Processing

Please wait...

Settings

Settings

Goto Application

1. US20200175171 - SYSTEMS AND METHODS FOR CONTROL SYSTEM SECURITY

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

Claims

1. A method for securing a control system, comprising:
generating a state key comprising cyber key data configured to characterize a cyber state of the control system and physical key data configured to characterize a physical state of the control system;
communicating the state key through the control system, the communicating comprising acquiring validation data corresponding to the state key transmitted through one or more control paths of the control system;
generating a reconstruction of the state key by use of the acquired validation data; and
determining a cyber-physical health of the control system based on a comparison between the state key and the reconstruction of the state key.
2. The method of claim 1, further comprising communicating the state key through a control path comprising:
a physical component operatively coupled to a physical process controlled through the control path, and
a cyber path configured to communicatively couple a computational component of the control path to the physical component.
3. (canceled)
4. The method of claim 1, wherein communicating the state key through the control system comprises:
splitting the state key into a plurality of fragments, each fragment comprising at least a portion of one or more of the cyber key data and the physical key data;
transmitting the fragments of the state key through control paths of the control system; and
acquiring validation data corresponding to each fragment.
5. The method of claim 4, wherein transmitting a fragment of the state key through a control path comprises:
communicating the fragment through a first cyber path of the control system;
transmitting validation data corresponding to the fragment through a physical control section of the control path; and
acquiring the validation data corresponding to the fragment through a second cyber path of the control system.
6. The method of claim 4, wherein transmitting a fragment of the state key through a control path comprises:
sending the fragment to a first physical component coupled to a physical process controlled through the control path; and
transmitting validation data corresponding to the fragment to a second physical component through the physical process, wherein:
the first physical component comprises one or more of an actuator device and a controller; and
the second physical component comprises one or more of a sensor device and a controller.
7. (canceled)
8. (canceled)
9. The method of claim 1, wherein the cyber key data is configured to characterize a cyber state of a selected cyber-physical control element of the control system, the cyber-physical control element comprising a controller configured to implement a control function pertaining to a physical process variable by use of one or more physical devices.
10. The method of claim 9, wherein the cyber key data is configured to characterize a cyber state of one or more of: a cyber node communicatively coupled to one or more of the physical devices, and a cyber path configured to communicatively couple the controller to one or more of the physical devices.
11. (canceled)
12. The method of claim 9, wherein the physical key data is configured to characterize a physical state of one or more of the physical devices, the controller, and the physical process variable.
13. (canceled)
14. The method of claim 1, wherein communicating the state key through the control system comprises communicating the state key through a first group comprising a plurality of cyber-physical components of the control system, the method further comprising:
calculating a first error metric quantifying differences between the state key and the reconstruction of the state key; and
attributing at least a portion of the first error metric to one or more cyber-physical components of the first group.
15. The method of claim 14, wherein attributing the error metric comprises:
configuring a subsequent state key for communication through a second group of cyber-physical components of the control system that overlaps with the first group, the second group excluding one or more cyber-physical components of the first group; and
attributing at least a portion of the first metric to the one or more cyber-physical components excluded from the second group, the attributing comprising:
calculating a second error metric quantifying differences between the subsequent state key and a reconstruction of the subsequent state key, and
attributing a difference between the first error metric and the second error metric to one or more cyber-physical components excluded from the second group.
16. (canceled)
17. An apparatus for securing a control system, comprising:
a security agent comprising a processor, comprising:
a key module configured to generate keys, each key comprising cyber seed data configured to characterize a cyber state of the control system and physical seed data configured to characterize a physical state of the control system;
a communication module configured to send keys through control paths of the control system;
a reconstruction module configured to determine key errors resulting from communication of the keys through the control paths; and
a security module configured to determine cyber health metrics indicating a cyber health of the control system and physical health metrics indicating a physical health of the control system based on the determined key errors.
18. The apparatus of claim 17, wherein the communication module is configured to communicate a key through a selected region of the control system, the selected region comprising cyber-physical components configured to control a physical process variable of the control system.
19. The apparatus of claim 18, further comprising a parse module configured to split the key into a plurality of fragments, wherein the communication module is configured to send the fragments through respective control paths of the selected region of the control system.
20. The apparatus of claim 19, wherein the communication module is configured to send a first fragment of the key to an actuator device coupled to the physical process variable and to acquire validation data corresponding to the first fragment from a sensor device coupled to the physical process variable.
21. (canceled)
22. The apparatus of claim 19, wherein:
the communication module is further configured to acquire validation data corresponding to communication of each fragment of the key;
the reconstruction module is further configured to determine a reconstruction of the key by use of the acquired validation data, and determine a key error for the key based on a comparison between the key and the reconstruction, the comparison configured to quantify one or more of an error, a difference, and a distance between the key and the reconstruction.
23. (canceled)
24. (canceled)
25. The apparatus of claim 18, wherein the key module is configured to generate keys adapted for communication through selected regions of the control system, wherein generating a key adapted for communication through a selected region of the control system comprises the key module:
deriving cyber seed data of the key from cyber state metadata pertaining to the selected region of the control system, the cyber state metadata configured to characterize one or more of: a state of cyber communication at one or more cyber components, a state of cyber communication at one or more cyber nodes, and state of cyber communication within a control system network; and
deriving physical seed data of the key from physical state metadata pertaining to the selected region of the control system, the physical state metadata configured to characterize a state of one or more: sensor devices, actuator devices, computational components, and physical process variables.
26. (canceled)
27. (canceled)
28. The apparatus of claim 17, wherein:
the communication module is configured to send a first key through first cyber-physical control paths, the first cyber-physical control paths comprising a first group of cyber-physical components of the control system;
the reconstruction module is configured to determine a first key error resulting from communication of the first key through the first cyber-physical control paths; and
the security module is further configured to attribute at least a portion of the first key error to one or more cyber-physical components of the first group.
29. The apparatus of claim 28, wherein the security module is further configured to:
cause the key module to generate a subsequent key adapted for communication through second cyber-physical control paths, the second cyber-physical control paths comprising a second group of cyber-physical components of the control system, the second group configured to overlap with the first group;
determine a difference between the first key error and a second key error resulting from communication of the subsequent key through the second cyber-physical control paths; and
assign at least a portion of a difference between the first key error and the second key error to a cyber-physical component included in the first group and excluded from the second group.
30. The apparatus of claim 17, wherein:
the communication module is configured to send fragments of a key through respective cyber-physical control paths, each cyber-physical control path involving a respective group of cyber-physical components of the control system;
the reconstruction module is configured to determine fragment errors resulting from communication of the fragments of the key through the respective cyber-physical control paths; and
the security module is configured to determine differences between the fragment errors and associate the determined differences to one or more cyber-physical components of the control system based on differences between the respective groups of cyber-physical components involved in communication of the fragments through the respective cyber-physical control paths.
31. A non-transitory storage medium comprising instructions configured for execution by a computing device, the instructions configured to cause the computing device to implement operations for monitoring a cyber-physical health of a control system, the operations comprising:
generating state keys comprising cyber key data corresponding to an acquired cyber state of the control system and physical key data corresponding to an acquired physical state of the control system;
communicating the state keys through cyber-physical control paths of the control system, the communicating comprising acquiring validation data corresponding to respective state keys in response to sending the respective state keys through the cyber-physical control paths of the control system;
determining error metrics for the state keys, the error metrics quantifying error between the state keys and reconstructions of the state keys, the reconstructions generated from the acquired validation data corresponding to the respective state keys; and
determining the cyber-physical health of the control system based on the determined error metrics.
32. (canceled)
33. The non-transitory storage medium of claim 31, wherein communicating a state key comprises:
parsing the state key into a plurality of fragments; and
communicating the fragments of the state key through cyber-physical control paths of the control system, each cyber-physical control path comprising a physical control coupling, wherein communicating a fragment comprises:
sending the fragment to a correlator of a physical control coupling, and
acquiring validation data corresponding to the state key from a receiver of the physical control coupling.
34. The non-transitory storage medium of claim 33, wherein the correlator comprises an actuator device operatively coupled to a physical process variable of the physical control coupling, and wherein the receiver comprises a sensor device operatively coupled to the physical process variable.
35. The non-transitory storage medium of claim 34, wherein communicating the fragment through the physical control coupling further comprises:
configuring the actuator device to communicate validation data corresponding to the fragment through a medium of the physical control coupling; and
configuring the sensor device to acquire the validation data communicated through the medium.
36. (canceled)
37. The non-transitory storage medium of claim 33, wherein determining the error metrics for the state key comprises determining a plurality of fragment errors, each fragment error quantifying error introduced during communication of a respective fragment of the state key through a respective cyber-physical control path of the control system.
38. The non-transitory storage medium of claim 37, wherein communication of the respective fragments through the respective cyber-physical control paths comprises communicating the respective fragments through respective groups of cyber-physical components of the control system, the operations further comprising:
determining differences between the fragment errors; and
attributing the determined differences to cyber-physical components of the control system based on differences between the respective groups of cyber-physical components.
39. The non-transitory storage medium of claim 31, the operations further comprising:
determining first error metrics for a first state key, the first error metrics quantifying error introduced during communication of the first state key through a first region of the control system;
determining second error metrics for a second state key, the second error metrics quantifying error introduced during communication of the second state key through a second region of the control system, the second region including first cyber-physical components included in the first region and second cyber-physical components not included in the first region; and
assigning differences between the second error metrics and the first error metrics to one or more of the first cyber-physical components and the second cyber-physical components, the assigning comprising:
associating an increase in the first error metrics relative to the second error metrics to one or more of the first cyber-physical components; and
associating a decrease in the second error metrics relative to the first error metrics to one or more of the second cyber-physical components.
40. (canceled)