Enhanced security SCADA systems and methods

US 9,298,917 B2
Filed: 01/13/2012
Issued: 03/29/2016
Est. Priority Date: 09/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method of operating a Supervisory Control and Data Acquisition (SCADA) element in a first security mode defined by a first security policy, the SCADA element included in a SCADA system, comprising:

monitoring applications, processes, and tasks that access a processor of the SCADA element by a SCADA element security monitor that is unique to the SCADA element and is distinct from a system security monitor that is associated with a system security server of the SCADA system, wherein the SCADA element security monitor monitors the SCADA element alone in a manner unique to the SCADA element security monitor while the system security monitor monitors each SCADA element included in the SCADA system via the system security server, wherein the SCADA element security monitor is configured to detect malicious code that is uniquely tailored to attack the SCADA element, and wherein the system security monitor alone is insufficient in detecting the malicious code;

determining one or more violations of the first security policy by a violating application, process, or task associated with the malicious code that accesses the processor of the SCADA element the determining being performed by the SCADA element security monitor unique to the SCADA element, wherein the first security policy is stored on the SCADA element and is unique to the SCADA element and wherein the first security policy is configured to trigger a graduated action that is customized to prevent the malicious code from tampering with the processor of the SCADA element; and

taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for a secure supervisory control and data acquisition (SCADA) system. Secure SCADA elements (SSEs) have individual system security monitoring and enforcement of policies throughout the SCADA system. And isolation core ensures that a system security monitor monitors and takes appropriate action with respect to untrusted applications that may impact an SSE. The system security server provides policy enforcement on all of the SSEs that exist on the system. New security policies are created that are populated to individual SSEs in the system. Biomorphing algorithms allow for system uniqueness to be derived over time further enhancing security of SSEs.

27 Citations

View as Search Results

28 Claims

1. A method of operating a Supervisory Control and Data Acquisition (SCADA) element in a first security mode defined by a first security policy, the SCADA element included in a SCADA system, comprising:
- monitoring applications, processes, and tasks that access a processor of the SCADA element by a SCADA element security monitor that is unique to the SCADA element and is distinct from a system security monitor that is associated with a system security server of the SCADA system, wherein the SCADA element security monitor monitors the SCADA element alone in a manner unique to the SCADA element security monitor while the system security monitor monitors each SCADA element included in the SCADA system via the system security server, wherein the SCADA element security monitor is configured to detect malicious code that is uniquely tailored to attack the SCADA element, and wherein the system security monitor alone is insufficient in detecting the malicious code;
  
  determining one or more violations of the first security policy by a violating application, process, or task associated with the malicious code that accesses the processor of the SCADA element the determining being performed by the SCADA element security monitor unique to the SCADA element, wherein the first security policy is stored on the SCADA element and is unique to the SCADA element and wherein the first security policy is configured to trigger a graduated action that is customized to prevent the malicious code from tampering with the processor of the SCADA element; and
  
  taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the SCADA element comprises one or more of a supervisory computer system, a programmable logic controller, a remote terminal unit, and a human-machine interface.
  - 3. The method of claim 1, wherein taking the graduated action comprises one or more of:
    - ignoring the violation, logging the violation, informing a system security server of the violation, shutting down at least one of the violating applications, processes, or tasks on the SCADA element, erasing data from the SCADA element, encrypting data on the SCADA element, disabling the SCADA element, and shutting down or rebooting the SCADA system containing the SCADA element.
  - 4. The method of claim 1, further comprising:
    - determining whether the determined violation exceeds a threshold number of violations; and
      
      taking the second graduated action pursuant to the first security policy when the determined violation exceeds the threshold number of violations.
  - 5. The method of claim 1, wherein taking the graduated action comprises:
    - transmitting information relating to the determined violation to the system security server;
      
      receiving a command from the system security server to take one or more further actions in response to the determined violation; and
      
      taking the graduated action.
  - 6. The method of claim 1, further comprising:
    - transmitting information relating to at least one of the applications, processes, or tasks to the system security server;
      
      receiving a message from the system security server that at least one of the applications, processes, or tasks is determined to be trusted or untrusted; and
      
      monitoring at least one of the applications, processes, or tasks based on the determination as trusted or untrusted, wherein an untrusted application, process, or task is monitored at a higher level of scrutiny than a trusted application, process, or task.
  - 7. The method of claim 6, wherein all of the applications, processes and tasks are monitored as untrusted until all of the applications, processes and tasks are determined to be trusted by the system security server.
  - 8. The method of claim 1, further comprising:
    - monitoring an operating system kernel of the SCADA element;
      
      determining one or more violations of the first security policy by the operating system kernel; and
      
      taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy by the operating system kernel.
  - 9. The method of claim 1, further comprising:
    - receiving a new or updated security policy that is unique to the SCADA element from at least one of the system security server and another SCADA element;
      
      monitoring applications, processes and tasks that access the processor of the SCADA element by the SCADA element system monitor; and
      
      determining one or more violations of the new or updated security policy in response to the detection of one or more violations.
  - 10. The method of claim 1, further comprising:
    - storing data on the SCADA element that has been encrypted using a first encryption key;
      
      reading the stored data;
      
      re-encrypting the data using a second encryption key; and
      
      storing the data on the SCADA element that has been encrypted using the second encryption key.
  - 11. The method of claim 10, wherein the data is read and re-encrypted at intervals determined using a biomorphic algorithm.
  - 12. The method of claim 11, further comprising:
    - mapping addresses between a virtual memory and a physical memory on the SCADA element; and
      
      re-mapping the addresses to different memory locations, wherein at least one of the different memory locations and the interval between re-mappings is determined using the biomorphic algorithm.
  - 13. The method of claim 9, further comprising:
    - switching from the first security mode defined by the first security policy to a second security mode defined by a second security policy that is unique to the SCADA element and is distinct from the system security monitor that is associated with the system security server;
      
      monitoring applications, processes, and tasks that access the processor of the SCADA element by the SCADA element security monitor;
      
      determining one or more violations of the second security policy by a violating application, process, or task that accesses the processor of the SCADA element by the SCADA element security monitor; and
      
      taking an additional graduated action pursuant to the second security policy in response to the detection of one or more violations of the second security policy.
  - 14. The method of claim 13, further comprising:
    - storing a plurality of security policies in a security policy library included in the system security server that is associated with the SCADA system; and
      
      transmitting by the system security sever all or a portion of at least one security policy to at least one SCADA element included in the SCADA system over a communication network.
  - 15. The method of claim 14, wherein each of the plurality of security policies include limits on the capabilities of one or more SCADA elements from the group consisting of:
    - a Control IO, Management IO, controlling devices associated with each SCADA element, and transitioning between the first security policy and the second security policy.
  - 16. The method of claim 14, further comprising:
    - storing cryptographic material associated with a plurality of SCADA elements; and
      
      transmitting cryptographic material to at least one SCADA element over the communication network.

17. A secure Supervisory Control and Data Acquisition (SCADA) element that operates in a first security mode defined by a first security policy, the SCADA element included in a SCADA system, comprising:
- a processor configured with executable instructions to perform operations, the executable instructions comprising;
  
  monitoring applications, processes, and tasks that access the processor by a SCADA element security monitor that is unique to the processor of the SCADA element and is distinct from a system security monitor that is associated with a system security server of the SCADA system, wherein the SCADA element security monitor monitors the SCADA element alone in a manner unique to the SCADA element security monitor while the system security monitor monitors each SCADA element included in the SCADA system via the system security server, wherein the SCADA element security monitor is configured to detect malicious code that is uniquely tailored to attack the SCADA element and wherein the system security monitor alone is insufficient in detecting the malicious code;
  
  determining one or more violations of the first security policy by a violating application, process, or task associated with the malicious code that accesses the processor of the SCADA element the determining being performed by the SCADA element security monitor unique to the SCADA element, wherein the first security policy is stored on the SCADA element security monitor and is unique to the SCADA element and wherein the first security policy is configured to trigger a graduated action that is customized to prevent the malicious code from tampering with the processor of the SCADA element; and
  
  taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The SCADA element of claim 17, wherein the SCADA element comprises one or more of a supervisory computer system, a programmable logic controller, a remote terminal unit, and a human-machine interface.
  - 19. The SCADA element of claim 17, wherein the graduated action is selected from a group consisting of:
    - ignoring the violation, logging the violation, informing a system security server of the violation, shutting down at least one of the violating applications, processes or tasks on the SCADA element, disabling the SCADA element from the SCADA system, shutting down the SCADA element, rebooting the SCADA element, and shutting down or rebooting the SCADA system containing the SCADA element.
  - 20. The SCADA element of claim 17, wherein the executable instructions further comprise:
    - transmitting information relating to the determined violation to the system security server;
      
      receiving a command from the system security server to take one or more further actions in response to the determined violation; and
      
      taking the graduated action.
  - 21. The SCADA element of claim 17, wherein the executable instructions further comprise:
    - transmitting information relating to the at least one of the applications, processes, or tasks to the system security server;
      
      receiving a message from the system security server that at least one of the applications, processes, or tasks is determined to be trusted or untrusted; and
      
      monitoring the at least one of the applications, processes, or tasks based on the determination as trusted or untrusted, wherein an untrusted application, process, or task is monitored at a higher level of scrutiny than a trusted application, process, or task.
  - 22. The SCADA element of claim 21, wherein the executable instructions further comprise:
    - receiving a message from the system security server and another SCADA element updating a status of the application, process or task from untrusted to trusted or from trusted to untrusted.
  - 23. The SCADA element of claim 17, wherein the executable instructions further comprise:
    - receiving a new or updated security policy that is unique to the SCADA element from at least one of the system security server and another SCADA element;
      
      determining one or more violations of the new or updated security policy by the violating application, process or task; and
      
      taking the graduated action pursuant to the new or updated security policy in response to the detection of one or more violations.
  - 24. The SCADA element of claim 17, wherein the executable instructions further comprise:
    - storing the data on the SCADA element that has been encrypted using a first encryption key;
      
      reading the stored data;
      
      re-encrypting the data using a second encryption key; and
      
      storing the data on the SCADA element that has been encrypted using the second encryption key, wherein the data is read and re-encrypted at intervals determined using a biomorphic algorithm.
  - 25. The SCADA element of claim 24, wherein the executable instructions further comprise:
    - mapping addresses between a virtual memory and a physical memory on the SCADA element; and
      
      re-mapping the addresses to different memory locations, wherein at least one of the different memory locations and interval between re-mappings is determined using the biomorphic algorithm.
  - 26. The SCADA element of claim 23, wherein the executable instructions further comprise:
    - switching from the first security mode defined by the first security policy to a second security mode defined by the second security policy that is unique to the SCADA element and is distinct from the system security monitor that is associated with the system security server;
      
      monitoring applications, processes and tasks that access the processor of the SCADA element by the SCADA element security monitor;
      
      determining one or more violations of the second security policy by a violating application, process or task that accesses the processor of the SCADA element by the SCADA element security monitor; and
      
      taking an additional graduated action pursuant to the second security policy in response to the detection of one or more violations of the second security policy.
  - 27. The SCADA element of claim 17, wherein the executable instructions further comprise:
    - determining whether the determined violation exceeds a threshold number of violations; and
      
      taking a second graduated action pursuant to the first security policy when the determined violation exceeds the threshold number of violations.
  - 28. The SCADA element of claim 17, wherein the executable instructions further comprise:
    - monitoring an operating system kernel of the SCADA element;
      
      determining one or more violations of the first security policy by the operating system kernel; and
      
      taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy by the operating system kernel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Redwall Technologies, LLC
Original Assignee
Redwall Technologies, LLC
Inventors
Uner, Eric Ridvan, Matthews, Joshua Scott, Leslie, Benjamin James, Kobrinetz, Anthony, Singer, Martin H.
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
NAJEE-ULLAH, TARIQ S

Application Number

US13/350,599
Publication Number

US 20130081103A1
Time in Patent Office

1,537 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/56 Computer malware detection ...

G06F 21/577 Assessing vulnerabilities a...

Enhanced security SCADA systems and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced security SCADA systems and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links