Method for Monitoring Security in an Automation Network, and Automation Network

US 20150229660A1
Filed: 02/13/2015
Published: 08/13/2015
Est. Priority Date: 02/13/2014
Status: Active Grant

First Claim

Patent Images

1. A method of monitoring security in an automation network having a plurality of data processing devices that are connected to one another for data communication, the method comprising:

preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, such that it generates corresponding messages upon identifying one or more security-relevant events;

transmitting the messages in the automation network to at least one first software tool configured to record and evaluate the messages to determine whether there is a security-relevant attack on the automation network; and

transmitting the messages in the automation network to a second software tool configured to record and evaluate the messages and to determine whether the corresponding messages are generated by the at least one data processing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automation network includes a plurality of data processing devices that are connected to one another for data communication. At least one data processing device in a first state, from the plurality of data processing devices, is preconfigured such that it generates corresponding messages upon identifying one or more security-relevant events. The messages are transmitted to at least one first software tool configured to record and evaluate the messages to determine whether there is a security-relevant attack on the automation network. The messages are transmitted to a second software tool configured to record and evaluate the messages and to determine whether the corresponding messages are generated by the at least one data processing device.

29 Citations

View as Search Results

9 Claims

1. A method of monitoring security in an automation network having a plurality of data processing devices that are connected to one another for data communication, the method comprising:
- preconfiguring at least one data processing device in a first state, from the plurality of data processing devices, such that it generates corresponding messages upon identifying one or more security-relevant events;
  
  transmitting the messages in the automation network to at least one first software tool configured to record and evaluate the messages to determine whether there is a security-relevant attack on the automation network; and
  
  transmitting the messages in the automation network to a second software tool configured to record and evaluate the messages and to determine whether the corresponding messages are generated by the at least one data processing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9)
- - 2. The method as claimed in claim 1, further comprising checking the generated messages cyclically at predetermined time intervals.
  - 3. The method as claimed in claim 1, further comprising simulating attack scenarios by the second software tool by generating messages corresponding to the respective scenario by the at least one data processing device in the first state.
  - 4. The method as claimed in claim 1, further comprising confirming the evaluation of the at least one software tool and the second software tool by generating manipulated messages that correspond to the messages generated by the at least one data processing device upon identifying a security-relevant event.
  - 5. The method as claimed in claim 1, wherein:
    - the first software tool is part of a first tool for a Security Information and Event Management (SIEM) in the automation network, andthe second software tool is part of a second tool for the SIEM that is configured in a redundant manner with respect to the first tool for the SIEM in the automation network.
  - 6. The method as claimed in claim 1, further comprising:
    - evaluating the generation of messages performed by the first software tool; and
      
      verifying the preconfiguration of the at least one data processing device at least one of an engineering phase and during operation of the automation network.
  - 7. The method as claimed in claim 1, further comprising indicating, on an output of a service device, a warning signal that indicates a maintenance measure is possibly required.
  - 9. A computer comprising a program having program code instructions that, when executed on the computer, cause the computer to implement the method of claim 1.

8. An automation network configured to provide security monitoring, the network comprising:
- a plurality of data processing devices connected to one another in the automation network and configured to provide data communication; and
  
  at least one data processing device preconfigured in a first state such that it generates corresponding messages upon determining one or more security-relevant events, wherein the automation network is configured such that;
  
  the messages are transmitted to at least one software tool that is configured to record and evaluate the messages and to determine whether there is a security-relevant attack on the automation network, andthe messages are additionally transmitted to a second software tool that that is configured to record, evaluate the messages, and to check whether the corresponding messages are generated by the at least one data processing device, upon identifying a security-relevant event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Palmin, Anna

Granted Patent

US 10,574,671 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G05B 19/0428   Safety, monitoring G05B19/0...

G05B 2219/24065   Real time diagnostics

G05B 2219/24182   Redundancy

G05B 9/03   with multiple-channel loop,...

H04L 45/70   Routing based on monitoring...

H04L 63/1416   Event detection, e.g. attac...

H04L 67/10   in which an application is ...

Method for Monitoring Security in an Automation Network, and Automation Network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Method for Monitoring Security in an Automation Network, and Automation Network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links