NETWORK-ATTACK-RESILIENT INTRUSION-TOLERANT SCADA ARCHITECTURE

US 20190320015A1
Filed: 06/21/2017
Published: 10/17/2019
Est. Priority Date: 06/22/2016
Status: Active Grant

First Claim

Patent Images

1. A network-attack-resilient, intrusion-tolerant electronic supervisory control and data acquisition (SCADA) system comprising:

at least three centers comprising at least two control centers, the at least three centers situated at different geographic locations;

a plurality of servers situated at the at least three centers, wherein the at least three centers each comprise at least two servers of the plurality of servers;

wherein the plurality of servers are communicatively coupled over a computer network to each-other and to at least one remote unit;

wherein the plurality of servers are configured to participate in a replication protocol;

wherein, when servers at one center of the plurality of centers are disconnected from the computer network, and when one server of the plurality of servers at another center of the plurality of centers is compromised, the system uses the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the remote unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention generally relates to network-attack-resilient intrusion-tolerant Supervisory Control and Data Acquisition (SCADA) systems. Some implementations utilize redundant, proactively-recovery-configured servers at multiple centers communally executing a replication protocol. Some implementations, in addition to control centers, include data centers, which participate in the replication protocol, except that they may not be capable of controlling remote units such as Remote Terminal Units (RTUs).

Citations

22 Claims

1. A network-attack-resilient, intrusion-tolerant electronic supervisory control and data acquisition (SCADA) system comprising:
- at least three centers comprising at least two control centers, the at least three centers situated at different geographic locations;
  
  a plurality of servers situated at the at least three centers, wherein the at least three centers each comprise at least two servers of the plurality of servers;
  
  wherein the plurality of servers are communicatively coupled over a computer network to each-other and to at least one remote unit;
  
  wherein the plurality of servers are configured to participate in a replication protocol;
  
  wherein, when servers at one center of the plurality of centers are disconnected from the computer network, and when one server of the plurality of servers at another center of the plurality of centers is compromised, the system uses the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the remote unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the replication protocol comprises a Byzantine replication protocol.
  - 3. The system of claim 1, wherein:
    - one of the centers of the plurality of centers is disconnected from the computer network and one server of the plurality of servers at another center of the plurality of centers is compromised;
      
      wherein the system uses the replication protocol to reach consensus among operational servers of the plurality of servers to issue a command to the remote unit; and
      
      wherein the remote unit executes the command within one second of a time of issuance of the command.
  - 4. The system of claim 1, wherein the at least two control centers comprise servers of the plurality of servers configured to issue instructions to the at least one remote unit, and wherein the plurality of centers further comprise at least a first data center comprising servers of the plurality of servers not configured to issue instructions to the at least one remote unit.
  - 5. The system of claim 4, further comprising a second data center in a different geographic location than locations of the at least two control centers and the first data center, the second data center comprising at least two servers of the plurality of servers communicatively coupled to the at least one remote unit and not configured to issue instructions to the at least one remote unit.
  - 6. The system of claim 5, further comprising a third data center in a different geographic location than locations of the at least two control centers, the first data center, and the second data center;
    - wherein the third data center comprises at least two servers of the plurality of servers communicatively coupled to the at least one remote unit and not configured to issue instructions to the at least one remote unit;
      
      wherein each of the at least two control centers comprise at least three servers of the plurality of servers.
  - 7. The system of claim 4, wherein:
    - each of the at least two control centers comprise at least four servers of the plurality of servers communicatively coupled to the at least one remote unit and configured to issue instructions to the at least one remote unit; and
      
      wherein the first data center comprises at least four servers of the plurality of servers.
  - 8. The system of claim 5, 6, or 7, wherein, during a time of a fault of at most one of the plurality of servers and an ongoing proactive recovery of at most one of the plurality of servers, the system uses the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the at least one remote unit, whereby the at least one remote unit executes any instruction sent by a server of the plurality of servers within one second of a time of issuance of the command.
  - 9. The system of claim 1, wherein the at least one remote unit comprises at least one remote unit selected from the group consisting of:
    - remote terminal unit (RTU) and programmable logic controller (PLC).
  - 10. The system of claim 1, wherein the plurality of servers are configured to undergo proactive recovery on a periodic basis.

11. A method of providing a network-attack-resilient, intrusion-tolerant electronic supervisory control and data acquisition (SCADA) system, the method comprising:
- accessing at least three centers comprising at least two control centers, the at least three centers situated at different geographic locations;
  
  configuring a plurality of servers situated at the at least three centers, wherein the at least three centers each comprise at least two servers of the plurality of servers, wherein the plurality of servers are communicatively coupled over a computer network to each-other and to at least one remote unit, wherein the configuring comprises configuring the plurality of servers to participate in a replication protocol;
  
  wherein, when servers of one center of the plurality of centers are disconnected from the computer network, and when one server of the plurality of servers at another center of the plurality of centers is compromised, the plurality of servers use the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the remote unit.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The method of claim 11, wherein the replication protocol comprises a Byzantine replication protocol.
  - 13. The method of claim 11, wherein one center of the plurality of centers is disconnected from the computer network and one server of the plurality of servers at another center of the plurality of centers is compromised, the method further comprising:
    - using the replication protocol to reach consensus among operational servers of the plurality of servers to issue a command to the remote unit, whereby the remote unit executes the command within one second of a time of issuance of the command.
  - 14. The method of claim 11, wherein the at least two control centers comprise servers of the plurality of servers configured to issue instructions to the at least one remote unit, and wherein the plurality of centers further comprise at least a first data center comprising at least two servers of the plurality of servers not configured to issue instructions to the at least one remote unit.
  - 15. The method of claim 14, further comprising:
    - accessing a second data center in a different geographic location than locations of the at least two control centers and the first data center; and
      
      configuring at least two servers of the plurality of servers at the second data center and communicatively coupled to the at least one remote unit to not issue instructions to the at least one remote unit.
  - 16. The method of claim 15, further comprising:
    - accessing a third data center in a different geographic location than locations of the at least two control centers, the first data center, and the second data center;
      
      configuring at least two servers of the plurality of servers at the third data center communicatively coupled to the at least one remote unit to not issue instructions to the at least one remote unit;
      
      wherein the first control center comprises at least three servers of the plurality of servers; and
      
      wherein the second control center comprises at least three servers of the plurality of servers.
  - 17. The method of claim 14, wherein:
    - each of the at least two control centers comprise at least four servers of the plurality of servers communicatively coupled to the at least one remote unit, andthe first data center comprises at least four servers of the plurality of servers;
      
      the method further comprising;
      
      configuring the at least four servers of the plurality of servers at each of the at least two control centers to issue instructions to the at least one remote unit; and
      
      configuring the at least four servers of the plurality of servers at the first data center to not issue instructions to the at least one remote unit.
  - 18. The method of claim 13, 14, or 15, further comprising, during a time of a fault of at most one of the plurality of servers and an ongoing proactive recovery of at most one of the plurality of servers, using the replication protocol to reach consensus among connected operational servers of the plurality of servers for system updates and to issue instructions to the remote unit, whereby the remote unit executes any instruction sent by a server of the plurality of servers within one second of a time of issuance of the command.
  - 19. The method of claim 11, wherein the at least one remote unit comprises at least one remote unit selected from the group consisting of:
    - remote terminal unit (RTU) and programmable logic controller (PLC).
  - 20. The method of claim 11, wherein the plurality of servers are further configured to undergo proactive recovery on a periodic basis.
  - 21. The method of claim 15, wherein:
    - at least two of the at least two control centers comprise at least three servers of the plurality of servers;
      
      the first data center comprises at least three servers of the plurality of servers; and
      
      the second data center comprises at least three servers of the plurality of servers.
  - 22. The method of claim 14, wherein:
    - each of the at least two control centers comprise at least six servers of the plurality of servers communicatively coupled to the at least one remote unit;
      
      the first data center comprises at least six servers of the plurality of servers;
      
      the method further comprising;
      
      configuring the at least six servers of the plurality of servers at each of the at least two control centers to issue instructions to the at least one remote unit; and
      
      configuring the at least six servers of the plurality of servers at the first data center to not issue instructions to the at least one remote unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Johns Hopkins University
Original Assignee
Johns Hopkins University
Inventors
AMIR, Yair, BABAY, Amy, TANTILLO, Thomas

Granted Patent

US 11,140,221 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/164   at the network layer

H04L 67/1051   Group master selection mech...

H04L 67/1095   Replication or mirroring of...

H04L 67/12   specially adapted for propr...

H04L 67/563   Data redirection of data ne...

H04L 69/40   for recovering from a failu...

NETWORK-ATTACK-RESILIENT INTRUSION-TOLERANT SCADA ARCHITECTURE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK-ATTACK-RESILIENT INTRUSION-TOLERANT SCADA ARCHITECTURE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links