Method for monitoring security in an automation network, and automation network

US 10,574,671 B2
Filed: 02/13/2015
Issued: 02/25/2020
Est. Priority Date: 02/13/2014
Status: Active Grant

First Claim

Patent Images

1. A method of monitoring security in an industrial automation network having a plurality of data processing devices which are connected to one another for data communication, the method comprising:

preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, said preconfigured at least one data processing device generating messages upon identifying one or more security-relevant events;

receiving generated corresponding messages in the automation network at at least one first software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages to determine whether there is a security-relevant attack on the industrial automation network;

transmitting the corresponding messages in the industrial automation network to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether the corresponding messages were generated by the preconfigured at least one data processing device; and

simulating attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and

issuing a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preconfigured at least one data processing device;

wherein connectors to the preconfigured at least one data processing device are each requested by an issued signal or a command to check whether the preconfigured at least one data processing device generated messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automation network includes a plurality of data processing devices that are connected to one another for data communication. At least one data processing device in a first state, from the plurality of data processing devices, is preconfigured such that it generates corresponding messages upon identifying one or more security-relevant events. The messages are transmitted to at least one first software tool configured to record and evaluate the messages to determine whether there is a security-relevant attack on the automation network. The messages are transmitted to a second software tool configured to record and evaluate the messages and to determine whether the corresponding messages are generated by the at least one data processing device.

30 Citations

9 Claims

1. A method of monitoring security in an industrial automation network having a plurality of data processing devices which are connected to one another for data communication, the method comprising:
- preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, said preconfigured at least one data processing device generating messages upon identifying one or more security-relevant events;
  
  receiving generated corresponding messages in the automation network at at least one first software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages to determine whether there is a security-relevant attack on the industrial automation network;
  
  transmitting the corresponding messages in the industrial automation network to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether the corresponding messages were generated by the preconfigured at least one data processing device; and
  
  simulating attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and
  
  issuing a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preconfigured at least one data processing device;
  
  wherein connectors to the preconfigured at least one data processing device are each requested by an issued signal or a command to check whether the preconfigured at least one data processing device generated messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check.
- View Dependent Claims (2, 3, 4, 5, 6, 9)
- - 2. The method as claimed in claim 1, further comprising checking the generated corresponding messages cyclically at predetermined time intervals.
  - 3. The method as claimed in claim 1, further comprising confirming the evaluation by the at least one first software tool and the at least one second software tool by generating manipulated messages that correspond to the messages generated by the at least one data processing device upon identifying a security-relevant event.
  - 4. The method as claimed in claim 1, wherein the at least one first software tool is part of a first tool for a Security Information and Event Management (SIEM) in the industrial automation network, and the at least one second software tool is part of a second tool for the SIEM that is configured in a redundant manner with respect to the first tool for the SIEM in the industrial automation network.
  - 5. The method as claimed in claim 1, further comprising evaluating the generation of messages performed by the at least one first software tool;
    - and verifying the preconfiguration of the preconfigured at least one data processing device at least one of an engineering phase and during operation of the industrial automation network.
  - 6. The method as claimed in claim 1, further comprising indicating, on an output of a service device, a warning signal that indicates a maintenance measure is possibly required.
  - 9. The method as claimed in claim 1, wherein the preconfigured at least one data processing device is at least one of a programmable logic controller, a controller, network components comprising routers, switches or gateways, and field devices comprising actuators or measuring transducers for pressure, temperature or flow rate.

7. An industrial automation network configured to provide security monitoring, the network comprising:
- a plurality of data processing devices connected to one another in the industrial automation network and configured to provide data communication; and
  
  at least one data processing device preconfigured in a first state to generate messages upon determining one or more security-relevant events, wherein the industrial automation network is configured to;
  
  receive generated corresponding messages at least one software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether there is a security-relevant attack on the industrial automation network,the corresponding messages being additionally transmitted to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record, evaluate the corresponding messages, and to check whether the corresponding messages were generated by the preconfigured at least one data processing device, upon identifying a security-relevant event;
  
  simulate attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and
  
  issue a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preprocessed at least one data processing device;
  
  wherein connectors to the plurality of data processing devices are each requested by an issued signal or a command to check whether at least one data processing device of the plurality of data processing devices generated corresponding messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check.

8. A non-transitory computer-readable medium encoded with a program having program code instructions which, when executed on a computer having a processor and memory, causes security monitoring in an industrial automation network having a plurality of data processing devices which are connected to one another for data communication, the program comprising:
- program code instructions for preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, said preconfigured at least one data processing device generating messages upon identifying one or more security-relevant events;
  
  program code instructions for receiving generated corresponding messages in the automation network at at least one first software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages to determine whether there is a security-relevant attack on the industrial automation network;
  
  program code instructions for transmitting the corresponding messages in the industrial automation network to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether the corresponding messages were generated by the preconfigured at least one data processing device;
  
  program code instructions for simulating attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and
  
  program code instructions for issuing a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preconfigured at least one data processing device;
  
  wherein connectors to the preconfigured at least one data processing device are each requested by an issued signal or a command to check whether the preconfigured at least one data processing device generated messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Palmin, Anna
Primary Examiner(s)
King, John B
Assistant Examiner(s)
Dhruv, Darshan I

Application Number

US14/622,005
Publication Number

US 20150229660A1
Time in Patent Office

1,838 Days
Field of Search
US Class Current
CPC Class Codes

G05B 19/0428   Safety, monitoring G05B19/0...

G05B 2219/24065   Real time diagnostics

G05B 2219/24182   Redundancy

G05B 9/03   with multiple-channel loop,...

H04L 45/70   Routing based on monitoring...

H04L 63/1416   Event detection, e.g. attac...

H04L 67/10   in which an application is ...

Method for monitoring security in an automation network, and automation network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Method for monitoring security in an automation network, and automation network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links