Security system for industrial control infrastructure
First Claim
Patent Images
1. An industrial control device for use in an industrial control system providing coordinated control of multiple industrial control devices according to a control program, the industrial control device comprising:
- a network port for communicating with other elements of the industrial control system;
electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process;
at least one processor communicating with the network port and electrical connectors; and
an electronic memory system accessible by the processor and holding data sources comprising;
operating software describing operation of the control device and executable by the processor, configuration data defining a configuration of the control device, and environmental data describing an operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device, wherein the operating software, configuration data, and environmental data together form a data set operable to define a control device state;
wherein the operating software is executable by the processor to;
(a) read at least a portion of the control device state to generate a state thumbprint of the control device state using a lossy compression system;
(b) encrypt the state thumbprint;
(c) transmit the encrypted state thumbprint over the network port to the industrial control system, wherein the encrypted state thumbprint is used to detect tampering with the industrial control system; and
(d) perform a mitigation action in response to a detected tampering with the industrial control system.
1 Assignment
0 Petitions
Accused Products
Abstract
An industrial control system providing security against tampering or modification generates periodic state thumbprints defining a state of control elements that may be forwarded to a security or safety appliance for comparison to a benchmark thumbprint indicating no tampering. The transmitted state thumbprint may capture not only programs but also configuration and environmental states of the control element.
-
Citations
19 Claims
-
1. An industrial control device for use in an industrial control system providing coordinated control of multiple industrial control devices according to a control program, the industrial control device comprising:
-
a network port for communicating with other elements of the industrial control system; electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process; at least one processor communicating with the network port and electrical connectors; and an electronic memory system accessible by the processor and holding data sources comprising;
operating software describing operation of the control device and executable by the processor, configuration data defining a configuration of the control device, and environmental data describing an operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device, wherein the operating software, configuration data, and environmental data together form a data set operable to define a control device state;wherein the operating software is executable by the processor to; (a) read at least a portion of the control device state to generate a state thumbprint of the control device state using a lossy compression system; (b) encrypt the state thumbprint; (c) transmit the encrypted state thumbprint over the network port to the industrial control system, wherein the encrypted state thumbprint is used to detect tampering with the industrial control system; and (d) perform a mitigation action in response to a detected tampering with the industrial control system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An industrial control system comprising:
-
I. multiple intercommunicating control devices each providing; (a) a network port for communicating with other control devices of the industrial control system; (b) electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process; (c) at least one processor communicating with the network port and electrical connectors; and (d) an electronic memory system accessible by the processor and holding data sources comprising;
operating software describing operation of the control device, configuration data defining a configuration of the control device, and environmental data defining an operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device, wherein the operating software, configuration data, and environmental data together forming a data set defining a control device state;wherein the operating software is executable by the processor to; (i) read at least a portion of the control device state to generate a state thumbprint of the control device state using a lossy compression system; (ii) encrypt the state thumbprint; and (iii) transmit the state thumbprint over the network port; II. a state monitor providing; (a) a network port for communicating with control devices; (b) at least one processor communicating with the network port; (c) an electronic memory system accessible by the processor and holding;
a state-monitoring program and at least one benchmark state thumbprint representing a state thumbprint of a properly operating control device identified to a control device;wherein the state-monitoring program is executable by the processor to; (i) receive a state thumbprint from a given control device through the network port and decrypt the state thumbprint; (ii) identify a benchmark state thumbprint corresponding to the given control device; (iii) compare the received state thumbprint to the corresponding benchmark state thumbprint; (iv) provide an output indicating whether the received state thumbprint matches the corresponding benchmark state thumbprint, wherein the output is used to detect tampering with the industrial control system; and (v) perform a mitigation action in response to a detected tampering with the industrial control system. - View Dependent Claims (17, 18)
-
-
19. A method of establishing an integrity of an industrial control system including multiple control devices and at least one integrity monitoring device comprising the steps of:
at each given control device; (a) read at least a portion of a control device state to generate a state thumbprint of the control device state using a lossy compression system, wherein the control device state is defined by a data set comprising a plurality of data sources including;
operating software describing operation of the control device and executable by a processor;
configuration data defining a configuration of the control device, and environmental data defining operating environment of the control device, wherein the environmental data includes wire connection states of the electrical connectors, a spatial location of the control device or a temperature of the control device;(b) encrypt the state thumbprint; and (c) transmit the encrypted state thumbprint over a network port to the industrial control system; and at the integrity monitoring device; (a) receive encrypted state thumbprints from each given control device and decrypt the state thumbprints; (b) for each given control device, identify a benchmark state thumbprint stored at the integrity monitoring device and associated with the given control device; (c) compare the received state thumbprints to the corresponding benchmark state thumbprints; (d) provide an output indicating whether the received state thumbprints match the corresponding benchmark state thumbprints, wherein the output is used to detect tampering with the industrial control system; and (e) perform a mitigation action in response to a detected tampering with the industrial control system.
Specification