Systems and methods for blocking, detecting and responding to cyber attacks in physically controlled distributed systems
| DWPI Title: Security orchestration, automation, and response system for blocking, detecting and responding to cyber attacks in physically controlled distributed systems e.g. chemical plants, has distributed intrusion detection system connected with PCDS for collecting cyber-physical data generated by PCDS |
| Abstract: Systems and methods that provide Security Orchestration, Automation, and Response (SOAR) technologies that equip cyber-defenders with new capabilities to autonomously respond to network and host-based system alerts, threat hunting results, and cyber intelligence data streams. Systems and methods provide a novel SOAR approach for networked systems where such networked systems include PCDS systems such as DERs. System may ingest data from multiple Intrusion Detection Systems (IDSs) to quickly block attacks and revert PCDS systems to known good states via a collection of IDS technologies including Bump-in-the-Wire (BITW) devices which incorporate physical and cyber data to detect abnormal and potential malicious behaviors. |
| Use: Security orchestration, automation, and response (SOAR) system for blocking, detecting and responding to cyber attacks in physically controlled distributed systems. Uses include but are not limited to chemical plants, oil pipelines, electrical energy grids, manufacturing and processing plant. |
| Advantage: The method enables providing SOAR technologies that equip cyber-defenders with new capabilities to autonomously respond to network and host-based system alerts, threat hunting results, and cyber intelligence data streams, thus providing better intrusion detection and mitigation systems to protect physically controlled distributed systems (PCDS). The method enables ingesting data from multiple intrusion detection systems (IDSs) to quickly block attacks and revert PCDS systems to known good states. |
| Novelty: The system has multiple distributed intrusion detection systems (IDSs) (20A-20C) connected with the physically controlled distributed system (PCDS) (10A) for collecting cyber-physical data directed to or generated by the PCDS, where combination of one of distributed IDS and a SOAR system analyze the collected cyber-physical data and employ one of playbooks to detect one of a signature-based attack, a behavior-based attack, and a physical configuration attack on one of the PCDS based on the analyzed collected cyber-physical data. |
| Filed: 2/27/2024 |
| Application Number: US18588646A |
| Tech ID: SD 16260.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |