| Abstract: | The various technologies presented herein relate to the determination of
unexpected and/or malicious activity occurring between components
communicatively coupled across a backplane. Control data, etc., can be
intercepted at a backplane where the backplane facilitates communication
between a controller and at least one device in an automation process.
During interception of the control data, etc., a copy of the control data
can be made, e.g., the original control data can be replicated to
generate a copy of the original control data. The original control data
can continue on to its destination, while the control data copy can be
forwarded to an analyzer system to determine whether the control data
contains a data anomaly. The content of the copy of the control data can
be compared with a previously captured baseline data content, where the
baseline data can be captured for a same operational state as the
subsequently captured control data. |