SG11201804371RA - System and method for detecting a cyber-attack at scada/ics managed plants - Google Patents
System and method for detecting a cyber-attack at scada/ics managed plantsInfo
- Publication number
- SG11201804371RA SG11201804371RA SG11201804371RA SG11201804371RA SG11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA
- Authority
- SG
- Singapore
- Prior art keywords
- attack
- scada
- international
- cyber
- detecting
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0428—Safety, monitoring
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by the network communication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/12—Arrangements for remote connection or disconnection of substations or of equipment thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property -' Organization International Bureau (43) International Publication Date .... ..sr.) 1 June 2017 (01.06.2017) WIPO I PCT (10) WO International Publication Number 111111111111311111111111111111111111111111111111111111111111111111111311111111111111111 2017/090045 Al (51) International Patent Classification: AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, G06F 21/50 (2013.01) H04L 12/12 (2006.01) BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, GO6F 11/00 (2006.01) DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JP, KE, KG, KN, KP, KR, (21) International Application Number: KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, PCT/IL2016/051268 MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, (22) International Filing Date: OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, 25 November 2016 (25.11.2016) SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, (25) Filing Language: English ZW. (26) Publication Language: English (84) Designated States (unless otherwise indicated, for every (30) Priority Data: kind of regional protection available): ARIPO (BW, GH, 242808 26 November 2015 (26.11.2015) IL GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, (71) Applicant: RAFAEL ADVANCED DEFENSE SYS- TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, TEMS LTD. [IL/IL]; P.O.B. 2250, 3102102 Haifa (IL). DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, (72) Inventors: AROV, Michael; 6 Nahal Snir Street, 4050000 LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, S Even Yehuda (IL). OCHMAN, Ronen; 255 Hasaf Street, M, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, 2280500 Kibbutz Saar (IL). COHEN, Moshe; 182 Nesher GW, KM, ML, MR, NE, SN, TD, TG). Street, 2171030 Karmiel (IL). Declarations under Rule 4.17: (74) Agents: CHECHIK, Haim et al.; Luzzatto & Luzzatto, — of inventorship (Rule 4.17(iv)) P.O. Box 5352, 8415202 Beer Sheva (IL). Published: (81) Designated States (unless otherwise indicated, for every with international search report (Art 21(3)) kind AE, AG, AL, AM, of national protection available): (54) Title: SYSTEM AND METHOD FOR DETECTING A CYBER-ATTACK AT SCADA/ICS MANAGED PLANTS (57) : System for detecting a cyber-attack inflicted by an attacker seeking to cause physical damage to, or harm functionality of, a SCADA sys - , tem managed plant, comprising passively connected to the SCADA system. „ . an ' Each of the industrial computerized devices comprises a processor that is 302 o Aro configured with a data validation module to deteimine whether data flow out - putted from a SCADA- connected controller, adapted to command operation ,, „ „„,,,,„„,„,„„ of each electromechanical component of a corresponding controlled subsys - is issuing is : tem of the plant, authentic, and with an alert mechanism that ac- 4 ; tivated following detection that the outputted data flow is indicative of a cy - ber-attack perpetrated with respect to the controller. The at least one dedic - A) ated industrial computerized device is operable to passively monitor in paral - i lel, by the more dedicated industrial device, data one or computerized com- e rp . municated between each of the controllers and the SCADA system including - the outputted data at the nearest points of each of the controllers; seek, by the :Q. 1 - one or more dedicated industrial computerized devices, mismatches between 0 \" e the the if is detected, plant state and physical operation model; a mismatch determine by the dedicated industrial device whether the mis - computerized ,, match is indicative of a cyber-attack perpetrated with respect to one of the t' detecting controllers or an operational malfunction; and upon a cyber- attack, Il .4t activate the alert issuing mechanism to issue a security alert. li n ,12 z [h 3i dcicv d tackvecWxe it I 1 I \" C Fig. 3 0 --..„ IN 1-1 0 N O
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IL242808A IL242808A0 (en) | 2015-11-26 | 2015-11-26 | System and method for detecting a cyber-attack at scada/ics managed plants |
PCT/IL2016/051268 WO2017090045A1 (en) | 2015-11-26 | 2016-11-25 | System and method for detecting a cyber-attack at scada/ics managed plants |
Publications (1)
Publication Number | Publication Date |
---|---|
SG11201804371RA true SG11201804371RA (en) | 2018-06-28 |
Family
ID=56082810
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
SG11201804371RA SG11201804371RA (en) | 2015-11-26 | 2016-11-25 | System and method for detecting a cyber-attack at scada/ics managed plants |
Country Status (4)
Country | Link |
---|---|
US (1) | US11093606B2 (en) |
IL (2) | IL242808A0 (en) |
SG (1) | SG11201804371RA (en) |
WO (1) | WO2017090045A1 (en) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017160913A1 (en) * | 2016-03-15 | 2017-09-21 | Sri International | Intrusion detection via semantic fuzzing and message provenance |
US10417415B2 (en) * | 2016-12-06 | 2019-09-17 | General Electric Company | Automated attack localization and detection |
US10623266B2 (en) * | 2016-12-08 | 2020-04-14 | Honeywell International Inc. | Cross entity association change assessment system |
US10686806B2 (en) * | 2017-08-21 | 2020-06-16 | General Electric Company | Multi-class decision system for categorizing industrial asset attack and fault types |
CN111316177A (en) | 2017-11-15 | 2020-06-19 | Ksb股份有限公司 | Method and apparatus for protecting a pump assembly from network attacks |
JP7006178B2 (en) * | 2017-11-24 | 2022-01-24 | オムロン株式会社 | Security monitoring device |
JP6977507B2 (en) | 2017-11-24 | 2021-12-08 | オムロン株式会社 | Controls and control systems |
US10785237B2 (en) * | 2018-01-19 | 2020-09-22 | General Electric Company | Learning method and system for separating independent and dependent attacks |
US11146579B2 (en) * | 2018-09-21 | 2021-10-12 | General Electric Company | Hybrid feature-driven learning system for abnormality detection and localization |
CN109167796B (en) * | 2018-09-30 | 2020-05-19 | 浙江大学 | Deep packet inspection platform based on industrial SCADA system |
US11171976B2 (en) | 2018-10-03 | 2021-11-09 | Raytheon Technologies Corporation | Cyber monitor segmented processing for control systems |
US11170314B2 (en) * | 2018-10-22 | 2021-11-09 | General Electric Company | Detection and protection against mode switching attacks in cyber-physical systems |
US10896261B2 (en) | 2018-11-29 | 2021-01-19 | Battelle Energy Alliance, Llc | Systems and methods for control system security |
US20220147659A1 (en) * | 2019-02-14 | 2022-05-12 | Nec Corporation | Security assessment apparatus, security assessment method, and non-transitory computer readable medium |
EP3739404A1 (en) * | 2019-05-14 | 2020-11-18 | Siemens Aktiengesellschaft | Method and apparatus for controlling a device and automation and control system |
US11343266B2 (en) | 2019-06-10 | 2022-05-24 | General Electric Company | Self-certified security for assured cyber-physical systems |
US11902318B2 (en) | 2019-10-10 | 2024-02-13 | Alliance For Sustainable Energy, Llc | Network visualization, intrusion detection, and network healing |
US11330007B2 (en) * | 2019-12-23 | 2022-05-10 | International Business Machines Corporation | Graphical temporal graph pattern editor |
WO2021177899A1 (en) * | 2020-03-05 | 2021-09-10 | Singapore University Of Technology And Design | Power system security enhancement |
US11562069B2 (en) | 2020-07-10 | 2023-01-24 | Kyndryl, Inc. | Block-based anomaly detection |
US11790081B2 (en) * | 2021-04-14 | 2023-10-17 | General Electric Company | Systems and methods for controlling an industrial asset in the presence of a cyber-attack |
CN113778054B (en) * | 2021-09-09 | 2022-06-14 | 大连理工大学 | Double-stage detection method for industrial control system attack |
WO2023042191A1 (en) * | 2021-09-14 | 2023-03-23 | Cytwist Ltd. | A top-down cyber security system and method |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7246156B2 (en) * | 2003-06-09 | 2007-07-17 | Industrial Defender, Inc. | Method and computer program product for monitoring an industrial network |
US20060034305A1 (en) * | 2004-08-13 | 2006-02-16 | Honeywell International Inc. | Anomaly-based intrusion detection |
US8601587B1 (en) | 2009-09-04 | 2013-12-03 | Raytheon Company | System, method, and software for cyber threat analysis |
US20110252479A1 (en) * | 2010-04-08 | 2011-10-13 | Yolanta Beresnevichiene | Method for analyzing risk |
US20130132149A1 (en) * | 2010-06-10 | 2013-05-23 | Dong Wei | Method for quantitative resilience estimation of industrial control systems |
CN103502949B (en) * | 2011-05-13 | 2016-01-20 | 国际商业机器公司 | For detecting abnormal abnormality detection system, apparatus and method in multiple control system |
US8949668B2 (en) * | 2011-05-23 | 2015-02-03 | The Boeing Company | Methods and systems for use in identifying abnormal behavior in a control system including independent comparisons to user policies and an event correlation model |
US8981895B2 (en) | 2012-01-09 | 2015-03-17 | General Electric Company | Method and system for intrusion detection in networked control systems |
WO2014109645A1 (en) * | 2013-01-08 | 2014-07-17 | Secure-Nok As | Method, device and computer program for monitoring an industrial control system |
US20140244192A1 (en) * | 2013-02-25 | 2014-08-28 | Inscope Energy, Llc | System and method for providing monitoring of industrial equipment |
US8667589B1 (en) * | 2013-10-27 | 2014-03-04 | Konstantin Saprygin | Protection against unauthorized access to automated system for control of technological processes |
EP3063694B1 (en) * | 2013-11-01 | 2020-01-15 | Cybergym Control Ltd. | Cyber defense |
US20160330225A1 (en) * | 2014-01-13 | 2016-11-10 | Brightsource Industries (Israel) Ltd. | Systems, Methods, and Devices for Detecting Anomalies in an Industrial Control System |
US10108168B2 (en) * | 2014-06-01 | 2018-10-23 | Si-Ga Data Security (2014) Ltd. | Industrial control system smart hardware monitoring |
US9697355B1 (en) * | 2015-06-17 | 2017-07-04 | Mission Secure, Inc. | Cyber security for physical systems |
-
2015
- 2015-11-26 IL IL242808A patent/IL242808A0/en unknown
-
2016
- 2016-11-25 SG SG11201804371RA patent/SG11201804371RA/en unknown
- 2016-11-25 WO PCT/IL2016/051268 patent/WO2017090045A1/en active Application Filing
-
2018
- 2018-05-25 US US15/989,748 patent/US11093606B2/en active Active
- 2018-05-25 IL IL259608A patent/IL259608B/en active IP Right Grant
Also Published As
Publication number | Publication date |
---|---|
IL259608A (en) | 2018-07-31 |
WO2017090045A1 (en) | 2017-06-01 |
US11093606B2 (en) | 2021-08-17 |
US20180276375A1 (en) | 2018-09-27 |
IL259608B (en) | 2020-05-31 |
IL242808A0 (en) | 2016-04-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
SG11201804371RA (en) | System and method for detecting a cyber-attack at scada/ics managed plants | |
SG11201805067PA (en) | Gas leak detection and location determination | |
SG11201807307VA (en) | System and method for aerial system discrimination and action | |
CN104954178B (en) | The method and device of optimization system alarm | |
SG11201808358WA (en) | Method of detecting cyber attacks on a cyber physical system which includes at least one computing device coupled to at least one sensor and/or actuator for controlling a physical process | |
SG11201901075QA (en) | A secure package delivery and pick-up system | |
SG11201900116RA (en) | Communication flow for verification and identification check | |
AU2007282234A8 (en) | Process control of an industrial plant | |
SG11201810762WA (en) | Dynamic self-learning system for automatically creating new rules for detecting organizational fraud | |
SG11201806981RA (en) | Water management system and method | |
SG11201909903VA (en) | Containerized deployment of microservices based on monolithic legacy applications | |
SG11201804643PA (en) | Indicator device | |
SG11201903604PA (en) | Iot security service | |
SG11201807025SA (en) | Crispr/cas systems for c-1 fixing bacteria | |
SG11201805215UA (en) | Method and apparatus for creating and managing controller based remote solutions | |
SG11201803050PA (en) | Electronic device generating notification based on context data in response to speech phrase from user | |
SG11201811353PA (en) | Methods Apparatuses Assemblies Devices and Systems for Conditioning and Purifying Air | |
SG11201407362YA (en) | Total money management system | |
SG11201809495QA (en) | Parallelism and n-tiering of knowledge inference and statistical correlation system | |
WO2008063361A3 (en) | Casino table game monitoring system | |
SG11201909943SA (en) | System and method for high accuracy location determination and parking | |
SG11201804841VA (en) | Hardware integrity check | |
EP2645195A3 (en) | Systems and methods for improved reliability operations | |
EP2610755A3 (en) | Information processing apparatus and unauthorized access prevention method | |
WO2010011897A3 (en) | Global network monitoring |