Security system for industrial control infrastructure

US 9,817,391 B2
Filed: 06/02/2015
Issued: 11/14/2017
Est. Priority Date: 06/02/2015
Status: Active Grant

First Claim

Patent Images

1. An industrial control device for use in an industrial control system providing coordinated control of multiple industrial control devices according to a control program, the industrial control device comprising:

a network port for communicating with other elements of the industrial control system;

electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process;

at least one processor communicating with the network port and electrical connectors; and

an electronic memory system accessible by the processor and holding data sources comprising;

operating software describing operation of the control device and executable by the processor, configuration data defining a configuration of the control device, and environmental data describing an operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device, wherein the operating software, configuration data, and environmental data together form a data set operable to define a control device state;

wherein the operating software is executable by the processor to;

(a) read at least a portion of the control device state to generate a state thumbprint of the control device state using a lossy compression system;

(b) encrypt the state thumbprint;

(c) transmit the encrypted state thumbprint over the network port to the industrial control system, wherein the encrypted state thumbprint is used to detect tampering with the industrial control system; and

(d) perform a mitigation action in response to a detected tampering with the industrial control system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An industrial control system providing security against tampering or modification generates periodic state thumbprints defining a state of control elements that may be forwarded to a security or safety appliance for comparison to a benchmark thumbprint indicating no tampering. The transmitted state thumbprint may capture not only programs but also configuration and environmental states of the control element.

32 Citations

View as Search Results

19 Claims

1. An industrial control device for use in an industrial control system providing coordinated control of multiple industrial control devices according to a control program, the industrial control device comprising:
- a network port for communicating with other elements of the industrial control system;
  
  electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process;
  
  at least one processor communicating with the network port and electrical connectors; and
  
  an electronic memory system accessible by the processor and holding data sources comprising;
  
  operating software describing operation of the control device and executable by the processor, configuration data defining a configuration of the control device, and environmental data describing an operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device, wherein the operating software, configuration data, and environmental data together form a data set operable to define a control device state;
  
  wherein the operating software is executable by the processor to;
  
  (a) read at least a portion of the control device state to generate a state thumbprint of the control device state using a lossy compression system;
  
  (b) encrypt the state thumbprint;
  
  (c) transmit the encrypted state thumbprint over the network port to the industrial control system, wherein the encrypted state thumbprint is used to detect tampering with the industrial control system; and
  
  (d) perform a mitigation action in response to a detected tampering with the industrial control system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The industrial control device of claim 1 wherein the operating software is further executable by the processor to append at least one of a timestamp and sequence number to the state thumbprint, the timestamp and sequence number indicating, respectively, a time of transmission of the state thumbprint and a sequence of transmission of the state thumbprint over the network port.
  - 3. The industrial control device of claim 1 wherein the state thumbprint provides a compressed representation of the operating software adapted to reveal modification of the operating software when compared with a benchmark state thumbprint.
  - 4. The industrial control device of claim 3 wherein the operating software includes a revision number.
  - 5. The industrial control device of claim 3 wherein the operating software includes a control program and at least one of a security and safety monitoring program.
  - 6. The industrial control device of claim 1 wherein the state thumbprint provides a compressed representation of the configuration data of the control device.
  - 7. The industrial control device of claim 1 wherein the configuration data is selected from the group consisting of a serial number of the control device, a functional type of the control device, a manufacturer of the control device and a date of manufacture of a control device.
  - 8. The industrial control device of claim 6 wherein the state thumbprint provides a compressed representation of the configuration data including an encrypted certification code indicating authenticity of hardware of the control device.
  - 9. The industrial control device of claim 6 wherein the state thumbprint provides a compressed representation of configuration data representing an output of a diagnostic program being part of the operating program.
  - 10. The industrial control device of claim 1 wherein the state thumbprint provides a compressed representation of the environmental data and wherein the environmental data is data selected from the group consisting of the spatial location of the control device and the temperature of the control device.
  - 11. The industrial control device of claim 1 wherein the generation of the state thumbprint reads multiple portions of the control device state and independently compresses those portions using the lossy compression system and concatenates the independently compressed portions to produce the state thumbprint.
  - 12. The industrial control device of claim 11 wherein the operating software responds to instructions received over the network port to change at least one of a number of the multiple portions and particular portions of the control device state contained in the multiple portions according to those instructions.
  - 13. The industrial control device of claim 1 wherein the operating software responds to instructions received over the network port to transmit the state thumbprint.
  - 14. The industrial control device of claim 1 wherein the operating software provides program instructions for operating the control device as at least one of an I/O module providing an interface for communication with two state electrical actuators using a digital signal, an I/O module providing an interface for communications with multi-state actuators and sensors using an analog signal;
    - and a motor drive for synthesizing voltage waveforms for controlling a motor.
  - 15. The industrial control device of claim 1 wherein the electronic memory includes multiple memory subsystem selected from the group consisting of:
    - volatile memory, nonvolatile memory, input output registers, and program memory.

16. An industrial control system comprising:
- I. multiple intercommunicating control devices each providing;
  
  (a) a network port for communicating with other control devices of the industrial control system;
  
  (b) electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process;
  
  (c) at least one processor communicating with the network port and electrical connectors; and
  
  (d) an electronic memory system accessible by the processor and holding data sources comprising;
  
  operating software describing operation of the control device, configuration data defining a configuration of the control device, and environmental data defining an operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device, wherein the operating software, configuration data, and environmental data together forming a data set defining a control device state;
  
  wherein the operating software is executable by the processor to;
  
  (i) read at least a portion of the control device state to generate a state thumbprint of the control device state using a lossy compression system;
  
  (ii) encrypt the state thumbprint; and
  
  (iii) transmit the state thumbprint over the network port;
  
  II. a state monitor providing;
  
  (a) a network port for communicating with control devices;
  
  (b) at least one processor communicating with the network port;
  
  (c) an electronic memory system accessible by the processor and holding;
  
  a state-monitoring program and at least one benchmark state thumbprint representing a state thumbprint of a properly operating control device identified to a control device;
  
  wherein the state-monitoring program is executable by the processor to;
  
  (i) receive a state thumbprint from a given control device through the network port and decrypt the state thumbprint;
  
  (ii) identify a benchmark state thumbprint corresponding to the given control device;
  
  (iii) compare the received state thumbprint to the corresponding benchmark state thumbprint;
  
  (iv) provide an output indicating whether the received state thumbprint matches the corresponding benchmark state thumbprint, wherein the output is used to detect tampering with the industrial control system; and
  
  (v) perform a mitigation action in response to a detected tampering with the industrial control system.
- View Dependent Claims (17, 18)
- - 17. The industrial control system of claim 16 wherein the state-monitoring program further outputs an indication when a state thumbprint is not received within a predetermined time period.
  - 18. The industrial control system of claim 16 wherein the state-monitoring program transmits over the network port to a control device'"'"'s request for state thumbprints at periodic request times and wherein the time period is based on a last periodic request time.

19. A method of establishing an integrity of an industrial control system including multiple control devices and at least one integrity monitoring device comprising the steps of:
- at each given control device;
  
  (a) read at least a portion of a control device state to generate a state thumbprint of the control device state using a lossy compression system, wherein the control device state is defined by a data set comprising a plurality of data sources including;
  
  operating software describing operation of the control device and executable by a processor;
  
  configuration data defining a configuration of the control device, and environmental data defining operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device;
  
  (b) encrypt the state thumbprint; and
  
  (c) transmit the encrypted state thumbprint over a network port to the industrial control system; and
  
  at the integrity monitoring device;
  
  (a) receive encrypted state thumbprints from each given control device and decrypt the state thumbprints;
  
  (b) for each given control device, identify a benchmark state thumbprint stored at the integrity monitoring device and associated with the given control device;
  
  (c) compare the received state thumbprints to the corresponding benchmark state thumbprints;
  
  (d) provide an output indicating whether the received state thumbprints match the corresponding benchmark state thumbprints, wherein the output is used to detect tampering with the industrial control system; and
  
  (e) perform a mitigation action in response to a detected tampering with the industrial control system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Chand, Sujeet, Vasko, David A., Boppre, Timothy Patrick, Snyder, David A., Nicoll, Alex Laurence, McMullen, Brian J., Seger, Daniel B., Dart, John B., Roback, Timothy F., Kucharski, Paul G., Colloton, Kevin
Primary Examiner(s)
Pan, Yuhui R

Application Number

US14/728,164
Publication Number

US 20160357176A1
Time in Patent Office

896 Days
Field of Search
US Class Current
CPC Class Codes

G05B 19/0428   Safety, monitoring G05B19/0...

G05B 19/4185   characterised by the networ...

G05B 2219/23464   Use signatures to know modu...

G05B 2219/33136   Com: communication, inter p...

G05B 2219/36542   Cryptography, encrypt, acce...

G06F 21/57   Certifying or maintaining t...

H04L 63/0428   wherein the data content is...

H04L 9/3263   involving certificates, e.g...

Security system for industrial control infrastructure

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Security system for industrial control infrastructure

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links