Active response security system for industrial control infrastructure

US 9,904,785 B2
Filed: 06/02/2015
Issued: 02/27/2018
Est. Priority Date: 06/02/2015
Status: Active Grant

First Claim

Patent Images

1. A security controller for an industrial control system, the security controller comprising:

(a) a network port for communicating with control elements of the industrial control system;

(b) at least one processor communicating with the network port; and

(c) an electronic memory system accessible by the processor and holding a security program executing on the processor to;

(i) receive from a given control element of the control elements of the industrial control system a security thumbprint providing an encrypted compressed representation of a current state of the given control element;

(ii) analyze the security thumbprint against a stored benchmark thumbprint representing a security thumbprint of the given control element when the given control element is properly operating;

(iii) when the security thumbprint does not match the stored benchmark thumbprint, assess the mismatch to produce a severity assessment having a multi-value range; and

(iv) implement a security response action selected from among multiple security response actions to respond to the mismatch based on the severity assessment,wherein the security thumbprint is compressed from a control program of the given control element, a certification code embedded in the given control element, and wire connection states of the given control element, wherein the control program is configured to control an industrial process or machine, and the wire connection states indicate conductors connected to the given control element that are in communication with the industrial process or machine, andwherein the security thumbprint includes a digital signature allowing the security controller to detect tampering.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An industrial controller resistant to malicious attacks may provide a graduated response employing the elements of the control system to reduce access to the control system, log data, and announce intrusion based on a dynamically evolving assessment of the severity of any detected security issues.

Citations

20 Claims

1. A security controller for an industrial control system, the security controller comprising:
- (a) a network port for communicating with control elements of the industrial control system;
  
  (b) at least one processor communicating with the network port; and
  
  (c) an electronic memory system accessible by the processor and holding a security program executing on the processor to;
  
  (i) receive from a given control element of the control elements of the industrial control system a security thumbprint providing an encrypted compressed representation of a current state of the given control element;
  
  (ii) analyze the security thumbprint against a stored benchmark thumbprint representing a security thumbprint of the given control element when the given control element is properly operating;
  
  (iii) when the security thumbprint does not match the stored benchmark thumbprint, assess the mismatch to produce a severity assessment having a multi-value range; and
  
  (iv) implement a security response action selected from among multiple security response actions to respond to the mismatch based on the severity assessment,wherein the security thumbprint is compressed from a control program of the given control element, a certification code embedded in the given control element, and wire connection states of the given control element, wherein the control program is configured to control an industrial process or machine, and the wire connection states indicate conductors connected to the given control element that are in communication with the industrial process or machine, andwherein the security thumbprint includes a digital signature allowing the security controller to detect tampering.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The security controller of claim 1 wherein the control elements of the industrial control system hold operating software describing operation of a control device executable by the processor, configuration data defining a configuration of the control device, and environmental data defining an operating environment of the control device, wherein the operating software, configuration data, and environmental data together define a control device state and wherein the security thumbprint is a compressed representation of at least a portion of the control state.
  - 3. The security controller of claim 2 wherein the electronic memory includes multiple memory subsystems selected from the group consisting of volatile memory, nonvolatile memory, and register values.
  - 4. The security controller of claim 1 wherein the security thumbprint provides separate fields that are each independently subject to compression and wherein the security thumbprint is analyzed on a field-by-field basis to pinpoint a field in which the mismatch occurs and wherein the severity assessment is determined according to the pinpointing of one or more fields in which the mismatch occurs.
  - 5. The security controller of claim 1 wherein the security program further executes a security response to request additional information from the given control element to isolate a cause of the mismatch.
  - 6. The security controller of claim 5 wherein the additional information is a new security thumbprint providing separate compressed representations of different sub-portions of a portion of the current state of the given control element.
  - 7. The security controller of claim 6 wherein the additional information is state data of a sub-portion without compression.
  - 8. The security controller of claim 1 wherein the assessment of the mismatch links the mismatch with a predetermined weight value, and wherein the severity assessment is a function of the weight value of the given control element and at least one weight value of another control element also experiencing a mismatch.
  - 9. The security controller of claim 1 wherein the security response action provides electronic communication with individuals in a hierarchical list as a function of the severity assessment.
  - 10. The security controller of claim 9 wherein the security program receives electronic communication from individuals in the hierarchical list and wherein the severity assessment is modified over time depending on whether such a communication is received in response to a security response action communicating with given individuals in the list.
  - 11. The security controller of claim 10 wherein the security program provides an authentication protocol for establishing authenticity of the individuals from whom communication is received.
  - 12. The security controller of claim 1 wherein steps (i)-(iii) are repeated and wherein the severity assessment is also a function of a persistence of the mismatch over time.
  - 13. The security controller of claim 1 wherein the security response action includes providing outputs to the industrial control system to limit access by individuals to the industrial control system by locking access gates controlled by control devices of the control elements, disabling software updating, or controlling area lighting of the industrial control system.
  - 14. The security controller of claim 13 wherein the security response action instructs the control devices to provide local alarms using human machine interface elements of each control device, the human machine interface elements being selected from the group consisting of lighted beacons, panel lights, and sound generating equipment.
  - 15. The security controller of claim 13 wherein the access control devices are selected from the group consisting of:
    - light curtains, pressure mats, and locking gates.
  - 16. The security controller of claim 1 wherein the security response action includes instructing control elements to begin security data logging of sensor data from sensors used in the industrial control system.
  - 17. The security controller of claim 1 wherein the security program implements a system mode value indicating an operating mode of the industrial control system including states of configuration, maintenance, and runtime and wherein the severity assessment is reduced for mismatches that relate to the states of configuration and maintenance with respect to runtime.
  - 18. The security controller of claim 17 wherein the security program includes a calendar of maintenance of the industrial control system identifying control devices and maintenance times and wherein the severity assessment is modified for mismatches that relate to scheduled maintenance of the given control device according to the calendar.
  - 19. The security controller of claim 1 further comprising the security program executing to receive the security thumbprint from the given control element on a periodic basis in response to polling, wherein the polling requires verification of an authentication certificate.
  - 20. The security controller of claim 1 wherein the certification code is encrypted, wherein the security thumbprint includes a timestamp, and wherein the digital signature comprises the timestamp and a sequence value synchronously developed at the security controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Inventors
Chand, Sujeet, Vasko, David A., Boppre, Timothy Patrick, Snyder, David A., Nicoll, Alex Laurence, McMullen, Brian J., Seger, Daniel B., Dart, John B.
Primary Examiner(s)
Davis, Zachary A

Application Number

US14/728,255
Publication Number

US 20160359825A1
Time in Patent Office

1,001 Days
Field of Search
US Class Current
CPC Class Codes

G05B 19/048   Monitoring; Safety

G05B 2219/25205   Encrypt communication

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/64   Protecting data integrity, ...

G06F 2221/033   Test or assess software

G06F 2221/034   Test or assess a computer o...

H04L 63/145   the attack involving the pr...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Y02P 90/80   Management or planning

Active response security system for industrial control infrastructure

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Active response security system for industrial control infrastructure

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links