Method and system for use in facilitating patch change management of industrial control systems

US 8,869,133 B2
Filed: 11/06/2012
Issued: 10/21/2014
Est. Priority Date: 11/06/2012
Status: Active Grant

First Claim

Patent Images

1. An offline patch change management system, comprising:

at least one industrial control system configured to monitor an industrial facility, wherein the at least one industrial control system comprises at least one cyber asset;

at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein;

a memory device coupled to the at least one reader device, wherein the memory device is configured to store the patch update information; and

a processor coupled to the memory device, wherein the processor is configured to;

scan the at least one cyber asset;

generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset, wherein the scan report comprises an estimated install time associated with the at least one patch; and

generate a cumulative scan report comprising one or more patches not yet deployed to the at least one industrial control system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An offline patch change management system for an industrial facility includes at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein. The industrial facility includes an industrial control system that includes at least cyber asset. The system also includes a memory device coupled to the reader device. The memory device is configured to store the patch update information. The system further includes a processor coupled to the memory device. The processor is programmed to scan the at least one cyber asset. The processor is also programmed to generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset. The scan report includes a deployment temporal period value for deployment of the patch.

Citations

18 Claims

1. An offline patch change management system, comprising:
- at least one industrial control system configured to monitor an industrial facility, wherein the at least one industrial control system comprises at least one cyber asset;
  
  at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein;
  
  a memory device coupled to the at least one reader device, wherein the memory device is configured to store the patch update information; and
  
  a processor coupled to the memory device, wherein the processor is configured to;
  
  scan the at least one cyber asset;
  
  generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset, wherein the scan report comprises an estimated install time associated with the at least one patch; and
  
  generate a cumulative scan report comprising one or more patches not yet deployed to the at least one industrial control system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The offline patch change management system of claim 1, wherein the scan report comprises a criticality rating associated with the at least one patch.
  - 3. The offline patch change management system of claim 1, wherein the scan report comprises a restart requirement associated with the at least one patch.
  - 4. The offline patch change management system of claim 1, wherein the processor is configured to facilitate a backup of at least a portion of the at least one industrial control system.
  - 5. The offline patch change management system of claim 1, wherein the processor is configured to determine a presence of one or more previous scan reports.
  - 6. The offline patch change management system of claim 1, wherein the processor is configured to read updated patch database files that are hash encrypted.
  - 7. The offline patch change management system of claim 1, wherein the industrial facility comprises a chemical plant, a petroleum plant, an electric power generation plant, a gasification plant, an integrated gasification combined cycle plant, an electric power transmission and distribution system, a natural gas transmission system, or any combination thereof.

8. An offline method for patch change management of cyber assets, comprising:
- reading patch update information stored on computer-readable storage media using at least one reader device configured to couple to at least one industrial control system, wherein the at least one industrial control system is configured to monitor an industrial facility;
  
  scanning at least portions of the industrial control system that includes at least one cyber asset;
  
  generating a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset, wherein the scan report comprises an estimated install time associated with the at least one patch; and
  
  generating one or more cumulative reports comprising one or more patches not yet deployed to the at least one industrial control system.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the scan report further including comprises a restart requirement of the at least one patch.
  - 10. The method of claim 8, wherein reading the patch update information stored on computer-readable storage media using the at least one reader device comprises inserting a hash encrypted computer-readable storage media with XML files that identify one or more predetermined patches within the patch update information.
  - 11. The method of claim 8, wherein reading patch update information stored on computer-readable storage media using the at least one reader device comprises running a software update scan tool directly from the computer-readable storage media through the at least one reader device.
  - 12. The method of claim 11, further comprising receiving one or more inputs via a user interface, wherein the inputs correspond to the portions of the industrial control system to be scanned.
  - 13. The method in of claim 11, further comprising generating a software update baseline in a database.

14. An industrial facility comprising:
- at least one industrial control system comprising at least one cyber asset, wherein the at least one industrial control system is configured to monitor the industrial facility; and
  
  an offline patch change management system comprising;
  
  at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein;
  
  a memory device coupled to the at least one reader device, wherein the memory device is configured to store the patch update information; and
  
  a processor coupled to the memory device, wherein the processor is configured to;
  
  scan the at least one cyber asset;
  
  generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset, wherein the scan report comprises an estimated install time associated with the at least one patch; and
  
  generate a cumulative scan report comprising one or more patches not yet deployed to the at least one industrial control system.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The industrial facility of claim 14, wherein the scan report comprises a criticality rating associated with the at least one patch and a restart requirement associated with the at least one patch.
  - 16. The industrial facility of claim 14, wherein the processor is configured to facilitate backups of at least a portion of the at least one industrial control system.
  - 17. The industrial facility of claim 14, wherein the processor is configured to:
    - determine a presence of one or more previous scan reports.
  - 18. The industrial facility of claim 14, wherein the processor is configured to read updated patch database files that are hash encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Baker Hughes Holdings LLC (Baker Hughes Company)
Original Assignee
General Electric Company
Inventors
Alls, Lindy Lawrence, Peterson, Susan Ruth, Taylor, Eric Fiedler
Primary Examiner(s)
Khatri, Anil

Application Number

US13/669,770
Publication Number

US 20140130033A1
Time in Patent Office

714 Days
Field of Search

717172-176, 709/203
US Class Current

717/172
CPC Class Codes

G06F 8/65 Updates security arrangemen...

Method and system for use in facilitating patch change management of industrial control systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for use in facilitating patch change management of industrial control systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links