Backplane filtering and firewalls
| DWPI Title: Control system for providing active mitigation of cyber-attacks, has hardware logic component that executes model of control logic of processing module responsive to determining that signal comprises impermissible communication |
| Abstract: Described herein are various technologies for providing active mitigation of cyber-attacks against industrial and other control systems. A filtering device is connected to a backplane of a control system and receives communications from various modules of the control system. The filter device analyzes the received communications and determines whether they are genuine and permissible communications for the control system. Validated signals are output to a communications bus of the control system by the filter device, while impermissible communications are blocked. The filter device can be interposed between the modules of the control system and the backplane, or the filter device can be included as a component of a control system backplane. |
| Use: Control system for providing active mitigation of cyber-attacks using machine learning. |
| Advantage: The diverse redundancy provided by the logic device can prevent a single simultaneous attack from subverting the entirety of the control system. The filter can authenticate new addresses and distinguish between communication to new authorized modules and communication to unauthorized modules. By filtering potentially harmful communication on a control system bus, the logic device can take corrective action such as isolating a compromised I/O module from the communication bus. |
| Novelty: The control system (100) has a processing module, multiple input/output (I/O) modules (104,106) and a backplane communication bus (110). A hardware logic component is interposed between the backplane communication bus and the processing module. The hardware logic component determines that the signal comprises an impermissible communication for the control system responsive to receiving a signal from the processing module that is directed to the IO modules. The hardware logic component executes a model of control logic of the processing module of the control system such that the hardware logic component performs the functionality of the processing module of the control system responsive to determining that the signal comprises an impermissible communication for the control system at the hardware logic component. |
| Filed: 11/29/2016 |
| Application Number: US15364011A |
| Tech ID: SD 13549.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |