Secure industrial control system
US-2018089416-A1 · Mar 29, 2018 · US
Dynamic quantification of cyber-security risks in a control system
US10162969B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10162969-B2 |
| Application number | US-201414482888-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 10, 2014 |
| Priority date | Sep 10, 2014 |
| Publication date | Dec 25, 2018 |
| Grant date | Dec 25, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for analyzing cyber-security risk inter-dependencies in a control system having networked devices. The system includes a central server that has a processor and a memory device in communication with the processor. The memory device stores inter-device dependencies and quantified individual risks for each of the networked devices. The memory device also stores a dynamic quantification of risk (DQR) program. The central server is programmed to implement the DQR program. Responsive to observed cyber behavior, the central server changes one or more of the quantified individual risks to generate at least one modified quantified individual risk. The inter-device dependencies for a first of the networked devices and the quantified individual risk for at least one other of the networked devices reflecting the modified quantified individual risk are used to dynamically modify the quantified individual risk for the first device to generate an inter-device modified quantified individual risk.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of quantifying cyber-security risks in a control system including a plurality of networked devices in a network, comprising: providing a processor and a memory device storing inter-device dependencies based on an interconnectivity between said plurality of network devices, wherein said control system is an industrial control system and said plurality of networked devices include controllers and field devices, a database that includes quantified individual cyber risks (individual risks) for each of said plurality of networked devices, and a dynamic quantification of risk (DQR) algorithm, said processor running said DQR algorithm and implementing: receiving observed cyber behavior comprising cyber-security risk items for said plurality of networked devices during operation of said network; responsive to said observed cyber behavior, updating said database by modifying at least one of said individual risks to provide a modified individual risk, and generating, dynamically, a total cyber risk for said first device using said inter-device dependencies for a first of said plurality of networked devices (first device) and said modified individual risk, the step of dynamically generating the total cyber risk for said first device comprises: retrieving a prevalence value database that stores prevalence values which indicate both a number of said plurality of networked devices where each of said cyber-security risk items is observed, as well as a frequency of said cyber-security risk items from said memory device; determining a prevalence value for said individual risks based on said prevalence value database; calculating a prevalence risk modifier for said individual risks based on said prevalence value; generating said modified individual risk based on said prevalence risk modifier and one of said individual risks; and displaying said modified individual risk on a user interface. 2. The method of claim 1 , further comprising: incrementing a first risk counter when a new risk occurrence of one of said cyber-security risk items is observed. 3. The method of claim 2 , wherein a first prevalence value for said new risk occurrence is calculated based at least partially on said first risk counter. 4. The method of claim 1 , further comprising: processing data in said database using a rules engine and said total cyber risk for said plurality of networked devices; aggregating data including ranking said total cyber risks across said plurality of networked devices and arranging said plurality of networked devices into a plurality of zones based on cyber dependencies of said plurality of networked devices; and displaying a depiction of a selected one of said plurality of zones on a user interface. 5. A cyber-security risk analysis system for analyzing cyber-security risks in a control system including a plurality of networked devices, comprising: a central server having a processor and a memory device in communication with said processor, said memory device storing inter-device dependencies based on an interconnectivity between said plurality of networked devices, wherein said control system is an industrial control system and said plurality of networked devices include controllers and field devices, a database that includes quantified individual cyber risks (individual risks) for each of said plurality of networked devices, and a dynamic quantification of risk (DQR) program, said central server programmed to implement said DQR program, wherein said central server: receives observed cyber behavior comprising cyber-security risk items for said plurality of networked devices during operation of said network; responsive to said observed cyber behavior, updating said database by modifying at least one of said individual risks to provide a modified individual risk, and generates, dynamically, a total cyber risk for said first device using said inter-device dependencies for a first of said plurality of networked devices (first device) and said modified individual risk, the step of dynamically generating the total cyber risk for said first device comprises: retrieve a prevalence value database that stores prevalence values which indicate both a number of said plurality of networked devices where each of said cyber-security risk items is observed, as well as a frequency of said cyber-security risk items from said memory device; determine a prevalence value for said individual risks based on said prevalence value database; calculate a prevalence risk modifier for said individual risks based on said prevalence value; generate said modified individual risk based on said prevalence risk modifier and one of said individual risks; and displaying said modified individual risk on a user interface. 6. The system of claim 5 , wherein said DQR program further causes said central server to: increment a first risk counter when a new risk occurrence of one of said cyber-security risk items is observed. 7. The system of claim 6 , wherein a first prevalence value for said new risk occurrence is calculated based at least partially on said first risk counter. 8. The system of claim 5 , wherein said central server further: processes data in said database using a rules engine and said total cyber risks for said plurality of networked devices; aggregates data including ranking said total cyber risks across said plurality of networked devices and arranging said plurality of networked devices into a plurality of zones based on cyber dependencies of said plurality of networked devices; and displays a depiction of a selected one of said plurality of zones on a user interface. 9. A computer program product, comprising: a memory device having a non-transitory data storage medium that includes program instructions executable by a processor to enable said processor to execute a method for analyzing cyber-security risks in a control system including a plurality of networked devices, wherein said control system is an industrial control system and said plurality of networked devices include controllers and field devices, said non-transitory data storage medium storing inter-device dependencies based on an interconnectivity between said plurality of networked devices, a database that includes quantified individual cyber risks (individual risks) for each of said plurality of networked devices, and a dynamic quantification of risk (DQR) algorithm, said computer program product comprising: code for receiving observed cyber behavior comprising cyber-security risk items for said plurality of networked devices during operation of said network; responsive to said observed cyber behavior, code for updating said database by modifying at least one of said individual risks to provide a modified individual risk, and generating, dynamically, a total cyber risk for said first device using said inter-device dependencies for a first of said plurality of networked devices (first device) and said modified individual risk, the step of code for dynamically generating total cyber risk for said first device comprises: code for retrieving a prevalence value database that stores prevalence values which indicate both a number of said plurality of networked devices where each of said cyber-security risk items is observed, as well as a frequency of said cyber-security risk items from said memory device; code for determining a prevalence value for said individual risks based on said prevalence value database; code for calculating a prevalence risk modifier for said quantified individual risks based on said prevalence value; and code for generating said at least one modified individual risk based on said prevalence risk modifier and one of said ind
Assignees
Inventors
Classifications
Third party · CPC title
Vulnerability analysis · CPC title
Test or assess a computer or a system · CPC title
involving long-term monitoring or reporting · CPC title
Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10162969B2 cover?
- A system and method for analyzing cyber-security risk inter-dependencies in a control system having networked devices. The system includes a central server that has a processor and a memory device in communication with the processor. The memory device stores inter-device dependencies and quantified individual risks for each of the networked devices. The memory device also stores a dynamic quant…
- Who is the assignee on this patent?
- Honeywell Int Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 25 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).