System and method for logging security events for an industrial control system
First Claim
Patent Images
1. An industrial control system, comprising:
- a security server that is part of an industrial control network, wherein the security server comprises a memory and a processor configured to;
receive a first set of communications from a human machine interface (HMI) device via the industrial control network, wherein the first set of communications relates to HMI device security events;
receive a second set of communications from an industrial controller via the industrial control network, wherein the second set of communications relates to industrial controller security events;
establish a network connection between the security server and a managed security service provider (MSSP) that is part of an external network separate from the industrial control network;
package and send, via the network connection, the first and second sets of communications to the MSSP for analysis;
receive, via the network connection, a security alert from the MSSP describing a security concern for the industrial control system identified by the MSSP during the analysis of the first and second sets of communications; and
instruct the HMI to present the security alert to an operator.
4 Assignments
0 Petitions
Accused Products
Abstract
A system includes a security server including a memory and a processor configured to receive a first set of communications from a human machine interface (HMI) device, wherein the first set of communications relates to HMI device security events. The security server is also configured to receive a second set of communications from an industrial controller, wherein the second set of communications relates to industrial controller security events. The security server is further configured to package and send the received first and second sets of communications to a remote managed security service provider (MSSP) for analysis.
83 Citations
20 Claims
-
1. An industrial control system, comprising:
a security server that is part of an industrial control network, wherein the security server comprises a memory and a processor configured to; receive a first set of communications from a human machine interface (HMI) device via the industrial control network, wherein the first set of communications relates to HMI device security events; receive a second set of communications from an industrial controller via the industrial control network, wherein the second set of communications relates to industrial controller security events; establish a network connection between the security server and a managed security service provider (MSSP) that is part of an external network separate from the industrial control network; package and send, via the network connection, the first and second sets of communications to the MSSP for analysis; receive, via the network connection, a security alert from the MSSP describing a security concern for the industrial control system identified by the MSSP during the analysis of the first and second sets of communications; and instruct the HMI to present the security alert to an operator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method, comprising:
-
aggregating security logs using a security server of an industrial control system, wherein the security logs comprise security events for a plurality of devices of the industrial control system; establishing a network connection between the security server and a managed security service provider (MSSP), wherein the MSSP is disposed on an external network separate from the industrial control system; and packaging and sending the security logs from the security server to the MSSP via the network connection; and receiving, via the network connection, a security alert from the MSSP based on one or more security concerns identified by the MSSP during analysis of the security logs; and instructing one of the plurality of devices of the industrial control system to present the security alert to an operator. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A tangible, non-transitory, computer-readable medium configured to store instructions executable by a processor of an electronic device, the instructions comprising:
-
instructions for a local processor of an industrial control network to receive security notifications from a human machine interface (HMI) device and an industrial controller of the industrial control network; instructions for the local processor to establish a network connection to a remote processor of an external network that is separate from the industrial control network; instructions for the local processor to send the received security notifications to the remote processor for analysis; instructions for the local processor to receive, from the remote processor, one or more security alerts relating to security problems with the HMI device, the industrial controller, or both, based on the analysis; and instructions for the local processor to instruct the HMI to present the security alert to an operator. - View Dependent Claims (19, 20)
-
Specification