INDUSTRIAL SECURITY AGENT PLATFORM
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.
154 Citations
21 Claims
-
1. (canceled)
-
2. A computer-implemented method, the method being executed by one or more processors and comprising:
-
for each controller device of a plurality of controller devices in an operational technology network; determining a security capability of the controller device that is indicative of whether the controller device is capable of performing a security operation within the operational technology network; and based on the determined security capability of the controller device, generating a security profile for the controller device; receiving, by a security relay in the operational technology network, and from a requester device that is outside of the operational technology network, a first request to communicate with a first controller device in the operational technology network; determining that the first controller device is incapable of handling secure communication with respect to the first request to communicate, based on a first security profile that corresponds to the first controller device; after determining that the first controller device is incapable of handling secure communication with respect to the first request to communicate, providing, by the security relay, security services for communication between the first controller device and the requester device that is outside of the operational technology network. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; for each controller device of a plurality of controller devices in an operational technology network; determining a security capability of the controller device that is indicative of whether the controller device is capable of performing a security operation within the operational technology network; and based on the determined security capability of the controller device, generating a security profile for the controller device; receiving, by a security relay in the operational technology network, and from a requester device that is outside of the operational technology network, a first request to communicate with a first controller device in the operational technology network; determining that the first controller device is incapable of handling secure communication with respect to the first request to communicate, based on a first security profile that corresponds to the first controller device; after determining that the first controller device is incapable of handling secure communication with respect to the first request to communicate, providing, by the security relay, security services for communication between the first controller device and the requester device that is outside of the operational technology network. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
-
for each controller device of a plurality of controller devices in an operational technology network; determining a security capability of the controller device that is indicative of whether the controller device is capable of performing a security operation within the operational technology network; and based on the determined security capability of the controller device, generating a security profile for the controller device; receiving, by a security relay in the operational technology network, and from a requester device that is outside of the operational technology network, a first request to communicate with a first controller device in the operational technology network; determining that the first controller device is incapable of handling secure communication with respect to the first request to communicate, based on a first security profile that corresponds to the first controller device; after determining that the first controller device is incapable of handling secure communication with respect to the first request to communicate, providing, by the security relay, security services for communication between the first controller device and the requester device that is outside of the operational technology network. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification