SG11201804371RA - System and method for detecting a cyber-attack at scada/ics managed plants - Google Patents

System and method for detecting a cyber-attack at scada/ics managed plants

Info

Publication number
SG11201804371RA
SG11201804371RA SG11201804371RA SG11201804371RA SG11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA SG 11201804371R A SG11201804371R A SG 11201804371RA
Authority
SG
Singapore
Prior art keywords
attack
scada
international
cyber
detecting
Prior art date
Application number
SG11201804371RA
Inventor
Michael Arov
Ronen Ochman
Moshe Cohen
Original Assignee
Rafael Advanced Defense Systems Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rafael Advanced Defense Systems Ltd filed Critical Rafael Advanced Defense Systems Ltd
Publication of SG11201804371RA publication Critical patent/SG11201804371RA/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
    • G05B19/4185Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by the network communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property -' Organization International Bureau (43) International Publication Date .... ..sr.) 1 June 2017 (01.06.2017) WIPO I PCT (10) WO International Publication Number 111111111111311111111111111111111111111111111111111111111111111111111311111111111111111 2017/090045 Al (51) International Patent Classification: AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, G06F 21/50 (2013.01) H04L 12/12 (2006.01) BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, GO6F 11/00 (2006.01) DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JP, KE, KG, KN, KP, KR, (21) International Application Number: KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, PCT/IL2016/051268 MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, (22) International Filing Date: OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, 25 November 2016 (25.11.2016) SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, (25) Filing Language: English ZW. (26) Publication Language: English (84) Designated States (unless otherwise indicated, for every (30) Priority Data: kind of regional protection available): ARIPO (BW, GH, 242808 26 November 2015 (26.11.2015) IL GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, (71) Applicant: RAFAEL ADVANCED DEFENSE SYS- TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, TEMS LTD. [IL/IL]; P.O.B. 2250, 3102102 Haifa (IL). DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, (72) Inventors: AROV, Michael; 6 Nahal Snir Street, 4050000 LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, S Even Yehuda (IL). OCHMAN, Ronen; 255 Hasaf Street, M, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, 2280500 Kibbutz Saar (IL). COHEN, Moshe; 182 Nesher GW, KM, ML, MR, NE, SN, TD, TG). Street, 2171030 Karmiel (IL). Declarations under Rule 4.17: (74) Agents: CHECHIK, Haim et al.; Luzzatto & Luzzatto, — of inventorship (Rule 4.17(iv)) P.O. Box 5352, 8415202 Beer Sheva (IL). Published: (81) Designated States (unless otherwise indicated, for every with international search report (Art 21(3)) kind AE, AG, AL, AM, of national protection available): (54) Title: SYSTEM AND METHOD FOR DETECTING A CYBER-ATTACK AT SCADA/ICS MANAGED PLANTS (57) : System for detecting a cyber-attack inflicted by an attacker seeking to cause physical damage to, or harm functionality of, a SCADA sys - , tem managed plant, comprising passively connected to the SCADA system. „ . an ' Each of the industrial computerized devices comprises a processor that is 302 o Aro configured with a data validation module to deteimine whether data flow out - putted from a SCADA- connected controller, adapted to command operation ,, „ „„,,,,„„,„,„„ of each electromechanical component of a corresponding controlled subsys - is issuing is : tem of the plant, authentic, and with an alert mechanism that ac- 4 ; tivated following detection that the outputted data flow is indicative of a cy - ber-attack perpetrated with respect to the controller. The at least one dedic - A) ated industrial computerized device is operable to passively monitor in paral - i lel, by the more dedicated industrial device, data one or computerized com- e rp . municated between each of the controllers and the SCADA system including - the outputted data at the nearest points of each of the controllers; seek, by the :Q. 1 - one or more dedicated industrial computerized devices, mismatches between 0 \" e the the if is detected, plant state and physical operation model; a mismatch determine by the dedicated industrial device whether the mis - computerized ,, match is indicative of a cyber-attack perpetrated with respect to one of the t' detecting controllers or an operational malfunction; and upon a cyber- attack, Il .4t activate the alert issuing mechanism to issue a security alert. li n ,12 z [h 3i dcicv d tackvecWxe it I 1 I \" C Fig. 3 0 --..„ IN 1-1 0 N O
SG11201804371RA 2015-11-26 2016-11-25 System and method for detecting a cyber-attack at scada/ics managed plants SG11201804371RA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL242808A IL242808A0 (en) 2015-11-26 2015-11-26 System and method for detecting a cyber-attack at scada/ics managed plants
PCT/IL2016/051268 WO2017090045A1 (en) 2015-11-26 2016-11-25 System and method for detecting a cyber-attack at scada/ics managed plants

Publications (1)

Publication Number Publication Date
SG11201804371RA true SG11201804371RA (en) 2018-06-28

Family

ID=56082810

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201804371RA SG11201804371RA (en) 2015-11-26 2016-11-25 System and method for detecting a cyber-attack at scada/ics managed plants

Country Status (4)

Country Link
US (1) US11093606B2 (en)
IL (2) IL242808A0 (en)
SG (1) SG11201804371RA (en)
WO (1) WO2017090045A1 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017160913A1 (en) * 2016-03-15 2017-09-21 Sri International Intrusion detection via semantic fuzzing and message provenance
US10417415B2 (en) * 2016-12-06 2019-09-17 General Electric Company Automated attack localization and detection
US10623266B2 (en) * 2016-12-08 2020-04-14 Honeywell International Inc. Cross entity association change assessment system
US10686806B2 (en) * 2017-08-21 2020-06-16 General Electric Company Multi-class decision system for categorizing industrial asset attack and fault types
CN111316177A (en) 2017-11-15 2020-06-19 Ksb股份有限公司 Method and apparatus for protecting a pump assembly from network attacks
JP7006178B2 (en) * 2017-11-24 2022-01-24 オムロン株式会社 Security monitoring device
JP6977507B2 (en) 2017-11-24 2021-12-08 オムロン株式会社 Controls and control systems
US10785237B2 (en) * 2018-01-19 2020-09-22 General Electric Company Learning method and system for separating independent and dependent attacks
US11146579B2 (en) * 2018-09-21 2021-10-12 General Electric Company Hybrid feature-driven learning system for abnormality detection and localization
CN109167796B (en) * 2018-09-30 2020-05-19 浙江大学 Deep packet inspection platform based on industrial SCADA system
US11171976B2 (en) 2018-10-03 2021-11-09 Raytheon Technologies Corporation Cyber monitor segmented processing for control systems
US11170314B2 (en) * 2018-10-22 2021-11-09 General Electric Company Detection and protection against mode switching attacks in cyber-physical systems
US10896261B2 (en) 2018-11-29 2021-01-19 Battelle Energy Alliance, Llc Systems and methods for control system security
US20220147659A1 (en) * 2019-02-14 2022-05-12 Nec Corporation Security assessment apparatus, security assessment method, and non-transitory computer readable medium
EP3739404A1 (en) * 2019-05-14 2020-11-18 Siemens Aktiengesellschaft Method and apparatus for controlling a device and automation and control system
US11343266B2 (en) 2019-06-10 2022-05-24 General Electric Company Self-certified security for assured cyber-physical systems
US11902318B2 (en) 2019-10-10 2024-02-13 Alliance For Sustainable Energy, Llc Network visualization, intrusion detection, and network healing
US11330007B2 (en) * 2019-12-23 2022-05-10 International Business Machines Corporation Graphical temporal graph pattern editor
WO2021177899A1 (en) * 2020-03-05 2021-09-10 Singapore University Of Technology And Design Power system security enhancement
US11562069B2 (en) 2020-07-10 2023-01-24 Kyndryl, Inc. Block-based anomaly detection
US11790081B2 (en) * 2021-04-14 2023-10-17 General Electric Company Systems and methods for controlling an industrial asset in the presence of a cyber-attack
CN113778054B (en) * 2021-09-09 2022-06-14 大连理工大学 Double-stage detection method for industrial control system attack
WO2023042191A1 (en) * 2021-09-14 2023-03-23 Cytwist Ltd. A top-down cyber security system and method

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7246156B2 (en) * 2003-06-09 2007-07-17 Industrial Defender, Inc. Method and computer program product for monitoring an industrial network
US20060034305A1 (en) * 2004-08-13 2006-02-16 Honeywell International Inc. Anomaly-based intrusion detection
US8601587B1 (en) 2009-09-04 2013-12-03 Raytheon Company System, method, and software for cyber threat analysis
US20110252479A1 (en) * 2010-04-08 2011-10-13 Yolanta Beresnevichiene Method for analyzing risk
US20130132149A1 (en) * 2010-06-10 2013-05-23 Dong Wei Method for quantitative resilience estimation of industrial control systems
CN103502949B (en) * 2011-05-13 2016-01-20 国际商业机器公司 For detecting abnormal abnormality detection system, apparatus and method in multiple control system
US8949668B2 (en) * 2011-05-23 2015-02-03 The Boeing Company Methods and systems for use in identifying abnormal behavior in a control system including independent comparisons to user policies and an event correlation model
US8981895B2 (en) 2012-01-09 2015-03-17 General Electric Company Method and system for intrusion detection in networked control systems
WO2014109645A1 (en) * 2013-01-08 2014-07-17 Secure-Nok As Method, device and computer program for monitoring an industrial control system
US20140244192A1 (en) * 2013-02-25 2014-08-28 Inscope Energy, Llc System and method for providing monitoring of industrial equipment
US8667589B1 (en) * 2013-10-27 2014-03-04 Konstantin Saprygin Protection against unauthorized access to automated system for control of technological processes
EP3063694B1 (en) * 2013-11-01 2020-01-15 Cybergym Control Ltd. Cyber defense
US20160330225A1 (en) * 2014-01-13 2016-11-10 Brightsource Industries (Israel) Ltd. Systems, Methods, and Devices for Detecting Anomalies in an Industrial Control System
US10108168B2 (en) * 2014-06-01 2018-10-23 Si-Ga Data Security (2014) Ltd. Industrial control system smart hardware monitoring
US9697355B1 (en) * 2015-06-17 2017-07-04 Mission Secure, Inc. Cyber security for physical systems

Also Published As

Publication number Publication date
IL259608A (en) 2018-07-31
WO2017090045A1 (en) 2017-06-01
US11093606B2 (en) 2021-08-17
US20180276375A1 (en) 2018-09-27
IL259608B (en) 2020-05-31
IL242808A0 (en) 2016-04-21

Similar Documents

Publication Publication Date Title
SG11201804371RA (en) System and method for detecting a cyber-attack at scada/ics managed plants
SG11201805067PA (en) Gas leak detection and location determination
SG11201807307VA (en) System and method for aerial system discrimination and action
CN104954178B (en) The method and device of optimization system alarm
SG11201808358WA (en) Method of detecting cyber attacks on a cyber physical system which includes at least one computing device coupled to at least one sensor and/or actuator for controlling a physical process
SG11201901075QA (en) A secure package delivery and pick-up system
SG11201900116RA (en) Communication flow for verification and identification check
AU2007282234A8 (en) Process control of an industrial plant
SG11201810762WA (en) Dynamic self-learning system for automatically creating new rules for detecting organizational fraud
SG11201806981RA (en) Water management system and method
SG11201909903VA (en) Containerized deployment of microservices based on monolithic legacy applications
SG11201804643PA (en) Indicator device
SG11201903604PA (en) Iot security service
SG11201807025SA (en) Crispr/cas systems for c-1 fixing bacteria
SG11201805215UA (en) Method and apparatus for creating and managing controller based remote solutions
SG11201803050PA (en) Electronic device generating notification based on context data in response to speech phrase from user
SG11201811353PA (en) Methods Apparatuses Assemblies Devices and Systems for Conditioning and Purifying Air
SG11201407362YA (en) Total money management system
SG11201809495QA (en) Parallelism and n-tiering of knowledge inference and statistical correlation system
WO2008063361A3 (en) Casino table game monitoring system
SG11201909943SA (en) System and method for high accuracy location determination and parking
SG11201804841VA (en) Hardware integrity check
EP2645195A3 (en) Systems and methods for improved reliability operations
EP2610755A3 (en) Information processing apparatus and unauthorized access prevention method
WO2010011897A3 (en) Global network monitoring