Systems and methods for secure operation of an industrial controller

US 9,935,933 B2
Filed: 07/19/2016
Issued: 04/03/2018
Est. Priority Date: 04/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method of securing an industrial control system, comprising:

operating the industrial control system in an open mode, wherein communications between two devices of the industrial control system are unencrypted when the industrial control system is in the open mode;

operating the industrial control system in a negotiation mode, wherein each of the two devices acquires a respective security token from a server of the industrial control system and exchanges the respective security token with the other of the two devices when the industrial control system is in the negotiation mode; and

ceasing operating the industrial control system in the open mode or the negotiation mode and instead operating the industrial control system in a secure mode, wherein the communications between the two devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

68 Citations

21 Claims

1. A method of securing an industrial control system, comprising:
- operating the industrial control system in an open mode, wherein communications between two devices of the industrial control system are unencrypted when the industrial control system is in the open mode;
  
  operating the industrial control system in a negotiation mode, wherein each of the two devices acquires a respective security token from a server of the industrial control system and exchanges the respective security token with the other of the two devices when the industrial control system is in the negotiation mode; and
  
  ceasing operating the industrial control system in the open mode or the negotiation mode and instead operating the industrial control system in a secure mode, wherein the communications between the two devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein each of the two devices acquires a respective certificate as the respective security token from a certificate authority (CA) hosted by the server.
  - 3. The method of claim 1, wherein at least one of the two devices is a human machine interface (HMI) system, a manufacturing execution system (MES), a supervisor control and data acquisition (SCADA) system, or a distributed control system (DCS), or a combination thereof.
  - 4. The method of claim 1, wherein at least one of the two devices is a device hosting an industrial control system configuration application.
  - 5. The method of claim 1, wherein at least one of the two devices is an industrial controller.
  - 6. The method of claim 1, wherein at least one of the two devices is a field device configured to perform at least one measurement of the operation of a monitored system.
  - 7. The method of claim 6, wherein the monitored system comprises a gas turbine system, an automated manufacturing system, a petroleum refinery system, a chemical production system, a gasification system, an automated power generation system, a power plant, a steam turbine system, or a wind turbine system, or a combination thereof.

8. A method of securing an industrial control system, comprising:
- transmitting unencrypted data from a processor of a first device of an industrial control system to a processor of a second device of an industrial control system;
  
  requesting, via the processor of the first device, a first security token from a server of the industrial control system;
  
  receiving, at the processor of the first device, the first security token from the server of the industrial control system;
  
  sending, via the processor of the first device, the first security token to the processor of the second device;
  
  receiving, via the processor of the first device, a second security token from the processor of the second device; and
  
  ceasing transmitting unencrypted data and subsequently only transmitting encrypted data from the processor of the first device to the processor of the second device of the industrial control system, wherein the encrypted data is encrypted based on the first and second security tokens.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein the first and second security tokens comprise certificates including at least one key.
  - 10. The method of claim 9, comprising generating the encrypted data based on the at least one key of the first and second security tokens.
  - 11. The method of claim 8, comprising:
    - verifying, via the processor of the first device, an identity of the second device using the second security token.
  - 12. The method of claim 8, wherein the first device comprises a human machine interface (HMI) system and the second device comprises an industrial controller.
  - 13. The method of claim 8, wherein the first device comprises a device hosting an industrial control system configuration application and the second device comprises an industrial controller.
  - 14. The method of claim 8, wherein the first device comprises a field device and the second device comprises an industrial controller.
  - 15. The method of claim 8, wherein transmitting the encrypted data from the processor of the first device to the processor of the second device comprises establishing a secure channel between the first and second devices and using the secure channel to transmit the encrypted data between the first and second devices.

16. A system, comprising:
- an industrial control network comprising a plurality of devices that includes an industrial controller, wherein the plurality of devices is configured to;
  
  receive respective security tokens from a server of the industrial controller;
  
  exchange respective security tokens between the plurality of devices over the industrial control network;
  
  cease exchanging unencrypted data over the industrial control network; and
  
  exchange encrypted data over the industrial control network, wherein the encrypted data is generated based on the respective security tokens.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The system of claim 16, wherein the plurality of devices includes a device hosting an industrial control system configuration application.
  - 18. The system of claim 16, wherein the plurality of devices includes a human machine interface (HMI) system, manufacturing execution system (MES), a supervisor control and data acquisition (SCADA) system, or a distributed control system (DCS), or a combination thereof.
  - 19. The system of claim 16, wherein the server comprises a certificate authority (CA) configured to generate respective certificates for the plurality of devices as the respective security tokens of the plurality of devices.
  - 20. The system of claim 16, wherein each of the plurality of devices is configured to perform mutual authentication using the respective security tokens of other devices of the plurality of devices.
  - 21. The system of claim 16, wherein the plurality of devices is configured to use the respective security tokens to establish at least one secure channel over the industrial control network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GE Infrastructure Technology, LLC (General Electric Company)
Original Assignee
General Electric Company
Inventors
Chong, Justin Brandon, Socky, David Richard, Thakur, Pavan Kumar Singh, Pettigrew, William Robert, Boring, Robert James
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/214,094
Publication Number

US 20160330187A1
Time in Patent Office

623 Days
Field of Search

None
US Class Current
CPC Class Codes

G05B 19/048   Monitoring; Safety

G05B 19/414   Structure of the control sy...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

Y04S 40/20   Information technology spec...

Systems and methods for secure operation of an industrial controller

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure operation of an industrial controller

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links