Methods and apparatus to identify a degradation of integrity of a process control system

US 9,349,011 B2
Filed: 05/16/2012
Issued: 05/24/2016
Est. Priority Date: 05/16/2012
Status: Active Grant

First Claim

Patent Images

1. A method to identify a degradation of integrity of a process control system, the method comprising:

monitoring, with a processor, a file on a file system of the process control system;

verifying, with the processor, if the file is identified in a system profile, the system profile identifying files expected to be present on the file system;

identifying, with the processor, a degradation of integrity of the process control system when the file is not identified in the system profile;

alerting a process control system provider when the degradation of integrity is identified to indicate that a process control system administrator has attempted to modify the process control system, the process control system provider to supply the process control system to the process control system administrator; and

terminating an illegitimate process associated with the file identified in the system profile when the degradation of integrity is identified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to identify a degradation of integrity of a process control system are disclosed. An example method includes identifying a file on a file system of the process control system. The example method further includes determining if the file is identified in a system profile, the system profile identifying files expected to be present. A degradation of integrity of the process control system is identified when the file is not identified in the system profile.

19 Citations

21 Claims

1. A method to identify a degradation of integrity of a process control system, the method comprising:
- monitoring, with a processor, a file on a file system of the process control system;
  
  verifying, with the processor, if the file is identified in a system profile, the system profile identifying files expected to be present on the file system;
  
  identifying, with the processor, a degradation of integrity of the process control system when the file is not identified in the system profile;
  
  alerting a process control system provider when the degradation of integrity is identified to indicate that a process control system administrator has attempted to modify the process control system, the process control system provider to supply the process control system to the process control system administrator; and
  
  terminating an illegitimate process associated with the file identified in the system profile when the degradation of integrity is identified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method described in claim 1, further comprising:
    - comparing the file to a value associated with the file in the system profile when the file is included in the system profile to determine whether the file matches the value; and
      
      identifying the degradation of integrity of the process control system when the file is included in the system profile and when the file does not match the value.
  - 3. The method as described in claim 1, further comprising alerting the process control system administrator when the degradation of integrity is identified.
  - 4. The method as described in claim 1, wherein the degradation of integrity is not identified when the file is identified as an exception to the system profile.
  - 5. The method as described in claim 1, further comprising initializing the system profile, wherein initializing the system profile comprises:
    - identifying the file on the file system;
      
      computing a value associated with the file; and
      
      storing the value in the system profile.
  - 6. The method as described in claim 1, further comprising retrieving the system profile from a remote profile server.
  - 7. The method as described in claim 1, further comprising:
    - identifying a process being executed by a processor of the process control system; and
      
      wherein the file identified on the file system is associated with the process being executed by the processor.
  - 8. The method as described in claim 1, further comprising:
    - identifying network communications of a network communicator of the process control system;
      
      comparing a property of the network communications to a stored property of the system profile; and
      
      identifying the degradation of integrity of the process control system when the property of the network communications does not match the stored property of the system profile.

9. A method to identify a degradation of integrity of a process control system, the method comprising:
- identifying, with a processor, a file on a file system of the process control system;
  
  computing a hash value of the file;
  
  comparing the computed hash value to a value associated with the file in a system profile, wherein the value associated with the file in the system profile is a previously computed hash value;
  
  identifying, with the processor, a degradation of integrity of the process control system when the computed hash value does not match the value associated with the file;
  
  alerting a process control system provider when the degradation of integrity is identified to indicate that a process control system administrator has attempted to modify the process control system, the process control system provider to supply the process control system to the process control system administrator; and
  
  terminating an illegitimate process associated with the file when the degradation of integrity is identified.

10. An apparatus to identify a degradation of integrity of a process control system, the apparatus comprising:
- a file system verifier to monitor a difference between a property of a file stored on a file system of a process control node and a first stored value as a degradation of integrity;
  
  an active process verifier to identify a difference between a property of an active process executed by the process control node and a second stored value as the degradation of integrity; and
  
  an alerter to alert a process control system provider when the degradation of integrity is identified to indicate that a customer has attempted to modify the process control system, the alerter to terminate an illegitimate process associated with the file when the degradation of integrity is identified, the process control system provider to provide the process control system to a process control system administrator of the process control system, wherein at least one of the file system verifier, the active process verifier, or the alerter is implemented by hardware.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The apparatus as described in claim 10, wherein the alerter is to alert the process control system administrator when the degradation of integrity is identified.
  - 12. The apparatus as described in claim 10, wherein the first stored value is a hash value, and the property of the file is a computed hash value.
  - 13. The apparatus as described in claim 10, wherein the property of the active process is a computed hash value of a file associated with the process.
  - 14. The apparatus as described in claim 11, wherein the alerter is to alert at least one of the process control system provider or the process control system administrator by sending an email message.
  - 15. The apparatus as described in claim 10, further comprising a network communications verifier to detect a difference between a property of monitored network communications of a network communicator of the process control node and a third stored value as the degradation.

16. A tangible computer-readable storage disk or storage device storing instructions which, when executed, cause a machine to at least:
- monitor a file on a file system of a process control system;
  
  verify whether the file is identified in a system profile, the system profile identifying files expected to be present on the file system;
  
  identify a degradation of integrity of the process control system when the file is not identified in the system profile;
  
  alert a process control system provider when the degradation of integrity is identified to indicate that a process control system administrator has attempted to modify the process control system, the process control system provider to supply the process control system to the process control system administrator; and
  
  terminate an illegitimate process associated with the file when the degradation of integrity is identified.
- View Dependent Claims (17, 18, 19)
- - 17. The computer-readable storage disk or storage device as described in claim 16, further storing instructions which, when executed, cause the machine to at least:
    - compare the file to a value associated with the file in the system profile when the file is included in the system profile to determine whether the file matches the value; and
      
      identify the degradation of integrity of the process control system when the file is included in the system profile and when the file does not match the value.
  - 18. The computer-readable storage disk or storage device as described in claim 16, further storing instructions which, when executed, cause the machine to at least:
    - identify a process being executed by a processor of the process control system; and
      
      wherein the file identified on the file system is associated with the process being executed by the processor.
  - 19. The computer-readable storage disk or storage device as described in claim 16, further storing instructions which, when executed, cause the machine to at least:
    - identify network communications of a network communicator of the process control system;
      
      compare a property of the network communications to a stored property of the system profile; and
      
      identify the degradation of integrity of the process control system when the property of the network communications does not match the stored property of the system profile.

20. A tangible computer-readable storage disk or storage device storing instructions which, when executed, cause a machine to at least:
- identify a file on a file system of a process control system;
  
  compute a hash value of the file;
  
  compare the computed hash value to a value associated with the file in a system profile, wherein the value associated with the file in the system profile is a previously computed hash value;
  
  identify a degradation of integrity of the process control system when the computed hash value does not match the value associated with the file;
  
  alert a process control system provider when the degradation of integrity is identified to indicate that a process control system administrator has attempted to modify the process control system, the process control system provider to supply the process control system to the process control system administrator; and
  
  terminate an illegitimate process associated with the file when the degradation of integrity is identified.

21. A method to identify a degradation of integrity of a process control system, the method comprising:
- monitoring, with a processor, a file on a file system of the process control system, the process control system to control at least one of industrial or utility service facilities;
  
  verifying, with the processor, if the file is identified in a system profile, the system profile identifying files expected to be present on the file system;
  
  identifying, with the processor, a degradation of integrity of the process control system when the file is not identified in the system profile;
  
  alerting a process control system provider when the degradation of integrity is identified to indicate that a customer operator has modified the process control system, the process control system provider to configure and supply the process control system to the customer operator; and
  
  terminating an illegitimate process associated with the file when the degradation of integrity is identified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fisher-Rosemount Systems Incorporated (Emerson Electric Company)
Original Assignee
Fisher-Rosemount Systems Incorporated (Emerson Electric Company)
Inventors
Jones, Aaron C., Havekost, Robert B.
Primary Examiner(s)
CHANG, KENNETH W

Application Number

US13/472,916
Publication Number

US 20130307690A1
Time in Patent Office

1,469 Days
Field of Search

713/187
US Class Current

1/1
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 21/64 Protecting data integrity, ...

Methods and apparatus to identify a degradation of integrity of a process control system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus to identify a degradation of integrity of a process control system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others