PREDICTION OF POTENTIAL CYBER SECURITY THREATS AND RISKS IN AN INDUSTRIAL CONTROL SYSTEM USING PREDICTIVE CYBER ANALYTICS

US 20170237752A1
Filed: 02/11/2016
Published: 08/17/2017
Est. Priority Date: 02/11/2016
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving, by a risk manager system, real-time data from a plurality of connected devices;

creating, by the risk manager system, a data model based on the real-time data;

analyzing, by the risk manager system, the data model to identify potential current threats;

predicting, by the risk manager system, potential threats;

notifying a user, by the risk manager system, of the potential current threats and predicted potential threats.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides systems and methods for prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics. A method includes receiving, by a risk manager system, real-time data from a plurality of connected devices. The method includes creating, by the risk manager system, a data model based on the real-time data. The method includes analyzing, by the risk manager system, the data model to identify potential current threats. The method includes predicting, by the risk manager system, potential threats. The method includes notifying a user, by the risk manager system, of the potential threats.

38 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a risk manager system, real-time data from a plurality of connected devices;
  
  creating, by the risk manager system, a data model based on the real-time data;
  
  analyzing, by the risk manager system, the data model to identify potential current threats;
  
  predicting, by the risk manager system, potential threats;
  
  notifying a user, by the risk manager system, of the potential current threats and predicted potential threats.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the data model is analyzed by correlating the real-time data with cyber threat intelligence to discover patterns and to establish a correlation between the patterns in order to identify the potential current threats or predicted potential threats.
  - 3. The method of claim 1, wherein analyzing the data model includes identifying security gaps which contribute to the potential current threats or predicted potential threats.
  - 4. The method of claim 1, further comprising prioritizing the potential current threats or predicted potential threats.
  - 5. The method of claim 1, wherein notifying the user is performed by one of email notification, text message notification, or via a dashboard.
  - 6. The method of claim 1, wherein the predicted potential threats are predicted based on at least one of the data model, cyber-threat intelligence, or the potential current threats.
  - 7. The method of claim 1, wherein the real-time data includes one or more of system and process events, system and application logs, system diagnostics, system performance, network device logs, control system network traffic, and system configuration and policy data.

8. A risk manager system comprising:
- a controller; and
  
  a memory, the risk manager system configured to;
  
  receive real-time data from a plurality of connected devices;
  
  create a data model based on the real-time data;
  
  analyze the data model to identify potential current threats;
  
  predict potential threats;
  
  notify a user of the potential current threats and predicted potential threats.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The risk manager system of claim 8, wherein the data model is analyzed by correlating the real-time data with cyber threat intelligence to discover patterns and to establish a correlation between the patterns in order to identify the potential current threats or predicted potential threats.
  - 10. The risk manager system of claim 8, wherein analyzing the data model includes identifying security gaps which contribute to the potential current threats or predicted potential threats.
  - 11. The risk manager system of claim 8, wherein the risk manager system is further configured to prioritize the potential current threats or predicted potential threats.
  - 12. The risk manager system of claim 8, wherein notifying the user is performed by one of email notification, text message notification, or via a dashboard.
  - 13. The risk manager system of claim 8, wherein the predicted potential threats are predicted based on at least one of the data model, cyber-threat intelligence, or the potential current threats.
  - 14. The risk manager system of claim 8, wherein the real-time data includes one or more of system and process events, system and application logs, system diagnostics, system performance, network device logs, control system network traffic, and system configuration and policy data.

15. A non-transitory machine-readable medium encoded with executable instructions that, when executed, cause one or more processors of a risk manager system to:
- receive real-time data from a plurality of connected devices;
  
  create a data model based on the real-time data;
  
  analyze the data model to identify potential current threats;
  
  predict potential threats;
  
  notify a user of the potential current threats and predicted potential threats.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the data model is analyzed by correlating the real-time data with cyber threat intelligence to discover patterns and to establish a correlation between the patterns in order to identify the potential current threats or predicted potential threats.
  - 17. The non-transitory machine-readable medium of claim 15, wherein analyzing the data model includes identifying security gaps which contribute to the potential current threats or predicted potential threats.
  - 18. The non-transitory machine-readable medium of claim 15, wherein the instructions further cause the one or more processors of the risk manager system to prioritize the potential current threats or predicted potential threats.
  - 19. The non-transitory machine-readable medium of claim 15, wherein notifying the user is performed by one of email notification, text message notification, or via a dashboard.
  - 20. The non-transitory machine-readable medium of claim 15, wherein the predicted potential threats are predicted based on at least one of the data model, cyber-threat intelligence, or the potential current threats.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Rajan, Avinash, Ganguly, Ritwik, Shetty, Praveen R., Gadhe, Ganesh P.

Application Number

US15/042,054
Publication Number

US 20170237752A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06N 5/04   Inference or reasoning models

H04L 51/046   Interoperability with other...

H04L 51/216   Handling conversation histo...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

PREDICTION OF POTENTIAL CYBER SECURITY THREATS AND RISKS IN AN INDUSTRIAL CONTROL SYSTEM USING PREDICTIVE CYBER ANALYTICS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PREDICTION OF POTENTIAL CYBER SECURITY THREATS AND RISKS IN AN INDUSTRIAL CONTROL SYSTEM USING PREDICTIVE CYBER ANALYTICS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links