US2017270295A1PendingUtilityA1

Cyber security for physical systems

Assignee: MISSION SECURE INCPriority: Jun 17, 2015Filed: Jun 2, 2017Published: Sep 21, 2017
Est. expiryJun 17, 2035(~8.9 yrs left)· nominal 20-yr term from priority
G06F 21/554G06F 2221/034G06F 21/552
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A cyber security system and method that includes one or more devices configured to determine a cyber security threat or breach event based on analysis of operational information of a protected system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A cyber security system comprising:
 at least one local security device configured to monitor operational information of an associated protected system,   wherein said at least one local security device is configured to determine an occurrence of a security condition present at one or more of said protected systems based on analysis of said at monitored operational information,   wherein said at least one local security device is configured to output an indication of said security condition via a user interface, and to calculate and indicate one or more response options via said user interface, and   wherein said at least one local security device is configured to issue device commands to said associated protected system to restore a desired operating state of said protected system.   
     
     
         2 . The cyber security system of  claim 1 , further comprising:
 at least one control device operatively coupled with one of more of said plurality of local security devices via a network, and configured to receive said monitored operational information from each of said at least one local security device,   
     
     
         3 . The cyber security system of  claim 2 , further comprising at least one global device operatively coupled with a plurality of said control devices. 
     
     
         4 . The cyber security system of  claim 2 ,
 wherein each said at least one local security device and each said at least one control device are configured to communicate securely using encryption,   wherein each said at least one local security device is configured to auto register with at least one of said control devices, and   wherein said at least one control device is configured to authenticate said local security device.   
     
     
         5 . The cyber security system of  claim 2 ,
 wherein said at least one control device is further configured to output one or more commands associated with one of more said response options to one or more said local security devices.   
     
     
         6 . The cyber security system of  claim 5 , wherein at least one said local security device is co-located with its associated protected system. 
     
     
         7 . The cyber security system of  claim 2 , wherein said user interface includes a console configuration tool. 
     
     
         8 . The cyber security system of  claim 2 , wherein said at least one control device is configured to determine said security condition using said monitored operational information and external data. 
     
     
         9 . The cyber security system of  claim 8 , wherein said operational information is received from two or more of said local security devices. 
     
     
         10 . A cyber security system comprising:
 at least one control device configured to monitor operational information of an associated protected system,   wherein said at least one control device is configured to determine an occurrence of a security condition present at one or more of said protected systems based on analysis of said at monitored operational information,   wherein said at least one control device is configured to issue device commands to said associated protected system to restore a desired operating state of said protected system, and   wherein said at least one control device is configured to output an indication of said security condition via a user interface, and to calculate and indicate one or more response options via said user interface.   
     
     
         11 . The cyber security system of  claim 10 , further comprising:
 at least one local security device operatively coupled with one of more of said at least one control device via a network,   wherein said at least one control device is configured to transmit said monitored operational information to said at least one local security device.   
     
     
         12 . The cyber security system of  claim 11 , further comprising at least one global device operatively coupled with a plurality of said control devices. 
     
     
         13 . The cyber security system of  claim 11 ,
 wherein each said at least one local security device and each said at least one control device are configured to communicate securely using encryption,   wherein each said at least one local security device is configured to auto register with at least one of said control devices via, and   wherein said at least one control device is configured to authenticate said local security device.   
     
     
         14 . The cyber security system of  claim 11 ,
 wherein said at least one control device is further configured to output one or more commands associated with one of more said response options to one or more said local security devices, and   wherein, upon receiving said one or more commands, said local security device is configured to issue device commands to said associated protected system to restore a desired operating state of said protected system.   
     
     
         15 . The cyber security system of  claim 14 , wherein at least one said local security device is co-located with its associated protected system. 
     
     
         16 . The cyber security system of  claim 11 , wherein said user interface includes a console configuration tool. 
     
     
         17 . The cyber security system of  claim 10 , wherein said at least one control device is configured to determine said security condition using said monitored operational information and external data. 
     
     
         18 . The cyber security system of  claim 17 , wherein said operational information is received from two or more of said local security devices. 
     
     
         19 . A cyber security method comprising:
 monitoring a protected system by identifying data to be collected and assessing relevant operational information or measurements of said protected system;   detecting a potential cyber attack by performing security analysis to determine a cyber security threat or breach event comprising an unwanted condition or state of said protected system based on said monitored operational information or measurements;   informing by outputting electronic information associated with said cyber security threat or breach event; and   correcting said cyber security threat or breach event by outputting one or more commands to said protected system suitable to cause said protected system to cease operating in said unwanted condition or state.   
     
     
         20 . The cyber security method of  claim 19 , further comprising:
 storing information related to said cyber security threat or breach event for forensic analysis.   
     
     
         21 . The cyber security method of  claim 19 , wherein the detecting comprises determining said a cyber security threat or breach event by comparing said monitored operational information or measurements to known system behaviors. 
     
     
         22 . The cyber security method of  claim 19 , wherein the detecting comprises determining said a cyber security threat or breach event using verifiable voting among a plurality of results of said security analysis. 
     
     
         23 . The cyber security method of  claim 19 , wherein the detecting comprises determining said a cyber security threat or breach event by performing security analysis of security design patterns detected among multiple said local security devices. 
     
     
         24 . The cyber security method of  claim 19 , wherein said method is performed by at least one local security device. 
     
     
         25 . The cyber security method of  claim 19 , wherein said method is performed by at least one control device. 
     
     
         26 . The cyber security method of  claim 19 , wherein the informing comprises outputting human and system actions to be taken in response to the cyber security threat or breach event. 
     
     
         27 . The cyber security method of  claim 19 , wherein one or more of the monitoring, detecting, informing, and correcting is performed in real-time. 
     
     
         28 . A non-transitory computer readable medium having stored thereon software instructions that, when executed by a processor, cause the processor to perform cyber security operations comprising:
 monitoring a protected system, using at least one local security device, by identifying data to be collected and assessing relevant operational information or measurements of said protected system;   detecting a potential cyber attack by performing security analysis to determine a cyber security threat or breach event comprising an unwanted condition or state of said protected system based on said monitored operational information or measurements;   informing, by a control device operably coupled to said at least one local security device, by outputting electronic information associated with said cyber security threat or breach event; and   correcting said cyber security threat or breach event by transmitting, by said control device, an electronic message to said at least one local security device to cause said at least one local security device to output one or more commands to said protected system suitable to cause said protected system to cease operating in said unwanted condition or state.   
     
     
         29 . The non-transitory computer readable medium of  claim 28 , further comprising:
 storing information related to said cyber security threat or breach event for forensic analysis.

Join the waitlist — get patent alerts

Track US2017270295A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.