Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020112849 - SYSTEMS AND METHODS FOR CONTROL SYSTEM SECURITY

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

1. A method for securing a control system, comprising:

generating a state key comprising cyber key data configured to characterize a cyber state of the control system and physical key data configured to characterize a physical state of the control system;

communicating the state key through the control system, the communicating comprising acquiring validation data corresponding to the state key transmitted through one or more control paths of the control system;

generating a reconstruction of the state key by use of the acquired validation data; and determining a cyber-physical health of the control system based on a comparison between the state key and the reconstruction of the state key.

2. The method of claim 1, further comprising communicating the state key through a control path comprising a physical component operatively coupled to a physical process controlled through the control path.

3. The method of claim 2, wherein the control path comprises a cyber path configured to communicatively couple a controller to the physical component.

4. The method of claim 1, wherein communicating the state key through the control system comprises:

splitting the state key into a plurality of fragments, each fragment comprising at least a portion of one or more of the cyber key data and the physical key data;

transmitting the fragments of the state key through control paths of the control system; and

acquiring validation data corresponding to each fragment.

5. The method of claim 4, wherein transmitting a fragment of the state key through a control path comprises:

communicating the fragment through a first cyber path of the control system;

transmitting validation data corresponding to the fragment through a physical control section of the control path; and

acquiring the validation data corresponding to the fragment through a second cyber path of the control system.

6. The method of claim 4, wherein transmitting a fragment of the state key through a control path comprises:

sending the fragment to a first physical component coupled to a physical process controlled through the control path; and

transmitting validation data corresponding to the fragment to a second physical component through the physical process.

7. The method of claim 6, wherein the first physical component comprises one or more of an actuator device and a controller.

8. The method of claim 6, wherein the second physical component comprises one or more of a sensor device and a controller.

9. The method of claim 1, wherein the cyber key data is configured to characterize a cyber state of a selected cyber-physical control element of the control system, the cyber-physical control element comprising a controller configured to implement a control function pertaining to a physical process variable by use of one or more physical devices.

10. The method of claim 9, wherein the cyber key data is configured to characterize a cyber state of a cyber node communicatively coupled to one or more of the physical devices.

11. The method of claim 9, wherein the cyber key data is configured to characterize a cyber state of a cyber path configured to communicatively couple the controller to one or more of the physical devices.

12. The method of claim 9, wherein the physical key data is configured to characterize a physical state of one or more of the physical devices.

13. The method of claim 9, wherein the physical key data is configured to characterize a physical state of one or more of the controller and the physical process variable.

14. The method of claim 1, wherein communicating the state key through the control system comprises communicating the state key through a first group comprising a plurality of cyber-physical components of the control system, the method further comprising:

calculating a first error metric quantifying differences between the state key and the reconstruction of the state key; and

attributing at least a portion of the first error metric to one or more cyber-physical components of the first group.

15. The method of claim 14, wherein attributing the error metric comprises:

configuring a subsequent state key for communication through a second group of cyber physical components of the control system that overlaps with the first group, the second group excluding one or more cyber-physical components of the first group; and

attributing at least a portion of the first metric to the one or more cyber-physical components excluded from the second group.

16. The method of claim 15, where attributing the error metric further comprises:

calculating a second error metric quantifying differences between the subsequent state key and a reconstruction of the subsequent state key; and

attributing a difference between the first error metric and the second error metric to one or more of the cyber-physical components excluded from the second group.

17. An apparatus for securing a control system, comprising:

a security agent comprising a processor, comprising:

a key module configured to generate keys, each key comprising cyber seed data configured to characterize a cyber state of the control system and physical seed data configured to characterize a physical state of the control system;

a communication module configured to send keys through control paths of the control system;

a reconstruction module configured to determine key errors resulting from

communication of the keys through the control paths; and

a security module configured to determine cyber health metrics indicating a cyber health of the control system and physical health metrics indicating a physical health of the control system based on the determined key errors.

18. The apparatus of claim 17, wherein the communication module is configured to communicate a key through a selected region of the control system, the selected region comprising cyber-physical components configured to control a physical process variable of the control system.

19. The apparatus of claim 18, further comprising a parse module configured to split the key into a plurality of fragments, wherein the communication module is configured to send the fragments through respective control paths of the selected region of the control system.

20. The apparatus of claim 19, wherein the communication module is configured to send a first fragment of the key to an actuator device coupled to the physical process variable.

21. The apparatus of claim 20, wherein the coverage module is configured to acquire validation data corresponding to the first fragment from a sensor device coupled to the physical process variable.

22. The apparatus of claim 19, wherein the communication module is further configured to acquire validation data corresponding to communication of each fragment of the key, and wherein the reconstruction module is further configured to determine a reconstruction of the key by use of the acquired validation data.

23. The apparatus of claim 22, wherein the reconstruction module is further configured to determine a key error for the key based on a comparison between the key and the determined reconstruction of the key.

24. The apparatus of claim 23, wherein the key error is configured to quantify one or more of an error, a difference, and a distance between the key and the reconstruction of the key.

25. The apparatus of claim 18, wherein the key module is configured to generate keys adapted for communication through selected regions of the control system, wherein generating a key adapted for communication through a selected region of the control system comprises the key module:

deriving cyber seed data of the key from cyber state metadata pertaining to the selected region of the control system; and

deriving physical seed data of the key from physical state metadata pertaining to the selected region of the control system.

26. The apparatus of claim 25, wherein the cyber state metadata is configured to

characterize one or more of: a state of cyber communication at one or more cyber components, a state of cyber communication at one or more cyber nodes, and state of cyber communication within a control system network.

27. The apparatus of claim 25, wherein the physical state metadata is configured to characterize a state of one or more: sensor devices, actuator devices, computational components, and physical process variables.

28. The apparatus of claim 17, wherein the communication module is configured to send a first key through first cyber-physical control paths, wherein the first cyber-physical control paths comprising a first group of cyber-physical components of the control system, the reconstruction module is configured to determine a first key error resulting from

communication of the first key through the first cyber-physical control paths, and wherein the security module is further configured to attribute at least a portion of the first key error to one or more cyber-physical components of the first group.

29. The apparatus of claim 28, wherein the security module is further configured to:

cause the key module to generate a subsequent key adapted for communication

through second cyber-physical control paths, the second cyber-physical control paths comprising a second group of cyber-physical components of the control system, the second group configured to overlap with the first group;

determine a difference between the first key error and a second key error resulting from communication of the second key through the second cyber-physical control paths; and assign at least a portion of a difference between the first key error and the second key error to a cyber-physical component included in the first group and excluded from the second group.

30. The apparatus of claim 17, wherein the communication module is configured to send fragments of a key through respective cyber-physical control paths, each cyber-physical control path involving a respective group of cyber-physical components of the control system, wherein the reconstruction module is configured to determine fragment errors resulting from communication of the fragments of the key through the respective cyber physical control paths, and wherein the security module is configured to determine differences between the fragment errors and associate the determined differences to one or more cyber-physical components of the control system based on differences between the respective groups of cyber-physical components involved in communication of the fragments through the respective cyber-physical control paths.

31. A non-transitory storage medium comprising instructions configured for execution by a computing device, the instructions configured to cause the computing device to implement operations for monitoring a cyber-physical health of a control system, the operations comprising:

generating state keys comprising cyber key data corresponding to an acquired cyber state of the control system and physical key data corresponding to an acquired physical state of the control system;

communicating the state keys through cyber-physical control paths of the control system, the communicating comprising acquiring validation data corresponding to respective state keys in response to sending the respective state keys through the cyber physical control paths of the control system;

determining error metrics for the state keys, the error metrics quantifying error between the state keys and reconstructions of the state keys, the reconstructions generated from the acquired validation data corresponding to the respective state keys; and

determining the cyber-physical health of the control system based on the determined error metrics.

32. The non-transitory storage medium of claim 31, wherein communicating a state key through cyber-physical control paths of the control system comprises:

sending the state key to one or more actuator devices; and

acquiring validation data corresponding to the state key from one or more sensor devices.

33. The non-transitory storage medium of claim 31, wherein communicating a state key comprises:

parsing the state key into a plurality of fragments; and

communicating the fragments of the state key through cyber-physical control paths of the control system, each cyber-physical control path comprising a physical control coupling, wherein communicating a fragment comprises:

sending the fragment to a correlator of a physical control coupling, and

acquiring validation data corresponding to the state key from a receiver of the physical control coupling.

34. The non-transitory storage medium of claim 33, wherein the correlator comprises an actuator device operatively coupled to a physical process variable of the physical control coupling, and wherein the receiver comprises a sensor device operatively coupled to the physical process variable.

35. The non-transitory storage medium of claim 34, wherein communicating the fragment through the physical control coupling further comprises:

36. configuring the actuator device to communicate validation data corresponding to the fragment through a medium of the physical control coupling; and

37. configuring the sensor device to acquire the validation data communicated through the medium.

38. The non-transitory storage medium of claim 33, wherein communicating the fragment further comprises:

sending the fragment to the correlator through a first cyber path; and

receiving the validation data corresponding to the fragment from the receiver though a second cyber path.

39. The non-transitory storage medium of claim 33, wherein determining the error metrics for the state key comprises determining a plurality of fragment errors, each fragment error quantifying error introduced during communication of a respective fragment of the state key through a respective cyber-physical control path of the control system.

40. The non-transitory storage medium of claim 37, wherein communication of the respective fragments through the respective cyber-physical control paths comprises communicating the respective fragments through respective groups of cyber-physical components of the control system, the operations further comprising:

determining differences between the fragment errors; and

attributing the determined differences to cyber-physical components of the control system based on differences between the respective groups of cyber-physical components.

41. The non-transitory storage medium of claim 31, the operations further comprising: determining first error metrics for a first state key, the first error metrics quantifying error introduced during communication of the first state key through a first region of the control system;

determining second error metrics for a second state key, the second error metrics quantifying error introduced during communication of the second state key through a second region of the control system, the second region including first cyber-physical components included in the first region and second cyber-physical components not included in the first region; and

assigning differences between the second error metrics and the first error metrics to one or more of the first cyber-physical components and the second cyber-physical components.

42. The non-transitory storage medium of claim 31, the operations further comprising: configuring the second state key to overlap with the first state key in response to determining that the first error metrics exceed one or more error thresholds, wherein the assigning comprises one or more of:

assigning an increase in the first error metrics relative to the second error metrics to one or more of the first cyber-physical components; and

assigning a decrease in the second error metrics relative to the first error metrics to one or more of the second cyber-physical components.