Active response security system for industrial control infrastructure
First Claim
Patent Images
1. A security controller for an industrial control system, the security controller comprising:
- (a) a network port for communicating with control elements of the industrial control system;
(b) at least one processor communicating with the network port; and
(c) an electronic memory system accessible by the processor and holding a security program executing on the processor to;
(i) receive from a given control element of the control elements of the industrial control system a security thumbprint providing an encrypted compressed representation of a current state of the given control element;
(ii) analyze the security thumbprint against a stored benchmark thumbprint representing a security thumbprint of the given control element when the given control element is properly operating;
(iii) when the security thumbprint does not match the stored benchmark thumbprint, assess the mismatch to produce a severity assessment having a multi-value range; and
(iv) implement a security response action selected from among multiple security response actions to respond to the mismatch based on the severity assessment,wherein the security thumbprint is compressed from a control program of the given control element, a certification code embedded in the given control element, and wire connection states of the given control element, wherein the control program is configured to control an industrial process or machine, and the wire connection states indicate conductors connected to the given control element that are in communication with the industrial process or machine, andwherein the security thumbprint includes a digital signature allowing the security controller to detect tampering.
1 Assignment
0 Petitions
Accused Products
Abstract
An industrial controller resistant to malicious attacks may provide a graduated response employing the elements of the control system to reduce access to the control system, log data, and announce intrusion based on a dynamically evolving assessment of the severity of any detected security issues.
-
Citations
20 Claims
-
1. A security controller for an industrial control system, the security controller comprising:
-
(a) a network port for communicating with control elements of the industrial control system; (b) at least one processor communicating with the network port; and (c) an electronic memory system accessible by the processor and holding a security program executing on the processor to; (i) receive from a given control element of the control elements of the industrial control system a security thumbprint providing an encrypted compressed representation of a current state of the given control element; (ii) analyze the security thumbprint against a stored benchmark thumbprint representing a security thumbprint of the given control element when the given control element is properly operating; (iii) when the security thumbprint does not match the stored benchmark thumbprint, assess the mismatch to produce a severity assessment having a multi-value range; and (iv) implement a security response action selected from among multiple security response actions to respond to the mismatch based on the severity assessment, wherein the security thumbprint is compressed from a control program of the given control element, a certification code embedded in the given control element, and wire connection states of the given control element, wherein the control program is configured to control an industrial process or machine, and the wire connection states indicate conductors connected to the given control element that are in communication with the industrial process or machine, and wherein the security thumbprint includes a digital signature allowing the security controller to detect tampering. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification