WO2021183082A1 - A cyber risk assessment system and method - Google Patents

A cyber risk assessment system and method Download PDF

Info

Publication number
WO2021183082A1
WO2021183082A1 PCT/TR2021/050205 TR2021050205W WO2021183082A1 WO 2021183082 A1 WO2021183082 A1 WO 2021183082A1 TR 2021050205 W TR2021050205 W TR 2021050205W WO 2021183082 A1 WO2021183082 A1 WO 2021183082A1
Authority
WO
WIPO (PCT)
Prior art keywords
entity
vulnerability
entities
risk
monitoring
Prior art date
Application number
PCT/TR2021/050205
Other languages
French (fr)
Inventor
Murat Huseyin CANDAN
Mahmut Nezir YUCESOY
Original Assignee
Barikat Internet Guvenligi Bilisim Ticaret Anonim Sirketi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from TR2020/03889 external-priority patent/TR202003889Y/en
Application filed by Barikat Internet Guvenligi Bilisim Ticaret Anonim Sirketi filed Critical Barikat Internet Guvenligi Bilisim Ticaret Anonim Sirketi
Publication of WO2021183082A1 publication Critical patent/WO2021183082A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Definitions

  • the present invention relates to a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
  • Industrial control systems are used in industrial fields for ensuring automation of certain processes and especially for reducing human-induced errors as much as possible.
  • operational technology OT
  • internet of things LoT
  • IT information technology
  • the operational technology, internet of things and information technology entities have been used together.
  • the OT/loT entities can establish data communication with different entities by connecting to a network such as internet. In this way, different entities are enabled to work together such that they are provided with remote intervention if needed.
  • risk analysis methods are used to evaluate possible cyber threats and results thereof, which may affect IT/OT/loT systems.
  • cyber risk analysis methods covered by the known art are based on information technologies (IT), wherein industrial control systems including operational technology and Internet or mings components are not sufficient for risk assessment against different cyber threats.
  • the present invention discloses a cyber risk assessment system and method for operational technology and/or information technology and/or internet of things entities of industrial control systems.
  • Said method comprises the steps of detecting operational technology and/or information technology and/or internet of things entities in a network; monitoring services on the detected entities from a security perspective; identifying at least one vulnerability of the detected entity by using at least one vulnerability database; and calculating a risk value for the related entity according to at least one identified vulnerability of the entity and the monitoring information of the service running on the entity.
  • the system comprises at least one entity detection unit for detecting operational technology and/or information technology and/or internet of things entities in a network; at least one monitoring unit for monitoring services on the detected entities; at least one vulnerability detection unit for identifying at least one vulnerability of the detected entity by means of at least one vulnerability database; and at least one risk calculation unit for calculating a risk value for the related entity according to at least one identified vulnerability of the entity, criticality of the entity and the monitoring information of the service on the entity.
  • the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities in industrial control systems.
  • OT operational technology
  • IT information technology
  • LoT internet of things
  • the risk value which can be calculated for each entity enables resistance of the related entity against cyber-attacks to be identified. Therefore, the risky situations that industrial control systems may encounter due to said entities can be identified, and measures can be taken against such risks.
  • An object of the present invention is to provide a cyber risk assessment system and a method for IT/OT/loT components of industrial control systems.
  • Another object of the present invention is to provide a cyber risk assessment system and a method for assessing the resistance of IT/OT/loT components of industrial control systems against different types of cyber-attacks.
  • Figure 1 is a block diagram of the cyber risk assessment system according to the present invention.
  • Industrial control systems comprise various components for reducing human error and achieving more efficient results by automation.
  • Components such as IT/OT/loT can communicate with different components and/or different devices via a network connection. While such a communication enables the industrial control system to worK erricienny ana to be controlled more easily, as well as monitoring health status thereof, it also creates a risk of cyber-attack. Therefore, the present invention provides a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
  • the cyber risk assessment method comprises the steps of detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; monitoring services (e.g. HTTP, SNMP, Modbus, BACnet, DNP3, ZigBee, MQTT) on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1) and the monitoring information of the service on the entity (1).
  • monitoring services e.g. HTTP, SNMP, Modbus, BACnet, DNP3, ZigBee, MQTT
  • the risk assessment system comprises at least one entity detection unit (2) for detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; at least one monitoring unit (3) for monitoring services (e.g. HTTP, SNMP, WMI, SMTP, FTP, Modbus, CoAP, DDS, ZigBee, MQTT) the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service running on the entity (1).
  • entity detection unit (2) for detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network
  • monitoring unit (3) for monitoring services (e.g. HTTP, SNMP, WMI, SMTP, FTP, Modbus, Co
  • the entity detection unit (2) comprises at least one sensor for detecting the entities (1) by active scanning. Said sensor analyses the entities (1) so that information such as the brand, model, connection protocol, and services used for the entities (1) are obtained.
  • the vulnerability database (4) comprises information on the various entities (1) that are obtained by using internationally recognized and validated data such as MITRE and NIST, and on relationship between the vulnerabilities of these entities (1).
  • predetermined vulnerability information of entities (1) of various brands and models is included in the vulnerability database (4).
  • the vulnerability detection unit (5) can use the brand/model/version information aetectea by the entity detection unit (2) such that it detects the vulnerabilities of a related entity (1) from the vulnerability database (4).
  • the risk assessment system comprises at least one threat database (7) which is in communication with the risk calculation unit (6).
  • the threat database (7) comprises information about the threats associated with the vulnerabilities provided in the vulnerability database (4).
  • the step of calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), the criticality of the entity (1) and the monitoring information of the service on the entity (1) comprises the step of detecting a threat associated with at least one identified vulnerability of the entity (1) from at least one threat database (7). In this case, the detected threat is used to calculate a risk value.
  • the risk assessment system comprises at least one anomaly unit (8) which is in communication with the risk calculation unit (6).
  • the anomaly unit (8) provides a warning to at least one user (authorized person) if the risk value calculated by the risk calculation unit (6) exceeds a threshold value.
  • said warning can be in the form of an alarm (audible and/or visual) or it can be provided by sending an SMS, sending an e-mail to at least one user or calling the user.
  • the risk assessment method comprises the steps of comparing a calculated risk value with at least one threshold value; and if the calculated risk value is above at least one threshold value, providing at least one warning.
  • the risk value can be divided into different categories by using more than one threshold value. For example, risk categories such as very critical, critical, medium, low can be determined and a warning can be provided if the calculated risk value falls into a very critical or critical category.
  • the risk assessment system comprises at least one storage unit which is in communication with the risk calculation unit (6).
  • said method comprises the step of storing the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related entities (1) in the memory.
  • the storage unit is used to store the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related assets (1), the information stored therein can be presented to the users in a report when required.
  • entities (1) in a network are detected by the entity detection unit (2). As a result of this detection process, information such as the brand/model information of the entities (1) in the network, and the services running on the entity (1) are obtained.
  • Services running on the detected entities (1) are monitored by the monitoring unit (3).
  • this situation can be detected in real time by the monitoring unit (3).
  • desired services among the services on IT entities HTTP, SNMP, WMI, SMTP etc.
  • Some of these services (such as HTTP, SMTP) will be monitored directly while some of them can be monitored through services such as SNMP and WMI, where the performance and health status of the devices can be retrieved.
  • the performance, error and health status of the related entities can be followed in real time in text and graphic format depending on the user choices.
  • a structure which can be monitored over protocols such as DNP3, IEC, Modbus, EtherNet/IP, FROFINET, PROFIBUS, EtherCAT, CIP, OPC, CAN/CAN BUS, PTP, ICCP, HART can be created so that accessibility and performance status can be visualized in real time.
  • the vulnerabilities of the related entity (1) are identified by the vulnerability detection unit (5) using the vulnerability database (4).
  • Plugins for these vulnerabilities can be used for this process.
  • a risk value is calculated for the entity by processing, by the risk calculation unit (6), the determined vulnerability information and the monitoring information obtained by the monitoring unit (3). During this calculation process, threats related to the vulnerability that is identified for an entity (1) are obtained by using a threat database (7).
  • the risk value is calculated by using the information about the obtained threats in an algorithm. If the calculated risk value is higher than a threshold value, users are warned to take precautions.
  • a threshold value For example, if there is an unexpected/undesirable situation in the services running on the entity (1), the risk value can be updated in accordance with this. Therefore, users can be warned in real time in undesirable/unexpected situations.
  • the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in industrial control systems.
  • OT operational technology
  • IT information technology
  • LoT internet of things
  • the risk value which can be calculated for each entity (1) enables resistance of the related entity (1) against cyber-attacks to be identified. Therefore, the risky situations that industrial control systems may encounter due to said entities (1) can De laemmea, and measures can be taken against such risks.

Abstract

The present invention discloses a cyber risk assessment system and method for operational technology and/or information technology and/or internet of things entities (1) of industrial control systems. Said method comprises the steps of detecting operational technology and/or information technology and/or internet of things entities (1) in a network; monitoring services on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service on the entity (1). Said system comprises at least one entity detection unit (2) for detecting operational technology and/or information technology and/or internet of things entities (1) in a network; at least one monitoring unit (3) for monitoring services on the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the result of monitoring the service on the entity (1).

Description

A CYBER RISK ASSESSMENT SYSTEM AND METHOD
Technical Field
The present invention relates to a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
Background of the Invention
Industrial control systems are used in industrial fields for ensuring automation of certain processes and especially for reducing human-induced errors as much as possible. In the industrial control systems, operational technology (OT), internet of things (loT) and information technology (IT) entities are used in isolation from each other. As a result of the developing technology, the operational technology, internet of things and information technology entities have been used together. In particular, the OT/loT entities can establish data communication with different entities by connecting to a network such as internet. In this way, different entities are enabled to work together such that they are provided with remote intervention if needed.
According to conventional applications, since the entities used in industrial control systems had been provided in an isolated network without an external access, it was not possible to attack said components from outside. However, with the developing technology, the need for OT/loT entities to communicate with IT systems has emerged, which puts industrial control systems in jeopardy against cyber-attacks. In the event of a possible cyber-attack especially in areas such as energy, aviation, telecommunications, transportation, and banking, undesirable situations such as loss of life and/or property may occur. Therefore, especially in industrial control systems that include operational technology and components such as the Internet of Things, such systems must be resistant to cyber-attacks in order to prevent loss of life and property. According to prior- art applications, risk analysis methods are used to evaluate possible cyber threats and results thereof, which may affect IT/OT/loT systems. However, cyber risk analysis methods covered by the known art are based on information technologies (IT), wherein industrial control systems including operational technology and Internet or mings components are not sufficient for risk assessment against different cyber threats.
Brief Description of the Invention
The present invention discloses a cyber risk assessment system and method for operational technology and/or information technology and/or internet of things entities of industrial control systems. Said method comprises the steps of detecting operational technology and/or information technology and/or internet of things entities in a network; monitoring services on the detected entities from a security perspective; identifying at least one vulnerability of the detected entity by using at least one vulnerability database; and calculating a risk value for the related entity according to at least one identified vulnerability of the entity and the monitoring information of the service running on the entity.
The system comprises at least one entity detection unit for detecting operational technology and/or information technology and/or internet of things entities in a network; at least one monitoring unit for monitoring services on the detected entities; at least one vulnerability detection unit for identifying at least one vulnerability of the detected entity by means of at least one vulnerability database; and at least one risk calculation unit for calculating a risk value for the related entity according to at least one identified vulnerability of the entity, criticality of the entity and the monitoring information of the service on the entity.
Thanks to the cyber risk assessment system and method according to the present invention, the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities in industrial control systems. The risk value which can be calculated for each entity enables resistance of the related entity against cyber-attacks to be identified. Therefore, the risky situations that industrial control systems may encounter due to said entities can be identified, and measures can be taken against such risks. Object of the Invention
An object of the present invention is to provide a cyber risk assessment system and a method for IT/OT/loT components of industrial control systems.
Another object of the present invention is to provide a cyber risk assessment system and a method for assessing the resistance of IT/OT/loT components of industrial control systems against different types of cyber-attacks.
Description of the Drawings
An exemplary embodiment of the cyber risk assessment system according to the present invention is illustrated in the attached drawings, in which:
Figure 1 is a block diagram of the cyber risk assessment system according to the present invention.
All the parts illustrated in figures are individually assigned a reference numeral and the corresponding terms of these numbers are listed below:
Entity (1)
Entity detection unit (2)
Monitoring unit (3)
Vulnerability database (4)
Vulnerability detection unit (5)
Risk calculation unit (6)
Threat database (7)
Anomaly unit (8)
Description of the Invention
Industrial control systems comprise various components for reducing human error and achieving more efficient results by automation. Components such as IT/OT/loT can communicate with different components and/or different devices via a network connection. While such a communication enables the industrial control system to worK erricienny ana to be controlled more easily, as well as monitoring health status thereof, it also creates a risk of cyber-attack. Therefore, the present invention provides a cyber risk assessment system and method for IT/OT/loT components of industrial control systems.
The cyber risk assessment method according to the present invention comprises the steps of detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; monitoring services (e.g. HTTP, SNMP, Modbus, BACnet, DNP3, ZigBee, MQTT) on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1) and the monitoring information of the service on the entity (1).
The risk assessment system according to the present invention comprises at least one entity detection unit (2) for detecting operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in a network; at least one monitoring unit (3) for monitoring services (e.g. HTTP, SNMP, WMI, SMTP, FTP, Modbus, CoAP, DDS, ZigBee, MQTT) the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service running on the entity (1).
In a preferred embodiment of the invention, the entity detection unit (2) comprises at least one sensor for detecting the entities (1) by active scanning. Said sensor analyses the entities (1) so that information such as the brand, model, connection protocol, and services used for the entities (1) are obtained.
In another preferred embodiment of the invention, the vulnerability database (4) comprises information on the various entities (1) that are obtained by using internationally recognized and validated data such as MITRE and NIST, and on relationship between the vulnerabilities of these entities (1). In other words, predetermined vulnerability information of entities (1) of various brands and models is included in the vulnerability database (4). The vulnerability detection unit (5) can use the brand/model/version information aetectea by the entity detection unit (2) such that it detects the vulnerabilities of a related entity (1) from the vulnerability database (4).
In another preferred embodiment of the invention, the risk assessment system comprises at least one threat database (7) which is in communication with the risk calculation unit (6). The threat database (7) comprises information about the threats associated with the vulnerabilities provided in the vulnerability database (4). In this embodiment, the step of calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), the criticality of the entity (1) and the monitoring information of the service on the entity (1) comprises the step of detecting a threat associated with at least one identified vulnerability of the entity (1) from at least one threat database (7). In this case, the detected threat is used to calculate a risk value.
In a further preferred embodiment of the invention, the risk assessment system comprises at least one anomaly unit (8) which is in communication with the risk calculation unit (6). The anomaly unit (8) provides a warning to at least one user (authorized person) if the risk value calculated by the risk calculation unit (6) exceeds a threshold value. For example, said warning can be in the form of an alarm (audible and/or visual) or it can be provided by sending an SMS, sending an e-mail to at least one user or calling the user. In this embodiment, the risk assessment method comprises the steps of comparing a calculated risk value with at least one threshold value; and if the calculated risk value is above at least one threshold value, providing at least one warning. Here, the risk value can be divided into different categories by using more than one threshold value. For example, risk categories such as very critical, critical, medium, low can be determined and a warning can be provided if the calculated risk value falls into a very critical or critical category.
In another preferred embodiment of the invention, the risk assessment system comprises at least one storage unit which is in communication with the risk calculation unit (6). In this embodiment, said method comprises the step of storing the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related entities (1) in the memory. Here, since the storage unit is used to store the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related assets (1), the information stored therein can be presented to the users in a report when required. In an exemplary embodiment of the invention, entities (1) in a network are detected by the entity detection unit (2). As a result of this detection process, information such as the brand/model information of the entities (1) in the network, and the services running on the entity (1) are obtained. Services running on the detected entities (1) are monitored by the monitoring unit (3). Thus, in the event of an unexpected/undesirable situation (such as an unexpected or erroneous data transmission) in said services, this situation can be detected in real time by the monitoring unit (3). For example, desired services among the services on IT entities (HTTP, SNMP, WMI, SMTP etc.) can be monitored. Some of these services (such as HTTP, SMTP) will be monitored directly while some of them can be monitored through services such as SNMP and WMI, where the performance and health status of the devices can be retrieved. Here, the performance, error and health status of the related entities can be followed in real time in text and graphic format depending on the user choices. For OT entities, a structure which can be monitored over protocols such as DNP3, IEC, Modbus, EtherNet/IP, FROFINET, PROFIBUS, EtherCAT, CIP, OPC, CAN/CAN BUS, PTP, ICCP, HART can be created so that accessibility and performance status can be visualized in real time. According to the detected entity (1) information, the vulnerabilities of the related entity (1) are identified by the vulnerability detection unit (5) using the vulnerability database (4). Plugins for these vulnerabilities can be used for this process. A risk value is calculated for the entity by processing, by the risk calculation unit (6), the determined vulnerability information and the monitoring information obtained by the monitoring unit (3). During this calculation process, threats related to the vulnerability that is identified for an entity (1) are obtained by using a threat database (7). The risk value is calculated by using the information about the obtained threats in an algorithm. If the calculated risk value is higher than a threshold value, users are warned to take precautions. Here, for example, if there is an unexpected/undesirable situation in the services running on the entity (1), the risk value can be updated in accordance with this. Therefore, users can be warned in real time in undesirable/unexpected situations.
Thanks to the cyber risk assessment system and method according to the present invention, the risk value is calculated especially for operational technology (OT) and/or information technology (IT) and/or internet of things (loT) entities (1) in industrial control systems. The risk value which can be calculated for each entity (1) enables resistance of the related entity (1) against cyber-attacks to be identified. Therefore, the risky situations that industrial control systems may encounter due to said entities (1) can De laemmea, and measures can be taken against such risks.

Claims

1. A cyber risk assessment method for operational technology and/or information technology and/or internet of things entities (1) of industrial control systems, characterized by comprising the steps of: detecting operational technology and/or information technology and/or internet of things entities (1) in a network; monitoring services on the detected entities (1); identifying at least one vulnerability of the detected entity (1) by using at least one vulnerability database (4); and calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the monitoring information of the service on the entity (1).
2. A cyber risk assessment method according to claim 1 , characterized in that the step of calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), the criticality of the entity (1) and the result of monitoring the service on the entity (1) comprises the step of detecting a threat associated with at least one identified vulnerability of the entity (1) from at least one threat database (7).
3. A cyber risk assessment method according to claim 1 or 2, characterized in that the method comprises the steps of comparing a calculated risk value with at least one threshold value; and if the calculated risk value is above at least one threshold value, providing at least one warning.
4. A cyber risk assessment method according to any of the preceding claims, characterized in that the method comprises the step of storing the information of the entity (1) and the risk value calculated in the risk calculation unit (6) for the related entities (1) in the memory.
5. A cyber risk assessment system for operational technology and/or information technology and/or internet of things entities (1) of industrial control systems, characterized by comprising: at least one entity detection unit (2) for detecting operational technology and/or information technology and/or internet of things entities (1) in a network; at least one monitoring unit (3) for monitoring services on the detected entities (1); at least one vulnerability detection unit (5) for identifying at least one vulnerability of the detected entity (1) by means of at least one vulnerability database (4); and at least one risk calculation unit (6) for calculating a risk value for the related entity (1) according to at least one identified vulnerability of the entity (1), criticality of the entity (1) and the result of monitoring the service on the entity (1).
6. A cyber risk assessment system according to claim 5, characterized in that the entity detection unit (2) comprises at least one sensor for detecting the entities (1) by active scanning.
7. A cyber risk assessment system according to claim 5 or 6, characterized in that the system comprises at least one threat database (7) which is in communication with the risk calculation unit (6).
8. A cyber risk assessment system according to any of the claims 5 to 7, characterized in that the system comprises at least one anomaly unit (8) which is in communication with the risk calculation unit (6).
9. A cyber risk assessment system according to any of the claims 5 to 8, characterized in that the system comprises at least one storage unit which is in communication with the risk calculation unit (6).
PCT/TR2021/050205 2020-03-13 2021-03-08 A cyber risk assessment system and method WO2021183082A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2020/03889 TR202003889Y (en) 2020-03-13 A cyber risk assessment system
TR202003889 2020-03-13

Publications (1)

Publication Number Publication Date
WO2021183082A1 true WO2021183082A1 (en) 2021-09-16

Family

ID=77670901

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2021/050205 WO2021183082A1 (en) 2020-03-13 2021-03-08 A cyber risk assessment system and method

Country Status (1)

Country Link
WO (1) WO2021183082A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180131715A1 (en) * 2016-10-31 2018-05-10 Acentium Inc. Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system
US20190238584A1 (en) * 2018-01-30 2019-08-01 Asimily, Inc System and method for vulnerability management for connected devices
US20200012796A1 (en) * 2018-07-05 2020-01-09 Massachusetts Institute Of Technology Systems and methods for risk rating of vulnerabilities

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180131715A1 (en) * 2016-10-31 2018-05-10 Acentium Inc. Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system
US20190238584A1 (en) * 2018-01-30 2019-08-01 Asimily, Inc System and method for vulnerability management for connected devices
US20200012796A1 (en) * 2018-07-05 2020-01-09 Massachusetts Institute Of Technology Systems and methods for risk rating of vulnerabilities

Similar Documents

Publication Publication Date Title
US20240073242A1 (en) Cyber security appliance for an operational technology network
Giraldo et al. A survey of physics-based attack detection in cyber-physical systems
CN106168757B (en) Configurable robustness agent in a plant safety system
US9009084B2 (en) System and methodology providing automation security analysis and network intrusion protection in an industrial environment
EP3639504A2 (en) Cyber warning receiver
US11641370B2 (en) Attribute-based policies for integrity monitoring and network intrusion detection
US8040231B2 (en) Method for processing alarm data to generate security reports
US10135855B2 (en) Near-real-time export of cyber-security risk information
WO2010069698A1 (en) Network analysis
GB2532630A (en) Network intrusion alarm method and system for nuclear power station
EP3514638B1 (en) Automatic tampering detection in networked control systems
EP3646561B1 (en) A threat detection system for industrial controllers
US20170026341A1 (en) Automation network and method for monitoring the security of the transfer of data packets
CN108780486B (en) Context aware security self-evaluation
WO2021183082A1 (en) A cyber risk assessment system and method
JP2023126177A (en) Method and apparatus for detecting anomaly of infrastructure in network
US20230328035A1 (en) Method and firewall configured to monitor messages transiting between two communication elements
CA3232592A1 (en) Methods and systems for assessing and enhancing cybersecurity of a network
Negi et al. Intrusion Detection & Prevention in Programmable Logic Controllers: A Model-driven Approach
TR202003889Y (en) A cyber risk assessment system
Sand Incident handling, forensics sensors and information sources in industrial control systems
Findrik et al. Trustworthy computer security incident response for nuclear facilities
NL2020552B1 (en) Attribute-based policies for integrity monitoring and network intrusion detection
EP4027583A2 (en) Method and apparatus for maintaining web application firewall based on non-face-to-face authentication
Richey Leveraging PLC ladder logic for signature based IDS rule generation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21767460

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21767460

Country of ref document: EP

Kind code of ref document: A1