Enhanced security SCADA systems and methods
First Claim
1. A method of operating a Supervisory Control and Data Acquisition (SCADA) element in a first security mode defined by a first security policy, the SCADA element included in a SCADA system, comprising:
- monitoring applications, processes, and tasks that access a processor of the SCADA element by a SCADA element security monitor that is unique to the SCADA element and is distinct from a system security monitor that is associated with a system security server of the SCADA system, wherein the SCADA element security monitor monitors the SCADA element alone in a manner unique to the SCADA element security monitor while the system security monitor monitors each SCADA element included in the SCADA system via the system security server, wherein the SCADA element security monitor is configured to detect malicious code that is uniquely tailored to attack the SCADA element, and wherein the system security monitor alone is insufficient in detecting the malicious code;
determining one or more violations of the first security policy by a violating application, process, or task associated with the malicious code that accesses the processor of the SCADA element the determining being performed by the SCADA element security monitor unique to the SCADA element, wherein the first security policy is stored on the SCADA element and is unique to the SCADA element and wherein the first security policy is configured to trigger a graduated action that is customized to prevent the malicious code from tampering with the processor of the SCADA element; and
taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for a secure supervisory control and data acquisition (SCADA) system. Secure SCADA elements (SSEs) have individual system security monitoring and enforcement of policies throughout the SCADA system. And isolation core ensures that a system security monitor monitors and takes appropriate action with respect to untrusted applications that may impact an SSE. The system security server provides policy enforcement on all of the SSEs that exist on the system. New security policies are created that are populated to individual SSEs in the system. Biomorphing algorithms allow for system uniqueness to be derived over time further enhancing security of SSEs.
27 Citations
28 Claims
-
1. A method of operating a Supervisory Control and Data Acquisition (SCADA) element in a first security mode defined by a first security policy, the SCADA element included in a SCADA system, comprising:
-
monitoring applications, processes, and tasks that access a processor of the SCADA element by a SCADA element security monitor that is unique to the SCADA element and is distinct from a system security monitor that is associated with a system security server of the SCADA system, wherein the SCADA element security monitor monitors the SCADA element alone in a manner unique to the SCADA element security monitor while the system security monitor monitors each SCADA element included in the SCADA system via the system security server, wherein the SCADA element security monitor is configured to detect malicious code that is uniquely tailored to attack the SCADA element, and wherein the system security monitor alone is insufficient in detecting the malicious code; determining one or more violations of the first security policy by a violating application, process, or task associated with the malicious code that accesses the processor of the SCADA element the determining being performed by the SCADA element security monitor unique to the SCADA element, wherein the first security policy is stored on the SCADA element and is unique to the SCADA element and wherein the first security policy is configured to trigger a graduated action that is customized to prevent the malicious code from tampering with the processor of the SCADA element; and taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A secure Supervisory Control and Data Acquisition (SCADA) element that operates in a first security mode defined by a first security policy, the SCADA element included in a SCADA system, comprising:
-
a processor configured with executable instructions to perform operations, the executable instructions comprising; monitoring applications, processes, and tasks that access the processor by a SCADA element security monitor that is unique to the processor of the SCADA element and is distinct from a system security monitor that is associated with a system security server of the SCADA system, wherein the SCADA element security monitor monitors the SCADA element alone in a manner unique to the SCADA element security monitor while the system security monitor monitors each SCADA element included in the SCADA system via the system security server, wherein the SCADA element security monitor is configured to detect malicious code that is uniquely tailored to attack the SCADA element and wherein the system security monitor alone is insufficient in detecting the malicious code; determining one or more violations of the first security policy by a violating application, process, or task associated with the malicious code that accesses the processor of the SCADA element the determining being performed by the SCADA element security monitor unique to the SCADA element, wherein the first security policy is stored on the SCADA element security monitor and is unique to the SCADA element and wherein the first security policy is configured to trigger a graduated action that is customized to prevent the malicious code from tampering with the processor of the SCADA element; and taking the graduated action pursuant to the first security policy in response to the detection of one or more violations of the first security policy. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification