NETWORK-ATTACK-RESILIENT INTRUSION-TOLERANT SCADA ARCHITECTURE
First Claim
Patent Images
1. A network-attack-resilient, intrusion-tolerant electronic supervisory control and data acquisition (SCADA) system comprising:
- at least three centers comprising at least two control centers, the at least three centers situated at different geographic locations;
a plurality of servers situated at the at least three centers, wherein the at least three centers each comprise at least two servers of the plurality of servers;
wherein the plurality of servers are communicatively coupled over a computer network to each-other and to at least one remote unit;
wherein the plurality of servers are configured to participate in a replication protocol;
wherein, when servers at one center of the plurality of centers are disconnected from the computer network, and when one server of the plurality of servers at another center of the plurality of centers is compromised, the system uses the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the remote unit.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention generally relates to network-attack-resilient intrusion-tolerant Supervisory Control and Data Acquisition (SCADA) systems. Some implementations utilize redundant, proactively-recovery-configured servers at multiple centers communally executing a replication protocol. Some implementations, in addition to control centers, include data centers, which participate in the replication protocol, except that they may not be capable of controlling remote units such as Remote Terminal Units (RTUs).
-
Citations
22 Claims
-
1. A network-attack-resilient, intrusion-tolerant electronic supervisory control and data acquisition (SCADA) system comprising:
-
at least three centers comprising at least two control centers, the at least three centers situated at different geographic locations; a plurality of servers situated at the at least three centers, wherein the at least three centers each comprise at least two servers of the plurality of servers; wherein the plurality of servers are communicatively coupled over a computer network to each-other and to at least one remote unit; wherein the plurality of servers are configured to participate in a replication protocol; wherein, when servers at one center of the plurality of centers are disconnected from the computer network, and when one server of the plurality of servers at another center of the plurality of centers is compromised, the system uses the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the remote unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing a network-attack-resilient, intrusion-tolerant electronic supervisory control and data acquisition (SCADA) system, the method comprising:
-
accessing at least three centers comprising at least two control centers, the at least three centers situated at different geographic locations; configuring a plurality of servers situated at the at least three centers, wherein the at least three centers each comprise at least two servers of the plurality of servers, wherein the plurality of servers are communicatively coupled over a computer network to each-other and to at least one remote unit, wherein the configuring comprises configuring the plurality of servers to participate in a replication protocol; wherein, when servers of one center of the plurality of centers are disconnected from the computer network, and when one server of the plurality of servers at another center of the plurality of centers is compromised, the plurality of servers use the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the remote unit. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification