Method for monitoring security in an automation network, and automation network
First Claim
1. A method of monitoring security in an industrial automation network having a plurality of data processing devices which are connected to one another for data communication, the method comprising:
- preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, said preconfigured at least one data processing device generating messages upon identifying one or more security-relevant events;
receiving generated corresponding messages in the automation network at at least one first software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages to determine whether there is a security-relevant attack on the industrial automation network;
transmitting the corresponding messages in the industrial automation network to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether the corresponding messages were generated by the preconfigured at least one data processing device; and
simulating attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and
issuing a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preconfigured at least one data processing device;
wherein connectors to the preconfigured at least one data processing device are each requested by an issued signal or a command to check whether the preconfigured at least one data processing device generated messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check.
1 Assignment
0 Petitions
Accused Products
Abstract
An automation network includes a plurality of data processing devices that are connected to one another for data communication. At least one data processing device in a first state, from the plurality of data processing devices, is preconfigured such that it generates corresponding messages upon identifying one or more security-relevant events. The messages are transmitted to at least one first software tool configured to record and evaluate the messages to determine whether there is a security-relevant attack on the automation network. The messages are transmitted to a second software tool configured to record and evaluate the messages and to determine whether the corresponding messages are generated by the at least one data processing device.
30 Citations
9 Claims
-
1. A method of monitoring security in an industrial automation network having a plurality of data processing devices which are connected to one another for data communication, the method comprising:
-
preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, said preconfigured at least one data processing device generating messages upon identifying one or more security-relevant events; receiving generated corresponding messages in the automation network at at least one first software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages to determine whether there is a security-relevant attack on the industrial automation network; transmitting the corresponding messages in the industrial automation network to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether the corresponding messages were generated by the preconfigured at least one data processing device; and simulating attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and issuing a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preconfigured at least one data processing device; wherein connectors to the preconfigured at least one data processing device are each requested by an issued signal or a command to check whether the preconfigured at least one data processing device generated messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check. - View Dependent Claims (2, 3, 4, 5, 6, 9)
-
-
7. An industrial automation network configured to provide security monitoring, the network comprising:
-
a plurality of data processing devices connected to one another in the industrial automation network and configured to provide data communication; and at least one data processing device preconfigured in a first state to generate messages upon determining one or more security-relevant events, wherein the industrial automation network is configured to; receive generated corresponding messages at least one software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether there is a security-relevant attack on the industrial automation network, the corresponding messages being additionally transmitted to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record, evaluate the corresponding messages, and to check whether the corresponding messages were generated by the preconfigured at least one data processing device, upon identifying a security-relevant event; simulate attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and issue a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preprocessed at least one data processing device; wherein connectors to the plurality of data processing devices are each requested by an issued signal or a command to check whether at least one data processing device of the plurality of data processing devices generated corresponding messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check.
-
-
8. A non-transitory computer-readable medium encoded with a program having program code instructions which, when executed on a computer having a processor and memory, causes security monitoring in an industrial automation network having a plurality of data processing devices which are connected to one another for data communication, the program comprising:
-
program code instructions for preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, said preconfigured at least one data processing device generating messages upon identifying one or more security-relevant events; program code instructions for receiving generated corresponding messages in the automation network at at least one first software tool within a first security station, said at least one first software tool including a first reliability and trustability verifier module and being configured to record and evaluate the corresponding messages to determine whether there is a security-relevant attack on the industrial automation network; program code instructions for transmitting the corresponding messages in the industrial automation network to at least one second software tool within a second security station, said at least one second software tool including a second reliability and trustability verifier module and being configured to record and evaluate the corresponding messages and to determine whether the corresponding messages were generated by the preconfigured at least one data processing device; program code instructions for simulating attack scenarios by the second software tool by generating messages corresponding to a respective scenario by the preconfigured at least one data processing device in the first state, said messages corresponding to the respective scenario generated by said simulation being excluded from said evaluation in the first reliability and trustability verifier module; and program code instructions for issuing a warning signal on a service device to indicate required maintenance measures when the corresponding messages were not generated by the preconfigured at least one data processing device; wherein connectors to the preconfigured at least one data processing device are each requested by an issued signal or a command to check whether the preconfigured at least one data processing device generated messages which correspond to the one or more security-relevant events belonging to respective standard scopes of each of the plurality of data processing devices, the connectors sending a reply signal to the second reliability and trustability verifier module in response to the issued signal or command to report a respective result of the check.
-
Specification