or blocking is controlled by use of the control IF filter, checking a flow filter which performs access control of the incoming packets from the management network group or the control network group based on a rule which includes a protocol, a source'"'"'s address, a destination address, a source'"'"'s port, and a destination'"'"'s port; and
      
      controlling passing or blocking the packet according to whether or not the packet satisfies the flow filter rule, if the check result shows the flow filter rule is set.
  - 16. The controlling method for preventing illegal access of industrial control system of claim 15, wherein the controlling comprises:
    - if no rule exists in the flow filter therein or after the packet'"'"'s passing or blocking is controlled by use of the flow filter, checking a command filter which performs access control of the packet from the management network group or the control network group based on a rule which includes a command; and
      
      controlling passing or blocking the packet according to whether or not the packet satisfies the command filter rule, if the check result shows the command filter rule is set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
KIM, Byoung-Koo, SOHN, Seon-Gyoung, NA, Jung-Chan, KANG, Dong-Ho, HEO, Young-Jun

Application Number

US14/245,310
Publication Number

US 20140380458A1
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 67/12 specially adapted for propr...

APPARATUS FOR PREVENTING ILLEGAL ACCESS OF INDUSTRIAL CONTROL SYSTEM AND METHOD THEREOF

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS FOR PREVENTING ILLEGAL ACCESS OF INDUSTRIAL CONTROL SYSTEM AND METHOD THEREOF

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links