Industrial security agent platform
First Claim
1. A system comprising:
- an industrial control network;
two or more controller devices, each controller device operable to control one or more operational devices connected to the industrial control network;
two or more emulators, each emulator configured to communicate with a respective controller device, and each emulator configured to reference a respective profile that includes information about security capabilities of the respective controller device; and
an encryption relay processor operable to implement each emulator and to facilitate communication to and from each emulator over the industrial control network, the encryption relay processor configured to;
(i) execute a cryptographic function for a first communication between a first emulator and a first node on the industrial control network for a first controller device that is incapable of performing the cryptographic function; and
(ii) not execute a cryptographic function for a second communication between a second emulator and a second node on the industrial control network for a second controller device that is capable of performing the cryptographic function.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.
-
Citations
20 Claims
-
1. A system comprising:
-
an industrial control network; two or more controller devices, each controller device operable to control one or more operational devices connected to the industrial control network; two or more emulators, each emulator configured to communicate with a respective controller device, and each emulator configured to reference a respective profile that includes information about security capabilities of the respective controller device; and an encryption relay processor operable to implement each emulator and to facilitate communication to and from each emulator over the industrial control network, the encryption relay processor configured to; (i) execute a cryptographic function for a first communication between a first emulator and a first node on the industrial control network for a first controller device that is incapable of performing the cryptographic function; and (ii) not execute a cryptographic function for a second communication between a second emulator and a second node on the industrial control network for a second controller device that is capable of performing the cryptographic function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for facilitating communication in an industrial control network, the method being executed by one or more processors and comprising:
-
receiving, from a site security server, an encrypted first query for a first controller device; after determining that the first controller device is incapable of performing a cryptographic operation, decrypting the first query for the first controller device and providing the decrypted first query to the first controller device; in response to receiving an unencrypted first query response from the first controller device, encrypting the first query response and providing the encrypted first query response to the site security server; receiving, from the site security server, an encrypted second query for a second controller device; after determining that the second controller device is capable of performing a cryptographic operation, providing the received encrypted second query to the second controller device; and in response to receiving an encrypted second query response from the second controller device, providing the encrypted second query response to the site security server. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for facilitating communication in an industrial control network, the operations comprising:
-
receiving, from a site security server, an encrypted first query for a first controller device; after determining that the first controller device is incapable of performing a cryptographic operation, decrypting the first query for the first controller device and providing the decrypted first query to the first controller device; in response to receiving an unencrypted first query response from the first controller device, encrypting the first query response and providing the encrypted query response to the site security server; receiving, from the site security server, an encrypted second query for a second controller device; after determining that the second controller device is capable of performing a cryptographic operation, providing the received encrypted second query to the second controller device; and in response to receiving an encrypted second query response from the second controller device, providing the encrypted second query response to the site security server. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification