Systems and methods for secure operation of an industrial controller

US 8,973,124 B2
Filed: 04/30/2012
Issued: 03/03/2015
Est. Priority Date: 04/30/2012
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an industrial controller comprising a memory and a processor configured to;

operate the industrial controller in an open mode, wherein the open mode is configured to enable the processor of the industrial controller to receive instructions via an unauthenticated network connection or a local connection; and

subsequently operate the industrial controller in a secure mode instead of the open mode, wherein the secure mode is configured to enable the processor of the industrial controller to receive instructions only via an authenticated network connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes an industrial controller having a memory and a processor configured to operate the industrial controller in an open mode, wherein the open mode is configured to enable the industrial controller to receive instructions via unauthenticated network connection or a local connection. The processor of the industrial controller is further configured to operate the industrial controller in a secure mode, wherein the secure mode is configured to enable the industrial controller to receive instructions only via an authenticated network connection.

69 Citations

View as Search Results

20 Claims

1. A system, comprising:
- an industrial controller comprising a memory and a processor configured to;
  
  operate the industrial controller in an open mode, wherein the open mode is configured to enable the processor of the industrial controller to receive instructions via an unauthenticated network connection or a local connection; and
  
  subsequently operate the industrial controller in a secure mode instead of the open mode, wherein the secure mode is configured to enable the processor of the industrial controller to receive instructions only via an authenticated network connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, comprising a whitelist stored in the memory of the industrial controller, wherein the whitelist comprises a plurality of values, wherein each value is associated with an executable file stored in the memory of the industrial controller.
  - 3. The system of claim 2, wherein the open mode is configured to enable the industrial controller to execute any of a plurality of executable files stored in the memory.
  - 4. The system of claim 2, wherein the secure mode is configured to block the processor of the industrial controller from executing any of the plurality of executable files stored in the memory that lack an associated value in the whitelist.
  - 5. The system of claim 1, wherein the processor is configured to operate the industrial controller in a negotiation mode, wherein the negotiation mode is configured to enable the processor of the industrial controller to acquire a certificate from a certificate authority (CA) and disable unauthenticated network connections and local connections to the industrial controller.
  - 6. The system of claim 5, wherein the processor is configured to operate the industrial controller in an authentication mode, wherein the authentication mode is configured to enable the processor of the industrial controller to use the certificate acquired from the CA establish the authenticated network connection between the industrial controller and a configuration tool.
  - 7. The system of claim 6, wherein the authenticated network connection is an encrypted authenticated network connection.
  - 8. The system of claim 1, wherein the processor is configured to continue operating the industrial controller in the secure mode throughout power-cycling, software upgrades, application downloads, or any combination thereof, after the industrial controller begins operating in the secure mode.
  - 9. The system of claim 1, wherein the unauthenticated network connection comprises a Telnet or file transfer protocol (FTP) connection, and wherein the authenticated network connection comprises a secure socket layer (SSL) connection.
  - 10. The system of claim 1, comprising an industrial system having the industrial controller, wherein the industrial system comprises a gasifier, a gas treatment unit, a turbine, a generator, or a combination thereof.

11. A method, comprising:
- operating an industrial controller in an open mode, wherein the industrial controller is configured to mutually exclusively operate in one of the open mode, a negotiation mode, an authentication mode, or a secure mode, and wherein the open mode comprises a processor of the industrial controller communicating with a configuration tool using an unauthenticated network connection;
  
  receiving instructions from the configuration tool to operate the industrial controller in the secure more;
  
  operating the industrial controller in the negotiation mode, wherein the negotiation mode comprises the processor acquiring a security certificate from a certificate authority and disabling unauthenticated network connections; and
  
  operating the industrial controller in the authentication mode, wherein the authenticating mode comprises the processor establishing a certificate-authenticated network connection with the configuration tool; and
  
  operating the industrial controller in the secure mode, wherein the secure mode comprises the processor communicating with the configuration tool via the certificate-authenticated network connection.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein the secure mode comprises blocking the processor of the industrial controller from executing binary files that lack corresponding entries in a whitelist.
  - 13. The method of claim 12, establishing a certificate-authenticated connection comprises the processor of the industrial controller establishing a certificate-authenticated, encrypted connection with the configuration tool.
  - 14. The method of claim 11, wherein the secure mode comprises disabling access to the processor of the industrial controller via a local port.

15. A tangible, non-transitory, computer-readable medium configured to store instructions executable by a processor of an industrial controller, the instruction comprising:
- instructions to cease operating in an open mode and to begin operating in a secure mode, comprising;
  
  instructions to block the processor from receiving instructions via unauthenticated network connections or via local ports;
  
  instructions to enable the processor to receive instructions via authenticated network connections; and
  
  instructions for the processor to verify that an executable file stored on the computer-readable medium has not been altered before executing the file.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The medium of claim 15, comprising instructions to receive instructions from a configuration tool to change the industrial controller from the open mode of operation to the secure mode of operation.
  - 17. The medium of claim 16, comprising instructions to enable the industrial controller resume the secure mode of operation after power-cycling, software upgrades, application downloads, or any combination thereof.
  - 18. The medium of claim 15, wherein the instructions to cease operating in the open mode and to begin operating in the secure mode comprise:
    - instructions to contact a certificate authority and obtain a certificate; and
      
      instructions to use the certificate to communicate with a configuration tool via an authenticated network connection, an encrypted network connection, or an authenticated, encrypted network connection.
  - 19. The medium of claim 15, wherein the instructions to verify that the executable file not been altered comprise:
    - instructions to determine a hash key value for the executable file; and
      
      instructions to determine that the executable file has not been altered when the hash key value is present in a whitelist file.
  - 20. The medium of claim 15, wherein the industrial controller comprises a gasifier controller, a gas treatment controller, a turbine controller, a generator controller, or any combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GE Infrastructure Technology, LLC (General Electric Company)
Original Assignee
General Electric Company
Inventors
Chong, Justin Brandon, Socky, David Richard, Thakur, Pavan Kumar Singh, Pettigrew, William Robert, Boring, Robert James
Primary Examiner(s)
HOFFMAN, BRANDON S

Application Number

US13/460,794
Publication Number

US 20130291085A1
Time in Patent Office

1,037 Days
Field of Search

None
US Class Current

726/10
CPC Class Codes

G05B 19/048   Monitoring; Safety

G05B 19/414   Structure of the control sy...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

Y04S 40/20   Information technology spec...

Systems and methods for secure operation of an industrial controller

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure operation of an industrial controller

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links