Connected security system
US-2017171235-A1 · Jun 15, 2017 · US
Context-aware security self-assessment
US10990684B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10990684-B2 |
| Application number | US-201816134342-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 18, 2018 |
| Priority date | Mar 18, 2016 |
| Publication date | Apr 27, 2021 |
| Grant date | Apr 27, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention generally relates to a context-aware security self-assessment method or module that determines the context in which the device is used and based on this, assesses the devices security settings. The context may refer to the system environment, the applications the device is used for, and/or the current life-cycle stage of the device, without being limited to said contexts. The method of the present invention preferably prioritizes and rates the security relevant findings and presents them in combination with mitigation options through a web interface, a configuration tool, or through notifications in the control system.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for context-aware security self-assessment of an industrial device coupled to a network, the method comprising: self-assessing, by the industrial device, a current context of the industrial device based on a predefined rule set; self-assessing, by the industrial device, presently used security settings for the industrial device based on the assessed current context of the industrial device and on a predefined and customizable set of security assessment checks for the current context; and providing one or more suggested actions to a user/operator, based on both the assessed security settings and the assessed current context, to adapt the presently used security settings of the industrial device, while coupled to the network, to suggested security settings. 2. The method according to claim 1 , wherein the industrial device is embedded in an industrial control system. 3. The method according to claim 2 , wherein the assessed current context of the industrial device is a temporarily taken out of service state, a testing mode, an operation mode, a maintenance mode, an emergency-shutdown mode, an end-of-life mode, decommissioned state or a not yet commissioned state. 4. The method according to claim 2 , wherein the rule set checks for an industrial device environment, applications the industrial device is used for, a current life-cycle stage of the industrial device and/or a usage of certain security relevant features for a certain period of time. 5. The method according to claim 2 , wherein the rule set comprises potential security requirements and an indication as to which contexts it affects. 6. The method according to claim 2 , wherein the presently used and suggested security settings are vendor defined or definable by the user/operator. 7. The method according to claim 1 , wherein the assessed current context of the industrial device is a temporarily taken out of service state, a testing mode, an operation mode, a maintenance mode, an emergency-shutdown mode, an end-of-life mode, decommissioned state or a not yet commissioned state. 8. The method according to claim 7 , wherein the rule set checks for an industrial device environment, applications the industrial device is used for, a current life-cycle stage of the industrial device and/or a usage of certain security relevant features for a certain period of time. 9. The method according to claim 7 , wherein the rule set comprises potential security requirements and an indication as to which contexts it affects. 10. The method according to claim 7 , wherein the presently used and suggested security settings are vendor defined or definable by the user/operator. 11. The method according to claim 1 , wherein the rule set checks for an industrial device environment, applications the industrial device is used for, a current life-cycle stage of the industrial device and/or a usage of certain security relevant features for a certain period of time. 12. The method according to claim 11 , wherein the rule set is preferably defined by a vendor of the industrial device or changeable by the user/operator. 13. The method according to claim 11 , wherein the rule set comprises potential security requirements and an indication as to which contexts it affects. 14. The method according to claim 1 , wherein the rule set comprises potential security requirements and an indication as to which contexts it affects. 15. The method according to claim 1 , wherein the presently used and suggested security settings are vendor defined or definable by the user/operator. 16. The method according to claim 1 , wherein the presently used and suggested security settings check for Telnet, FTP, SSH, OPC Server, Local user Accounts, Password Policy, Internet Connectivity, Reverse Internet Connectivity. 17. The method according to claim 1 , further comprising: compiling and displaying to the user/operator the provided one or more suggested actions, at least one of the displayed one or more suggested actions being user/operator-selectable, thereby allowing the user/operator to select which of the one or more suggested actions to execute. 18. The method according to claim 1 , wherein the provided one or more suggested actions are executed automatically. 19. The method according to claim 1 , wherein the industrial device is embedded in an Industrial Automation and Control System (IACS). 20. An industrial device configured to be coupled to a network, the industrial device comprising: a non-transitory computer-readable medium comprising instructions; and one or more processors in communication with the non-transitory computer-readable medium, wherein the one or more processors execute the instructions to: self-assess a current context of the industrial device it presently operates, based on a predefined rule set; self-assess presently used security settings for the industrial device based on the assessed current context of the industrial device and on a predefined and customizable set of security assessment checks for the current context; and provide one or more suggested actions to a user/operator, based on both the assessed security settings and the assessed current context, to adapt the presently used security settings of the industrial device, while coupled to the network, to suggested security settings. 21. A non-transitory computer readable medium comprising: a set of instructions for context-aware security self-assessment of an industrial device coupled to a network when executed by a processor of the industrial device are effective to: self-assess a current context of the industrial device it presently operates, based on a predefined rule set; self-assess presently used security settings for the industrial device based on the assessed current context of the industrial device and on a predefined and customizable set of security assessment checks for the current context; and provide one or more suggested actions to a user/operator, based on both the assessed security settings and the assessed current context, to adapt the presently used security settings of the industrial device, while coupled to the network, to suggested security settings.
Assignees
Inventors
Classifications
by securing the transmission between two devices or processes · CPC title
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
Auditing as a secondary aspect · CPC title
Vulnerability analysis · CPC title
electric · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10990684B2 cover?
- The present invention generally relates to a context-aware security self-assessment method or module that determines the context in which the device is used and based on this, assesses the devices security settings. The context may refer to the system environment, the applications the device is used for, and/or the current life-cycle stage of the device, without being limited to said contexts. …
- Who is the assignee on this patent?
- Abb Power Grids Switzerland Ag
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 27 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).