Apparatus and method for assigning cyber-security risk consequences in industrial process control environments

US 9,800,604 B2
Filed: 05/06/2015
Issued: 10/24/2017
Est. Priority Date: 05/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying multiple devices or groups of devices in an industrial process control and automation system;

for each device or group of devices;

obtaining impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks, wherein multiple impact values associated with different categories of potential effects are obtained; and

identifying a consequence value using the impact values, the consequence value identifying an overall effect of the failure or compromise of the device or group of devices; and

using the consequence value for a first of the devices or groups of devices to modify the consequence value for a second of the devices or groups of devices based on a process control connection between the first and second devices or groups of devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes identifying multiple devices or groups of devices in an industrial process control and automation system. The method also includes, for each device or group of devices, (i) obtaining impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks and (ii) identifying a consequence value using the impact values. Multiple impact values associated with different categories of potential effects are obtained, and the consequence value identifies an overall effect of the failure or compromise of the device or group of devices.

129 Citations

21 Claims

1. A method comprising:
- identifying multiple devices or groups of devices in an industrial process control and automation system;
  
  for each device or group of devices;
  
  obtaining impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks, wherein multiple impact values associated with different categories of potential effects are obtained; and
  
  identifying a consequence value using the impact values, the consequence value identifying an overall effect of the failure or compromise of the device or group of devices; and
  
  using the consequence value for a first of the devices or groups of devices to modify the consequence value for a second of the devices or groups of devices based on a process control connection between the first and second devices or groups of devices.
- View Dependent Claims (2, 3, 4, 6, 7)
- - 2. The method of claim 1, wherein the different categories of potential effects comprise:
    - a category associated with impacts to health or safety of individuals or to an environment associated with the control and automation system;
      
      a category associated with a production process performed or managed by the control and automation system; and
      
      a category associated with an organization operating the control and automation system.
  - 3. The method of claim 2, wherein each impact value comprises an identification of one of:
    - no impact, a minor impact, a moderate impact, a high impact, and a critical impact.
  - 4. The method of claim 1, wherein identifying the consequence value for one device or group of devices comprises:
    - assigning a numerical value to each of the impact values obtained for the device or group of devices; and
      
      identifying a largest of the numerical values associated with the device or group of devices.
  - 6. The method of claim 1, further comprising:
    - generating a graphical user interface identifying details of at least one of the one or more cyber-security risks, the details identifying at least one of the potential effects associated with at least one of the devices or groups of devices.
  - 7. The method of claim 1, wherein obtaining the impact values comprises:
    - presenting a graphical user interface comprising a list of the devices or groups of devices and inputs for each device or group of devices, the inputs configured to receive the impact values in the different categories.

5. A method comprising:
- identifying multiple devices or groups of devices in an industrial process control and automation system; and
  
  for each device or group of devices;
  
  obtaining impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks, wherein multiple impact values associated with different categories of potential effects are obtained;
  
  identifying a consequence value using the impact values, the consequence value identifying an overall effect of the failure or compromise of the device or group of devices; and
  
  calculating one or more risk scores associated with the device or group of devices, each risk score associated with at least one of the one or more cyber-security risks and calculated using the consequence value for the device or group of devices.
- View Dependent Claims (8)
- - 8. The method of claim 5, further comprising:
    - using the consequence value for a first of the devices or groups of devices to modify the consequence value for a second of the devices or groups of devices based on a process control connection between the first and second devices or groups of devices.

9. An apparatus comprising:
- at least one processing device configured to;
  
  identify multiple devices or groups of devices in an industrial process control and automation system;
  
  for each device or group of devices;
  
  obtain impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks, wherein multiple impact values associated with different categories of potential effects are obtained; and
  
  identify a consequence value using the impact values, the consequence value identifying an overall effect of the failure or compromise of the device or group of devices; and
  
  use the consequence value for a first of the devices or groups of devices to modify the consequence value for a second of the devices or groups of devices based on a process control connection between the first and second devices or groups of devices.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The apparatus of claim 9, wherein the different categories of potential effects comprise:
    - a category associated with impacts to health or safety of individuals or to an environment associated with the control and automation system;
      
      a category associated with a production process performed or managed by the control and automation system; and
      
      a category associated with an organization operating the control and automation system.
  - 11. The apparatus of claim 10, wherein each impact value comprises an identification of one of:
    - no impact, a minor impact, a moderate impact, a high impact, and a critical impact.
  - 12. The apparatus of claim 9, wherein, to identify the consequence value for one device or group of devices, the at least one processing device is configured to:
    - assign a numerical value to each of the impact values obtained for the device or group of devices; and
      
      identify a largest of the numerical values associated with the device or group of devices.
  - 13. The apparatus of claim 9, wherein the at least one processing device is further configured to:
    - generate a graphical user interface identifying details of at least one of the one or more cyber-security risks, the details identifying at least one of the potential effects associated with at least one of the devices or groups of devices.
  - 14. The apparatus of claim 9, wherein, to obtain the impact values, the at least one processing device is configured to:
    - present a graphical user interface comprising a list of the devices or groups of devices and inputs for each device or group of devices, the inputs configured to receive the impact values in the different categories.

15. An apparatus comprising:
- at least one processing device configured to;
  
  identify multiple devices or groups of devices in an industrial process control and automation system; and
  
  for each device or group of devices;
  
  obtain impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks, wherein multiple impact values associated with different categories of potential effects are obtained;
  
  identify a consequence value using the impact values, the consequence value identifying an overall effect of the failure or compromise of the device or group of devices; and
  
  calculate one or more risk scores associated with the device or group of devices, each risk score associated with at least one of the one or more cyber-security risks and calculated using the consequence value for the device or group of devices.

16. A non-transitory computer readable medium embodying computer readable program code that when executed causes at least one processing device to:
- identify multiple devices or groups of devices in an industrial process control and automation system; and
  
  for each device or group of devices;
  
  obtain impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks, wherein multiple impact values associated with different categories of potential effects are obtained;
  
  identify a consequence value using the impact values, the consequence value identifying an overall effect of the failure or compromise of the device or group of devices; and
  
  calculate one or more risk scores associated with the device or group of devices, each risk score associated with at least one of the one or more cyber-security risks and calculated using the consequence value for the device or group of devices.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable medium of claim 16, wherein the different categories of potential effects comprise:
    - a category associated with impacts to health or safety of individuals or to an environment associated with the control and automation system;
      
      a category associated with a production process performed or managed by the control and automation system; and
      
      a category associated with an organization operating the control and automation system.
  - 18. The non-transitory computer readable medium of claim 16, wherein the computer readable program code that when executed causes the at least one processing device to identify the consequence value for one device or group of devices comprises computer readable program code that when executed causes the at least one processing device to:
    - assign a numerical value to each of the impact values obtained for the device or group of devices; and
      
      identify a largest of the numerical values associated with the device or group of devices.
  - 19. The non-transitory computer readable medium of claim 16, wherein the computer program further comprises computer readable program code that when executed causes the at least one processing device to:
    - generate a graphical user interface identifying details of at least one of the one or more cyber-security risks, the details identifying at least one of the potential effects associated with at least one of the devices or groups of devices.
  - 20. The non-transitory computer readable medium of claim 16, wherein the computer readable program code that when executed causes the at least one processing device to obtaining the impact values comprises computer readable program code that when executed causes the at least one processing device to:
    - present a graphical user interface comprising a list of the devices or groups of devices and inputs for each device or group of devices, the inputs configured to receive the impact values in the different categories.

21. A non-transitory computer readable medium embodying computer readable program code that when executed causes at least one processing device to:
- identify multiple devices or groups of devices in an industrial process control and automation system;
  
  for each device or group of devices;
  
  obtain impact values identifying potential effects of a failure or compromise of the device or group of devices due to one or more cyber-security risks, wherein multiple impact values associated with different categories of potential effects are obtained; and
  
  identify a consequence value using the impact values, the consequence value identifying an overall effect of the failure or compromise of the device or group of devices; and
  
  use the consequence value for a first of the devices or groups of devices to modify the consequence value for a second of the devices or groups of devices based on a process control connection between the first and second devices or groups of devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Knapp, Eric D., Koelemij, Sinclair
Primary Examiner(s)
Song, Hosuk

Application Number

US14/705,379
Publication Number

US 20160330228A1
Time in Patent Office

902 Days
Field of Search

726 11, 726 14, 726 22- 26, 713150, 709223-225
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 3/04817   using icons graphical or vi...

G06F 3/04842   Selection of displayed obje...

H04L 63/1433   Vulnerability analysis

Apparatus and method for assigning cyber-security risk consequences in industrial process control environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

129 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for assigning cyber-security risk consequences in industrial process control environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links