WO2021183082A1 - A cyber risk assessment system and method - Google Patents
A cyber risk assessment system and method Download PDFInfo
- Publication number
- WO2021183082A1 WO2021183082A1 PCT/TR2021/050205 TR2021050205W WO2021183082A1 WO 2021183082 A1 WO2021183082 A1 WO 2021183082A1 TR 2021050205 W TR2021050205 W TR 2021050205W WO 2021183082 A1 WO2021183082 A1 WO 2021183082A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- entity
- vulnerability
- entities
- risk
- monitoring
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Definitions
- the present invention relates to a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
- Industrial control systems are used in industrial fields for ensuring automation of certain processes and especially for reducing human-induced errors as much as possible.
- operational technology OT
- internet of things LoT
- IT information technology
- the operational technology, internet of things and information technology entities have been used together.
- the OT/loT entities can establish data communication with different entities by connecting to a network such as internet. In this way, different entities are enabled to work together such that they are provided with remote intervention if needed.
- risk analysis methods are used to evaluate possible cyber threats and results thereof, which may affect IT/OT/loT systems.
- cyber risk analysis methods covered by the known art are based on information technologies (IT), wherein industrial control systems including operational technology and Internet or mings components are not sufficient for risk assessment against different cyber threats.
- the present invention discloses a cyber risk assessment system and method for operational technology and/or information technology and/or internet of things entities of industrial control systems.
- Said method comprises the steps of detecting operational technology and/or information technology and/or internet of things entities in a network; monitoring services on the detected entities from a security perspective; identifying at least one vulnerability of the detected entity by using at least one vulnerability database; and calculating a risk value for the related entity according to at least one identified vulnerability of the entity and the monitoring information of the service running on the entity.
- the system comprises at least one entity detection unit for detecting operational technology and/or information technology and/or internet of things entities in a network; at least one monitoring unit for monitoring services on the detected entities; at least one vulnerability detection unit for identifying at least one vulnerability of the detected entity by means of at least one vulnerability database; and at least one risk calculation unit for calculating a risk value for the related entity according to at least one identified vulnerability of the entity, criticality of the entity and the monitoring information of the service on the entity.
- the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities in industrial control systems.
- OT operational technology
- IT information technology
- LoT internet of things
- the risk value which can be calculated for each entity enables resistance of the related entity against cyber-attacks to be identified. Therefore, the risky situations that industrial control systems may encounter due to said entities can be identified, and measures can be taken against such risks.
- An object of the present invention is to provide a cyber risk assessment system and a method for IT/OT/loT components of industrial control systems.
- Another object of the present invention is to provide a cyber risk assessment system and a method for assessing the resistance of IT/OT/loT components of industrial control systems against different types of cyber-attacks.
- Figure 1 is a block diagram of the cyber risk assessment system according to the present invention.
- Industrial control systems comprise various components for reducing human error and achieving more efficient results by automation.
- Components such as IT/OT/loT can communicate with different components and/or different devices via a network connection. While such a communication enables the industrial control system to worK erricienny ana to be controlled more easily, as well as monitoring health status thereof, it also creates a risk of cyber-attack. Therefore, the present invention provides a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
- the cyber risk assessment method comprises the steps of detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; monitoring services (e.g. HTTP, SNMP, Modbus, BACnet, DNP3, ZigBee, MQTT) on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1) and the monitoring information of the service on the entity (1).
- monitoring services e.g. HTTP, SNMP, Modbus, BACnet, DNP3, ZigBee, MQTT
- the risk assessment system comprises at least one entity detection unit (2) for detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; at least one monitoring unit (3) for monitoring services (e.g. HTTP, SNMP, WMI, SMTP, FTP, Modbus, CoAP, DDS, ZigBee, MQTT) the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service running on the entity (1).
- entity detection unit (2) for detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network
- monitoring unit (3) for monitoring services (e.g. HTTP, SNMP, WMI, SMTP, FTP, Modbus, Co
- the entity detection unit (2) comprises at least one sensor for detecting the entities (1) by active scanning. Said sensor analyses the entities (1) so that information such as the brand, model, connection protocol, and services used for the entities (1) are obtained.
- the vulnerability database (4) comprises information on the various entities (1) that are obtained by using internationally recognized and validated data such as MITRE and NIST, and on relationship between the vulnerabilities of these entities (1).
- predetermined vulnerability information of entities (1) of various brands and models is included in the vulnerability database (4).
- the vulnerability detection unit (5) can use the brand/model/version information aetectea by the entity detection unit (2) such that it detects the vulnerabilities of a related entity (1) from the vulnerability database (4).
- the risk assessment system comprises at least one threat database (7) which is in communication with the risk calculation unit (6).
- the threat database (7) comprises information about the threats associated with the vulnerabilities provided in the vulnerability database (4).
- the step of calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), the criticality of the entity (1) and the monitoring information of the service on the entity (1) comprises the step of detecting a threat associated with at least one identified vulnerability of the entity (1) from at least one threat database (7). In this case, the detected threat is used to calculate a risk value.
- the risk assessment system comprises at least one anomaly unit (8) which is in communication with the risk calculation unit (6).
- the anomaly unit (8) provides a warning to at least one user (authorized person) if the risk value calculated by the risk calculation unit (6) exceeds a threshold value.
- said warning can be in the form of an alarm (audible and/or visual) or it can be provided by sending an SMS, sending an e-mail to at least one user or calling the user.
- the risk assessment method comprises the steps of comparing a calculated risk value with at least one threshold value; and if the calculated risk value is above at least one threshold value, providing at least one warning.
- the risk value can be divided into different categories by using more than one threshold value. For example, risk categories such as very critical, critical, medium, low can be determined and a warning can be provided if the calculated risk value falls into a very critical or critical category.
- the risk assessment system comprises at least one storage unit which is in communication with the risk calculation unit (6).
- said method comprises the step of storing the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related entities (1) in the memory.
- the storage unit is used to store the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related assets (1), the information stored therein can be presented to the users in a report when required.
- entities (1) in a network are detected by the entity detection unit (2). As a result of this detection process, information such as the brand/model information of the entities (1) in the network, and the services running on the entity (1) are obtained.
- Services running on the detected entities (1) are monitored by the monitoring unit (3).
- this situation can be detected in real time by the monitoring unit (3).
- desired services among the services on IT entities HTTP, SNMP, WMI, SMTP etc.
- Some of these services (such as HTTP, SMTP) will be monitored directly while some of them can be monitored through services such as SNMP and WMI, where the performance and health status of the devices can be retrieved.
- the performance, error and health status of the related entities can be followed in real time in text and graphic format depending on the user choices.
- a structure which can be monitored over protocols such as DNP3, IEC, Modbus, EtherNet/IP, FROFINET, PROFIBUS, EtherCAT, CIP, OPC, CAN/CAN BUS, PTP, ICCP, HART can be created so that accessibility and performance status can be visualized in real time.
- the vulnerabilities of the related entity (1) are identified by the vulnerability detection unit (5) using the vulnerability database (4).
- Plugins for these vulnerabilities can be used for this process.
- a risk value is calculated for the entity by processing, by the risk calculation unit (6), the determined vulnerability information and the monitoring information obtained by the monitoring unit (3). During this calculation process, threats related to the vulnerability that is identified for an entity (1) are obtained by using a threat database (7).
- the risk value is calculated by using the information about the obtained threats in an algorithm. If the calculated risk value is higher than a threshold value, users are warned to take precautions.
- a threshold value For example, if there is an unexpected/undesirable situation in the services running on the entity (1), the risk value can be updated in accordance with this. Therefore, users can be warned in real time in undesirable/unexpected situations.
- the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in industrial control systems.
- OT operational technology
- IT information technology
- LoT internet of things
- the risk value which can be calculated for each entity (1) enables resistance of the related entity (1) against cyber-attacks to be identified. Therefore, the risky situations that industrial control systems may encounter due to said entities (1) can De laemmea, and measures can be taken against such risks.
Abstract
The present invention discloses a cyber risk assessment system and method for operational technology and/or information technology and/or internet of things entities (1) of industrial control systems. Said method comprises the steps of detecting operational technology and/or information technology and/or internet of things entities (1) in a network; monitoring services on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service on the entity (1). Said system comprises at least one entity detection unit (2) for detecting operational technology and/or information technology and/or internet of things entities (1) in a network; at least one monitoring unit (3) for monitoring services on the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the result of monitoring the service on the entity (1).
Description
A CYBER RISK ASSESSMENT SYSTEM AND METHOD
Technical Field
The present invention relates to a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
Background of the Invention
Industrial control systems are used in industrial fields for ensuring automation of certain processes and especially for reducing human-induced errors as much as possible. In the industrial control systems, operational technology (OT), internet of things (loT) and information technology (IT) entities are used in isolation from each other. As a result of the developing technology, the operational technology, internet of things and information technology entities have been used together. In particular, the OT/loT entities can establish data communication with different entities by connecting to a network such as internet. In this way, different entities are enabled to work together such that they are provided with remote intervention if needed.
According to conventional applications, since the entities used in industrial control systems had been provided in an isolated network without an external access, it was not possible to attack said components from outside. However, with the developing technology, the need for OT/loT entities to communicate with IT systems has emerged, which puts industrial control systems in jeopardy against cyber-attacks. In the event of a possible cyber-attack especially in areas such as energy, aviation, telecommunications, transportation, and banking, undesirable situations such as loss of life and/or property may occur. Therefore, especially in industrial control systems that include operational technology and components such as the Internet of Things, such systems must be resistant to cyber-attacks in order to prevent loss of life and property. According to prior- art applications, risk analysis methods are used to evaluate possible cyber threats and results thereof, which may affect IT/OT/loT systems. However, cyber risk analysis methods covered by the known art are based on information technologies (IT), wherein
industrial control systems including operational technology and Internet or mings components are not sufficient for risk assessment against different cyber threats.
Brief Description of the Invention
The present invention discloses a cyber risk assessment system and method for operational technology and/or information technology and/or internet of things entities of industrial control systems. Said method comprises the steps of detecting operational technology and/or information technology and/or internet of things entities in a network; monitoring services on the detected entities from a security perspective; identifying at least one vulnerability of the detected entity by using at least one vulnerability database; and calculating a risk value for the related entity according to at least one identified vulnerability of the entity and the monitoring information of the service running on the entity.
The system comprises at least one entity detection unit for detecting operational technology and/or information technology and/or internet of things entities in a network; at least one monitoring unit for monitoring services on the detected entities; at least one vulnerability detection unit for identifying at least one vulnerability of the detected entity by means of at least one vulnerability database; and at least one risk calculation unit for calculating a risk value for the related entity according to at least one identified vulnerability of the entity, criticality of the entity and the monitoring information of the service on the entity.
Thanks to the cyber risk assessment system and method according to the present invention, the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities in industrial control systems. The risk value which can be calculated for each entity enables resistance of the related entity against cyber-attacks to be identified. Therefore, the risky situations that industrial control systems may encounter due to said entities can be identified, and measures can be taken against such risks.
Object of the Invention
An object of the present invention is to provide a cyber risk assessment system and a method for IT/OT/loT components of industrial control systems.
Another object of the present invention is to provide a cyber risk assessment system and a method for assessing the resistance of IT/OT/loT components of industrial control systems against different types of cyber-attacks.
Description of the Drawings
An exemplary embodiment of the cyber risk assessment system according to the present invention is illustrated in the attached drawings, in which:
Figure 1 is a block diagram of the cyber risk assessment system according to the present invention.
All the parts illustrated in figures are individually assigned a reference numeral and the corresponding terms of these numbers are listed below:
Entity (1)
Entity detection unit (2)
Monitoring unit (3)
Vulnerability database (4)
Vulnerability detection unit (5)
Risk calculation unit (6)
Threat database (7)
Anomaly unit (8)
Description of the Invention
Industrial control systems comprise various components for reducing human error and achieving more efficient results by automation. Components such as IT/OT/loT can communicate with different components and/or different devices via a network connection.
While such a communication enables the industrial control system to worK erricienny ana to be controlled more easily, as well as monitoring health status thereof, it also creates a risk of cyber-attack. Therefore, the present invention provides a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
The cyber risk assessment method according to the present invention comprises the steps of detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; monitoring services (e.g. HTTP, SNMP, Modbus, BACnet, DNP3, ZigBee, MQTT) on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1) and the monitoring information of the service on the entity (1).
The risk assessment system according to the present invention comprises at least one entity detection unit (2) for detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; at least one monitoring unit (3) for monitoring services (e.g. HTTP, SNMP, WMI, SMTP, FTP, Modbus, CoAP, DDS, ZigBee, MQTT) the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service running on the entity (1).
In a preferred embodiment of the invention, the entity detection unit (2) comprises at least one sensor for detecting the entities (1) by active scanning. Said sensor analyses the entities (1) so that information such as the brand, model, connection protocol, and services used for the entities (1) are obtained.
In another preferred embodiment of the invention, the vulnerability database (4) comprises information on the various entities (1) that are obtained by using internationally recognized and validated data such as MITRE and NIST, and on relationship between the vulnerabilities of these entities (1). In other words, predetermined vulnerability information of entities (1) of various brands and models is included in the vulnerability database (4).
The vulnerability detection unit (5) can use the brand/model/version information aetectea by the entity detection unit (2) such that it detects the vulnerabilities of a related entity (1) from the vulnerability database (4).
In another preferred embodiment of the invention, the risk assessment system comprises at least one threat database (7) which is in communication with the risk calculation unit (6). The threat database (7) comprises information about the threats associated with the vulnerabilities provided in the vulnerability database (4). In this embodiment, the step of calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), the criticality of the entity (1) and the monitoring information of the service on the entity (1) comprises the step of detecting a threat associated with at least one identified vulnerability of the entity (1) from at least one threat database (7). In this case, the detected threat is used to calculate a risk value.
In a further preferred embodiment of the invention, the risk assessment system comprises at least one anomaly unit (8) which is in communication with the risk calculation unit (6). The anomaly unit (8) provides a warning to at least one user (authorized person) if the risk value calculated by the risk calculation unit (6) exceeds a threshold value. For example, said warning can be in the form of an alarm (audible and/or visual) or it can be provided by sending an SMS, sending an e-mail to at least one user or calling the user. In this embodiment, the risk assessment method comprises the steps of comparing a calculated risk value with at least one threshold value; and if the calculated risk value is above at least one threshold value, providing at least one warning. Here, the risk value can be divided into different categories by using more than one threshold value. For example, risk categories such as very critical, critical, medium, low can be determined and a warning can be provided if the calculated risk value falls into a very critical or critical category.
In another preferred embodiment of the invention, the risk assessment system comprises at least one storage unit which is in communication with the risk calculation unit (6). In this embodiment, said method comprises the step of storing the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related entities (1) in the memory. Here, since the storage unit is used to store the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related assets (1), the information stored therein can be presented to the users in a report when required.
In an exemplary embodiment of the invention, entities (1) in a network are detected by the entity detection unit (2). As a result of this detection process, information such as the brand/model information of the entities (1) in the network, and the services running on the entity (1) are obtained. Services running on the detected entities (1) are monitored by the monitoring unit (3). Thus, in the event of an unexpected/undesirable situation (such as an unexpected or erroneous data transmission) in said services, this situation can be detected in real time by the monitoring unit (3). For example, desired services among the services on IT entities (HTTP, SNMP, WMI, SMTP etc.) can be monitored. Some of these services (such as HTTP, SMTP) will be monitored directly while some of them can be monitored through services such as SNMP and WMI, where the performance and health status of the devices can be retrieved. Here, the performance, error and health status of the related entities can be followed in real time in text and graphic format depending on the user choices. For OT entities, a structure which can be monitored over protocols such as DNP3, IEC, Modbus, EtherNet/IP, FROFINET, PROFIBUS, EtherCAT, CIP, OPC, CAN/CAN BUS, PTP, ICCP, HART can be created so that accessibility and performance status can be visualized in real time. According to the detected entity (1) information, the vulnerabilities of the related entity (1) are identified by the vulnerability detection unit (5) using the vulnerability database (4). Plugins for these vulnerabilities can be used for this process. A risk value is calculated for the entity by processing, by the risk calculation unit (6), the determined vulnerability information and the monitoring information obtained by the monitoring unit (3). During this calculation process, threats related to the vulnerability that is identified for an entity (1) are obtained by using a threat database (7). The risk value is calculated by using the information about the obtained threats in an algorithm. If the calculated risk value is higher than a threshold value, users are warned to take precautions. Here, for example, if there is an unexpected/undesirable situation in the services running on the entity (1), the risk value can be updated in accordance with this. Therefore, users can be warned in real time in undesirable/unexpected situations.
Thanks to the cyber risk assessment system and method according to the present invention, the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in industrial control systems. The risk value which can be calculated for each entity (1) enables resistance of the related entity (1) against cyber-attacks to be identified. Therefore, the risky situations
that industrial control systems may encounter due to said entities (1) can De laemmea, and measures can be taken against such risks.
Claims
1. A cyber risk assessment method for operational technology and/or information technology and/or internet of things entities (1) of industrial control systems, characterized by comprising the steps of: detecting operational technology and/or information technology and/or internet of things entities (1) in a network; monitoring services on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service on the entity (1).
2. A cyber risk assessment method according to claim 1 , characterized in that the step of calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), the criticality of the entity (1) and the result of monitoring the service on the entity (1) comprises the step of detecting a threat associated with at least one identified vulnerability of the entity (1) from at least one threat database (7).
3. A cyber risk assessment method according to claim 1 or 2, characterized in that the method comprises the steps of comparing a calculated risk value with at least one threshold value; and if the calculated risk value is above at least one threshold value, providing at least one warning.
4. A cyber risk assessment method according to any of the preceding claims, characterized in that the method comprises the step of storing the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related entities (1) in the memory.
5. A cyber risk assessment system for operational technology and/or information technology and/or internet of things entities (1) of industrial control systems, characterized by comprising:
at least one entity detection unit (2) for detecting operational technology and/or information technology and/or internet of things entities (1) in a network; at least one monitoring unit (3) for monitoring services on the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the result of monitoring the service on the entity (1).
6. A cyber risk assessment system according to claim 5, characterized in that the entity detection unit (2) comprises at least one sensor for detecting the entities (1) by active scanning.
7. A cyber risk assessment system according to claim 5 or 6, characterized in that the system comprises at least one threat database (7) which is in communication with the risk calculation unit (6).
8. A cyber risk assessment system according to any of the claims 5 to 7, characterized in that the system comprises at least one anomaly unit (8) which is in communication with the risk calculation unit (6).
9. A cyber risk assessment system according to any of the claims 5 to 8, characterized in that the system comprises at least one storage unit which is in communication with the risk calculation unit (6).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TR2020/03889 TR202003889Y (en) | 2020-03-13 | A cyber risk assessment system | |
TR202003889 | 2020-03-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021183082A1 true WO2021183082A1 (en) | 2021-09-16 |
Family
ID=77670901
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/TR2021/050205 WO2021183082A1 (en) | 2020-03-13 | 2021-03-08 | A cyber risk assessment system and method |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2021183082A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180131715A1 (en) * | 2016-10-31 | 2018-05-10 | Acentium Inc. | Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system |
US20190238584A1 (en) * | 2018-01-30 | 2019-08-01 | Asimily, Inc | System and method for vulnerability management for connected devices |
US20200012796A1 (en) * | 2018-07-05 | 2020-01-09 | Massachusetts Institute Of Technology | Systems and methods for risk rating of vulnerabilities |
-
2021
- 2021-03-08 WO PCT/TR2021/050205 patent/WO2021183082A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180131715A1 (en) * | 2016-10-31 | 2018-05-10 | Acentium Inc. | Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system |
US20190238584A1 (en) * | 2018-01-30 | 2019-08-01 | Asimily, Inc | System and method for vulnerability management for connected devices |
US20200012796A1 (en) * | 2018-07-05 | 2020-01-09 | Massachusetts Institute Of Technology | Systems and methods for risk rating of vulnerabilities |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20240073242A1 (en) | Cyber security appliance for an operational technology network | |
Giraldo et al. | A survey of physics-based attack detection in cyber-physical systems | |
CN106168757B (en) | Configurable robustness agent in a plant safety system | |
US9009084B2 (en) | System and methodology providing automation security analysis and network intrusion protection in an industrial environment | |
EP3639504A2 (en) | Cyber warning receiver | |
US11641370B2 (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
US8040231B2 (en) | Method for processing alarm data to generate security reports | |
US10135855B2 (en) | Near-real-time export of cyber-security risk information | |
WO2010069698A1 (en) | Network analysis | |
GB2532630A (en) | Network intrusion alarm method and system for nuclear power station | |
EP3514638B1 (en) | Automatic tampering detection in networked control systems | |
EP3646561B1 (en) | A threat detection system for industrial controllers | |
US20170026341A1 (en) | Automation network and method for monitoring the security of the transfer of data packets | |
CN108780486B (en) | Context aware security self-evaluation | |
WO2021183082A1 (en) | A cyber risk assessment system and method | |
JP2023126177A (en) | Method and apparatus for detecting anomaly of infrastructure in network | |
US20230328035A1 (en) | Method and firewall configured to monitor messages transiting between two communication elements | |
CA3232592A1 (en) | Methods and systems for assessing and enhancing cybersecurity of a network | |
Negi et al. | Intrusion Detection & Prevention in Programmable Logic Controllers: A Model-driven Approach | |
TR202003889Y (en) | A cyber risk assessment system | |
Sand | Incident handling, forensics sensors and information sources in industrial control systems | |
Findrik et al. | Trustworthy computer security incident response for nuclear facilities | |
NL2020552B1 (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
EP4027583A2 (en) | Method and apparatus for maintaining web application firewall based on non-face-to-face authentication | |
Richey | Leveraging PLC ladder logic for signature based IDS rule generation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21767460 Country of ref document: EP Kind code of ref document: A1 |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21767460 Country of ref document: EP Kind code of ref document: A1 |