Bi-directional data security for control systems

What is claimed is: 1. A cyber-security device for providing secure communication of data in a system including a control device, wherein the system is operable in one or more system states, the cyber-security device comprising: a first communication interface configured for accepting incoming messages destined for the control device; a second communication interface configured for accepting outgoing messages from the control device; a memory configured to store current system state information and a rule-set comprising rules for qualifying and validating the incoming and the outgoing messages, wherein the rule-set includes a system state-dependent rule; a processor operatively coupled to the memory and to the first communication interface and the second communication interface, and configured to qualify and validate the incoming messages and the outgoing messages on a byte-by-byte basis; wherein the processor is operable in an operational mode to: accept messages received from one of the first communication interface and the second communication interface; retrieve the rule-set from the memory; qualify the received messages, including any received messages containing received system state information, on a byte-by-byte basis, based on compliance with the rule-set; for any received message that has been qualified, validate the qualified received message, on a byte-by-byte basis, in accordance with the rule-set, wherein the qualified received message is validated by compliance with the system state-dependent rule in the rule-set based on the current system state information; transmit the received messages to the other of the first communication interface and the second communication interface only if the received message is validated in compliance with the rule-set; and update the current system state information based on the system state information in any validated message that includes received system state information. 2. The cyber-security device of claim 1 , wherein the processor is operable in a programming mode in which the processor is operable to replace the rule-set in the memory with a new rule-set, and to cycle back to the operational mode after the new rule set is loaded from the memory. 3. The cyber-security device of claim 1 , wherein the processor is further operable to block the received message when the received message cannot be validated. 4. The cyber-security device of claim 1 , wherein, when the received message cannot be validated, the processor is further operable to replace data in the received message that are not in compliance with the rule-set with data known to be in compliance with the rule-set, whereby the received message with the data known to be compliant with the rule-set is deemed validated. 5. The cyber-security device of claim 4 , wherein the data known to be in compliance with the rule-set are selected from one or more of data with default values, and data with last-known compliant values. 6. The cyber-security device of claim 5 , wherein the data with last-known compliant values are determined from at least one previously-validated message. 7. The cyber-security device of claim 5 , wherein the data with the last known compliant values are determined from an external data source. 8. The cyber-security device of claim 1 , wherein the received system state information comes from at least one of the control device, an external system, and a secondary control device. 9. The cyber-security device of claim 1 , wherein the processor is further operable in a learning mode in which the processor is operable to build or update rule-sets based on contents of received messages. 10. The cyber-security device of claim 1 , wherein the processor is further operable for cross-domain processing of received messages across two or more security domain classifications. 11. A method of providing secure communication of messages to and from a control device in a system operable in any of several system states, wherein a current system state of the system is indicated by a current system state indication, the method comprising: accepting incoming messages, bound for the control device, at a first communication interface that is in data communication with a processor operable to process messages with a rule-set that includes rules for qualifying the accepted incoming messages for message size and message type, and for validating message contents in the qualified incoming messages; processing each accepted incoming message bound for the control device by operating the processor to implement the rule-set so as to qualify and validate, on a byte-by-byte basis, each accepted incoming message bound for the control device in accordance with the rule-set for message type, message size, message contents, and for compliance with a system state-dependent rule in the rule-set, based on the current system state indication; sending only the incoming messages that are qualified and validated based on the rule-set to a second communication interface that is in data communication with the processor for transmission to the control device; accepting outgoing messages from the control device at the second communication interface; processing each accepted outgoing message from the control device by operating the processor to implement the rule-set so as to qualify and validate, on a byte-by-byte basis, each accepted outgoing message from the control device in accordance with the rule-set for message type, message size, message contents, and, for compliance with a system state-dependent rule in the rule-set, based on the current system state indication; sending only the outgoing messages that are qualified and validated based on the rule-set to the first communication interface; and updating the current system state indication based on any system state information included in any validated message. 12. The method of claim 11 , further comprising blocking incoming messages and outgoing messages that cannot be qualified and validated in accordance with the rule-set. 13. The method of claim 11 , further comprising sanitizing incoming messages and outgoing messages that cannot be qualified and validated in accordance with the programmable rule-set by replacing data that are non-compliant with the rule-set with data known to be compliant with the rule-set. 14. The method of claim 11 , wherein the rule-set is a first rule-set, the method further comprising: putting the processor into a programming mode in response to a mode-selection signal; receiving a second rule-set while the processor is in the programming mode; replacing the first rule-set with the second rule-set; exiting the programming mode; and processing future incoming messages and outgoing messages based on the second rule-set by operating the processor to implement the second rule-set so as to qualify and validate, on a byte-by-byte basis, each accepted incoming message and outgoing message in accordance with the second rule-set. 15. The method of claim 13 , wherein the data known to be compliant with the rule-set are selected from one or more of data with default values, and data with last-known compliant values. 16. The method of claim 15 , wherein the data with last-known compliant values are determined from at least one previously-validated message. 17. The method of claim 11 , wherein the validation provided by the rule-set is dependent on the current system state indication. 18. A non-transitory computer-readable medium for use in a system operable in any of several system states,