Patent Grant
10819742
The disclosure relates to an integrated industrial system and a control method thereof.
Priority is claimed on Japanese Patent Application No. 2015-244221, filed Dec. 15, 2015, the contents of which are incorporated herein by reference.
In a plant and a factory (hereinafter, called simply “plant” as a generic name of them), an integrated industrial system is established, and an advanced automatic operation is implemented. In order to secure safety and perform advanced control, the integrated industrial system includes a control system such as a distributed control system (DCS) and a safety system such as a safety instrumented system (SIS). The distributed control system is a process control system which controls industrial process implemented in the plant.
In the distributed control system, field devices (for example, a measurement device and an actuation device) and a controller which controls these field devices are connected to each other through communication means. The controller collects measurement data measured by a field device, and operates (controls) a field device in accordance with the collected measurement data. Thereby, the distributed control system controls various kinds of state quantity in the industrial process. In an emergency, the safety instrumented system certainly shuts down the plant in a safe state. Thereby, the safety instrumented system prevents a physical injury and an environmental pollution, and protects expensive facilities. When an abnormal circumstance occurs in the plant, the safety instrumented system plays a role of “stronghold for securing safety”.
There is a possibility that the integrated industrial system receives cyber-attacks from outside. For this reason, in the integrated industrial system, countermeasures (security countermeasures) for a case that each of the distributed control system and the safety instrumented system receives cyber-attacks, or for a case that the whole integrated industrial system receives cyber-attacks, are prepared. For example, a firewall for preventing intrusion from outside to the integrated industrial system is prepared, or antivirus software (software which detects virus infection and removes virus) is installed in a computer. The controller which is a core of the distributed control system and the safety instrumented system has a high resistance against cyber-attacks by using an original operating system.
The integrated industrial system is sectioned into two or more zones, and the security countermeasures are basically applied to each zone. For example, an integrated industrial system established in conformity with hierarchical structures specified by International Standard ISA-95 (IEC/ISO 62264) is sectioned into two or more zones on the basis of hierarchy. The security countermeasures are applied to each hierarchy. For example, a conventional technology for maintaining security of a control network is disclosed in Japanese Unexamined Patent Application Publication No. 2000-267957 and Japanese Unexamined Patent Application Publication No. 2010-081610. A conventional technology for displaying a tree view in accordance with hierarchical structure of International Standard ISA-95 is disclosed in Japanese Unexamined Patent Application Publication No. 2013-161432.
By the way, as described above, since the security countermeasures against cyber-attacks from the outside are basically applied to each zone, the security countermeasures are individually performed in each zone when cyber-attacks are performed. For this reason, in the conventional integrated industrial system, if the security countermeasures of each zone are not enough with respect to cyber-attacks, the cyber-attacks reach the zone where the safety instrumented system belongs. For this reason, there is a problem that final defense countermeasures depend on security countermeasures applied to the zone where the safety instrumented system belongs.
The safety instrumented system does not usually communicate with a host system, but the safety instrumented system communicates with the distributed control system. On the other hand, the distributed control system is supposed to communicate with the host system. As a result, since the safety instrumented system is connected to the host system, there is a problem that cyber-attacks may reach the zone where the safety instrumented system belongs.
As described above, if the security countermeasures of each zone are not enough with respect to cyber-attacks, cyber-attacks reach the zone where the safety instrumented system belongs. For this reason, a control right of the safety instrumented system (or an engineering station which creates program to be used by the safety instrumented system) may be deprived. If such a situation occurs and programs of the controller which is a core of the safety instrumented system are rewritten, a role of “stronghold for securing safety” is lost. Therefore, it is necessary not to raise the above-described situation.
An integrated industrial system may include a safety instrumented system which is installed in a first zone, a host system which is connected to the safety instrumented system through a network, the host system being installed in a second zone which is different from the first zone, a detector which is installed in each of the first zone and the second zone, the detector being configured to detect a cyber-attack from outside to a self-zone, and a defender configured to perform a countermeasure of restricting a communication between the first zone and the second zone or of restricting a communication in the first zone or the second zone, based on a detection result of the detector.
Further features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments with reference to the attached drawings.
The embodiments of the present invention will be now described herein with reference to illustrative preferred embodiments. Those skilled in the art will recognize that many alternative preferred embodiments can be accomplished using the teaching of the present invention and that the present invention is not limited to the preferred embodiments illustrated herein for explanatory purposes.
An aspect of the present invention is to provide an integrated industrial system and a control method thereof which can defend against cyber-attacks to a safety instrumented system beforehand, and can secure a normality of the safety instrumented system.
Hereinafter, an integrated industrial system and a control method thereof of embodiments will be described in detail, with reference to drawings.
The integrated industrial system 1 is established in conformity with hierarchical structures specified by International Standard ISA-95 (IEC/ISO 62264). Specifically, in the integrated industrial system 1, the distributed control system 20 and the safety instrumented system 30 belong to a hierarchy of level 2, the manufacturing system 40 belongs to a hierarchy of level 3, and the managing system 50 belongs to a hierarchy of level 4. The distributed control system 20, the safety instrumented system 30, the manufacturing system 40, the managing system 50, the detecting device 60, and the defense device 70 are connected to each other through a network configured by network devices NE1 to NE6.
The integrated industrial system 1 is sectioned into two or more zones on the basis of hierarchy in order to prepare security countermeasures. Specifically, in the integrated industrial system 1, the distributed control system 20 and the safety instrumented system 30 are installed in a zone Z1, the manufacturing system 40 is installed in a zone Z2, and the managing system 50 is installed in a zone Z3.
The plant includes an industrial plant such as a chemical industrial plant, a plant managing and controlling a wellhead (for example, a gas field and an oil field), a plant managing and controlling a generation of electric power (for example, hydro power, thermal power, and nuclear power), a plant managing and controlling a power harvesting (for example, solar power and wind power), a plant managing and controlling water supply and sewerage systems, a dam, and so on.
The field device 10 is installed at a field of the plant, and the field device performs measurement and actuation required for control of industrial process under control of the distributed control system 20. Specifically, the field device 10 is such as a sensor device (for example, a pressure meter, a flowmeter, a temperature sensor, a gas sensor, and a vibration sensor), a valve device (for example, a flow control valve and an on-off valve), an actuator device (for example, a fan and a motor), an imaging device (for example, a camera and a video camera recording circumstances and objects in the plant), a sound device (for example, a microphone collecting abnormal noise in the plant, and a speaker generating alarm sound), a position detection device outputting position information of the each device, and other devices.
The field device 10 communicates with the distributed control system 20 or the safety instrumented system 30. For example, the field device 10 performs wired communication through a network or a communication bus (not shown), or wireless communication in conformity with industrial wireless communication standards, such as ISA100.11a and WirelessHART (registered trademark), with respect to the distributed control system 20 and the safety instrumented system 30.
The distributed control system 20 is equipped with a process controller 21, an operation monitoring terminal 22, and an engineering terminal 23. The distributed control system 20 collects measurement data measured by the field device 10, and operates (controls) the field device 10 in accordance with the collected measurement data, in order to control various kinds of state quantity. The state quantity controlled by the distributed control system 20 is various kinds of state quantity in the industrial process. For example, the state quantity is pressure, temperature, flow quantity, or the like.
The process controller 21 is a core of the distributed control system 20. The process controller 21 collects the measurement data from the field device 10, and operates (controls) the field device 10. For example, the operation monitoring terminal 22 is operated by a plant operator, and the operation monitoring terminal 22 is used for monitoring an operational status of the plant. The engineering terminal 23 is a terminal used for creating programs to be executed by the process controller 21. The process controller 21, the operation monitoring terminal 22, and the engineering terminal 23 are connected to each other through the network device NE2. For example, if it is not necessary to create the programs to be executed by the process controller 21, the engineering terminal 23 may be omitted, or the engineering terminal 23 does not need to be always connected to the network.
The safety instrumented system 30 is equipped with a safety controller 31 and an engineering terminal 32. In an emergency, the safety instrumented system 30 certainly shuts down the plant in a safe state, in order to prevent a physical injury and an environmental pollution, and protect expensive facilities. When an abnormal circumstance occurs in the plant, the safety instrumented system plays a role of “stronghold for securing safety”.
The safety controller 31 is a core of the safety instrumented system 30. The safety controller 31 communicates with the field device 10 or another safety controller (not shown) and obtains necessary data, in order to determine whether an abnormal circumstance occurs in the plant or not. If the safety controller 31 determines that an abnormal circumstance occurs in the plant, the safety controller 31 executes a safety control logic for implementing safety control. The engineering terminal 32 is a terminal used for creating programs to be executed by the safety controller 31. The safety controllers 31 and the engineering terminal 32 are connected to each other through the network devices NE1 and NE2. Similar to the engineering terminal 23, for example, if it is not necessary to create the programs to be executed by the safety controller 31, the engineering terminal 32 may be omitted, or the engineering terminal 32 is not always connected to the network.
The manufacturing system 40 is a system established for manufacturing products in the plant efficiently. The manufacturing system 40 is such as a Manufacturing Execution System (MES), a Plant Information Management System (PIMS), and a Plant Asset Management System (PAM). As the manufacturing system 40, only one of the Manufacturing Execution System, the Plant Information Management System, and the Plant Asset Management System may be established, and two or more of them may be established. The manufacturing system 40 is connected to the distributed control system 20 and the safety instrumented system 30 through the network devices NE3 and NE4.
The managing system 50 is a system established for business, such as management or sales and marketing in a company. For example, the managing system 50 is an Enterprise Resource Planning System (ERP). The managing system 50 is connected to the manufacturing system 40 through the network device NE5, and the managing system 50 is connected to other unillustrated networks (for example, Internet) through the network device NE6.
The detecting device 60 is installed in each of the zones Z1 to Z3. The detecting device 60 detects cyber-attacks from outside to the self-zone. The cyber-attacks from outside are such as an unauthorized invasion to the integrated industrial system 1, an alteration of the program used by the integrated industrial system 1, a fraud and a destruction of data used by the integrated industrial system 1, an act for making the integrated industrial system 1 be in malfunction state, and other acts.
The detecting device 60 is prepared in accordance with a design concept of each of the zones Z1 to Z3. For example, the detecting device 60 can utilize commercial antivirus software (software which detects virus infection and removes virus), or utilize an intrusion detection system. In the present embodiment, in order to understand easily, an example that the detecting device 60 is prepared as “device” will be described, but the function of the detecting device 60 may be implemented by software.
The detecting device 60 installed in each of the zones Z1 to Z3 is connected to the network configured by the network devices NE1 to NE6. If the detecting device 60 installed in each of the zones Z1 to Z3 detects cyber-attacks, the detecting device 60 transmits the detection result to the defense device 70 through the network. Specifically, the detecting device 60 installed in the zone Z1 is connected to the network devices NE2 and NE3. The detecting device 60 installed in the zone Z2 is connected to the network devices NE4 and NE5. The detecting device 60 installed in the zone Z3 is connected to the network device NE5 and NE6.
The network devices NE1 to NE6 are such as a firewall, a router, a switch, and so on. The network device NE4 is installed between the zone Z1 and the zone Z2. The network device NE5 is installed between the zone Z2 and the zone Z3. The network device NE6 is installed between the zone Z3 and another unillustrated network (for example, Internet). The network device NE1 is installed between the safety controller 31 and the network device N2.
The defense device 70 performs security countermeasures for defending against cyber-attacks from outside based on the detection result obtained from the detecting device 60. For example, the defense device 70 performs a countermeasure of restricting a communication between the zones Z1 to Z3, or a countermeasure of restricting a communication in the zone Z1. The defense device 70 is installed in the zone Z1 where the safety instrumented system 30 belongs. The defense device 70 obtains the detection result of the detecting device 60 through the network configured by the network devices NE1 to NE6, and the defense device 70 performs the security countermeasures through the network configured by the network devices NE1 to NE6.
As shown in
The “device” is information for specifying a device to which the cyber-attack has been performed. The “device” is such as a personal computer (PC), a controller, a switch, a firewall, and so on. The “level” is information for specifying which part of a device has been attacked with the cyber-attack. The “level” is such as an operating system (OS), a network, hardware, application, and so on. The “type” is information for specifying a type of the cyber-attack. The “type” is such as a virus, a DoS attack (Denial of Service attack), and so on.
As shown in
For example, in a fourth line of the setting list LS shown in
For example, in an eighth line of the setting list LS shown in
For example, in a ninth line of the setting list LS shown in
For example, in a third line of the setting list LS shown in
Next, operations of the integrated industrial system 1 of the above-described configuration will be described. Although operations of the integrated industrial system 1 are various, operations mainly performed by the detecting device 60 and the defense device 70 (operations for detecting a cyber-attack and defending against it) will be described below.
If processing of the flow chart shown in
On the other hand, if the setter 71 has determined that there is a cyber-attack to the integrated industrial system 1 (Step S13: “YES”), the setter 71 specifies a target and a type of the cyber-attack based on the result of the analysis performed at Step S12 (Step S14). If the setter 71 has specified a target and a type of the cyber-attack, the setter 71 sets a security countermeasure in accordance with the specified contents by using the setting list LS (Step S15). If the security countermeasure is set by the setter 71, the setter 71 outputs, to the executor 72, information which represents the security countermeasure which has been set. The executor 72 executes the security countermeasure which has been set by the setter 71 (Step S16).
For example, a cyber-attack is performed to a PC used by the managing system 50 which belongs to the zone Z3, and the PC is infected with a virus. In this case, the virus infection of the PC is detected by the detecting device 60 which belongs to the zone Z3. The setter 71 of the defense device 70 reads this detection result (Step S11), and the setter 71 analyzes it (Step S12). Then, the determination result of Step S13 shown in
If the target and the type of the cyber-attack have been specified, the setter 71 sets a security countermeasure of logically disconnecting the network port of the network devices NE5 and NE6, based on the countermeasure number “B3” and the target device “NE5, NE6” which are associated with the attack target number “A4” of the fourth line of the setting list LS shown in
For example, a cyber-attack is performed to a PC which belongs to the zone Z1. In this case, the cyber-attack to the PC is detected by the detecting device 60 which belongs to the zone Z1. The setter 71 of the defense device 70 reads this detection result (Step S11), and the setter 71 analyzes it (Step S12). Then, the determination result of Step S13 shown in
If the target and the type of the cyber-attack have been specified, the setter 71 sets a security countermeasure of blocking power supply of the network devices NE1, NE2, and NE3, and for physically blocking the network, based on the countermeasure number “B5” and the target device “NE1, NE2, NE3” which are associated with the attack target number “A8” of the eighth line of the setting list LS shown in
By performing the above-described processing, the PC which has been received the cyber-attack and the safety controller 31 which is a core of the safety instrumented system 30 are physically separated from each other in the zone Z1. Thereby, the cyber-attack to the safety controller 31 and the safety instrumented system 30 can be prevented beforehand, and the normality of the safety instrumented system 30 can be secured. For this reason, the role of “stronghold for securing safety” is not lost.
As described above, in the present embodiment, the detecting device 60 which detects cyber-attacks from outside is installed in each of the zones Z1, Z2, and Z3 in which the safety instrumented system 30, the manufacturing system 40, and the managing system 50 are installed respectively. Moreover, based on the detection result of the detecting device 60, the communication between the zones Z1 to Z3 or the communication in the zone Z1 is restricted by the defense device 70. For this reason, the cyber-attack to the safety instrumented system 30 can be prevented beforehand, and the normality of the safety instrumented system 30 can be secured. Further, by setting countermeasures in accordance with threat of the cyber-attack, the cyber-attack can be prevented effectively without shutting down the plant carelessly.
For example, the communication line L1 is a transmission line for transmitting a contact signal, and a transmission line for transmitting an analog signal. The communication line L1 transmits the detection result detected by the detecting device 60 to the defense device 70. The communication line L1 may connect the detecting device 60 and the defense device 70 by one-to-one, or may connect two or more detectors 60 and the defense device 70 in a form of network.
For example, similar to the communication line L1, the communication line L2 is a transmission line for transmitting a contact signal, and a transmission line for transmitting an analog signal. The communication line L2 transmits, to the network devices NE1 to NE6, a signal transmitted from the defense device 70 (a signal for performing security countermeasures). Similar to the communication line L1, the communication line L2 may connect the defense device 70 and the network devices NE1 to NE6 by one-to-one, or may connect the defense device 70 and the network devices NE1 to NE6 in a form of network.
In this way, the detecting device 60 and the defense device 70 are connected by the communication line L1, and the defense device 70 and the network devices NE1 to NE6 are connected by the communication line L2, in order to be able to prevent the cyber-attack from outside more certainly. That is, if a cyber-attack is performed, there is a possibility that communication through the network configured by the network devices NE1 to NE6 becomes impossible. Even if the communication through the network becomes impossible, in a case that the communication through the communication line L1 and the communication line L2 is possible, the detection result of the detecting device 60 can be transmitted to the defense device 70, and the security countermeasures (for example, a countermeasure of restricting a communication between the zones Z1 to Z3, or a countermeasure of restricting a communication in the zone Z1) can be performed by the defense device 70. For this reason, the cyber-attack from outside can be prevented more certainly.
The integrated industrial system 2 of the present embodiment is the same as the integrated industrial system 1 of the first embodiment, except that the detection result of the detecting device 60 is transmitted to the defense device 70 through the communication line L1, and except that the signal from the defense device 70 (signal for performing a security countermeasure) is transmitted to the network devices NE1 to NE6 through the communication line L2. For this reason, since operations of the integrated industrial system 2 of the present embodiment are basically the same as those of the integrated industrial system 1 of the first embodiment, detail explanations will be omitted.
As described above, also in the present embodiment, similar to the first embodiment, the detecting device 60 which detects cyber-attacks from outside is installed in each of the zones Z1, Z2, and Z3 in which the safety instrumented system 30, the manufacturing system 40, and the managing system 50 are installed respectively. Moreover, based on the detection result of the detecting device 60, the communication between the zones Z1 to Z3 or the communication in the zone Z1 is restricted by the defense device 70. For this reason, the cyber-attack to the safety instrumented system 30 can be prevented beforehand, and the normality of the safety instrumented system 30 can be secured. Further, by setting countermeasures in accordance with threat of the cyber-attack, the cyber-attack can be prevented effectively without shutting down the plant carelessly.
If the defense device 70 is installed in the zone Z1 in which the safety instrumented system 30 is installed like the integrated industrial system 2 shown in
In the present embodiment, similar to the first and second embodiments, the detecting device 60 which detects cyber-attacks from outside is installed in each of the zones Z1, Z2, and Z3 in which the safety instrumented system 30, the manufacturing system 40, and the managing system 50 are installed respectively. Moreover, based on the detection result of the detecting device 60, the communication between the zones Z1 to Z3 or the communication in the zone Z1 is restricted by the defense device 70. For this reason, the cyber-attack to the safety instrumented system 30 can be prevented beforehand, and the normality of the safety instrumented system 30 can be secured. Further, by setting countermeasures in accordance with threat of the cyber-attack, the cyber-attack can be prevented effectively without shutting down the plant carelessly.
In the present embodiment, similar to the second embodiment, the detecting device 60 and the defense device 70 are connected by the communication line L1, and the defense device 70 and the network devices NE1 to NE6 are connected by the communication line L2. For this reason, even if communication through the network configured by the network devices NE1 to NE6 becomes impossible, the detection result of the detecting device 60 can be transmitted to the defense device 70, and security countermeasures can be performed by the defense device 70. For this reason, the cyber-attack from outside can be prevented more certainly.
In the integrated industrial system of the embodiment shown in
The integrated industrial system of the embodiment shown in
In the second embodiment described above, although the defense device 70 is installed in the zone Z1 in which the safety instrumented system 30 is installed, it is not necessary for the defense device 70 to be installed in the zone Z1. For example, the defense device 70 may be installed in a zone (the zone Z2 or the zone Z3) which is different from the zone Z1 in which the safety instrumented system 30 is installed.
Although an integrated industrial system and a control method thereof according to embodiments of the present invention have been described above, the present invention is not restricted to the above-described embodiments, and can be freely modified within the scope thereof. For example, the foregoing descriptions of the embodiments have been examples in which the integrated industrial system is sectioned to the zones Z1 to Z3 on a basis of hierarchy specified by International Standard ISA-95 (IEC/ISO 62264), in order to secure security. However, it is not necessary for the integrated industrial system to be configured in conformity with the standard. As shown in the examples of
In the embodiment described above, in order to understand easily, an example of defending the cyber-attack to the safety instrumented system 30 has been described. However, in addition to the safety instrumented system 30, security countermeasures may be performed in consideration of an influence on the distributed control system 20.
As used herein, the following directional terms “front, back, above, downward, right, left, vertical, horizontal, below, transverse, row and column” as well as any other similar directional terms refer to those instructions of a device equipped with the present invention. Accordingly, these terms, as utilized to describe the present invention should be interpreted relative to a device equipped with the present invention.
The term “configured” is used to describe a component, unit or part of a device includes hardware and/or software that is constructed and/or programmed to carry out the desired function.
Moreover, terms that are expressed as “means-plus function” in the claims should include any structure that can be utilized to carry out the function of that part of the present invention.
The term “unit” is used to describe a component, unit or part of a hardware and/or software that is constructed and/or programmed to carry out the desired function. Typical examples of the hardware may include, but are not limited to, a device and a circuit.
While preferred embodiments of the present invention have been described and illustrated above, it should be understood that these are examples of the present invention and are not to be considered as limiting. Additions, omissions, substitutions, and other modifications can be made without departing from the scope of the present invention. Accordingly, the present invention is not to be considered as being limited by the foregoing description, and is only limited by the scope of the claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2015-244221 | Dec 2015 | JP | national |
| Number | Name | Date | Kind |
|---|---|---|---|
| 7185366 | Mukai | Feb 2007 | B2 |
| 7467018 | Callaghan | Dec 2008 | B1 |
| 7966659 | Wilkinson et al. | Jun 2011 | B1 |
| 8779921 | Curtiss | Jul 2014 | B1 |
| 8881288 | Levy et al. | Nov 2014 | B1 |
| 9009084 | Brandt et al. | Apr 2015 | B2 |
| 9648029 | Cheng | May 2017 | B2 |
| 9836990 | Nguyen et al. | Dec 2017 | B2 |
| 9892261 | Joram | Feb 2018 | B2 |
| 10021125 | Talamanchi et al. | Jul 2018 | B2 |
| 10026049 | Asenjo et al. | Jul 2018 | B2 |
| 10078317 | Houmb | Sep 2018 | B2 |
| 10146936 | Khanduja | Dec 2018 | B1 |
| 20030188197 | Miyata et al. | Oct 2003 | A1 |
| 20050005017 | Ptacek | Jan 2005 | A1 |
| 20050050346 | Felactu et al. | Mar 2005 | A1 |
| 20050273184 | Dauss et al. | Dec 2005 | A1 |
| 20060026682 | Zakas | Feb 2006 | A1 |
| 20060031938 | Choi | Feb 2006 | A1 |
| 20080016339 | Shukla | Jan 2008 | A1 |
| 20080125887 | Case | May 2008 | A1 |
| 20080162085 | Clayton et al. | Jul 2008 | A1 |
| 20090089325 | Bradfor et al. | Apr 2009 | A1 |
| 20100077471 | Schleiss et al. | Mar 2010 | A1 |
| 20100287608 | Khuti et al. | Nov 2010 | A1 |
| 20110067107 | Weeks et al. | Mar 2011 | A1 |
| 20110289588 | Sahai et al. | Nov 2011 | A1 |
| 20120151593 | Kang et al. | Jun 2012 | A1 |
| 20120209411 | Ohkado et al. | Aug 2012 | A1 |
| 20120284790 | Bhargava | Nov 2012 | A1 |
| 20120313755 | Gutierrez | Dec 2012 | A1 |
| 20130031037 | Brandt et al. | Jan 2013 | A1 |
| 20130081103 | Uner et al. | Mar 2013 | A1 |
| 20130091539 | Khurana et al. | Apr 2013 | A1 |
| 20130201192 | Kanda | Aug 2013 | A1 |
| 20130211555 | Lawsonet et al. | Aug 2013 | A1 |
| 20130211558 | Mishina | Aug 2013 | A1 |
| 20130212214 | Lawson et al. | Aug 2013 | A1 |
| 20130212669 | Wilson | Aug 2013 | A1 |
| 20130227689 | Pietrowicz et al. | Aug 2013 | A1 |
| 20130245793 | Akiyama et al. | Sep 2013 | A1 |
| 20130274898 | Thatikonda et al. | Oct 2013 | A1 |
| 20130312092 | Parker | Nov 2013 | A1 |
| 20140237599 | Gertner et al. | Aug 2014 | A1 |
| 20140237606 | Futoransky | Aug 2014 | A1 |
| 20140317737 | Shin et al. | Oct 2014 | A1 |
| 20150040228 | Lee et al. | Feb 2015 | A1 |
| 20150244734 | Olson et al. | Aug 2015 | A1 |
| 20150281278 | Gooding et al. | Oct 2015 | A1 |
| 20150295944 | Yunoki et al. | Oct 2015 | A1 |
| 20150301515 | Houmb | Oct 2015 | A1 |
| 20150381642 | Kim et al. | Dec 2015 | A1 |
| 20150381649 | Schultz et al. | Dec 2015 | A1 |
| 20160036838 | Jain et al. | Feb 2016 | A1 |
| 20160050225 | Carpenter et al. | Feb 2016 | A1 |
| 20160078694 | Swift | Mar 2016 | A1 |
| 20160094578 | McQuillan et al. | Mar 2016 | A1 |
| 20160112445 | Abramowitz | Apr 2016 | A1 |
| 20160234241 | Talamanchi et al. | Aug 2016 | A1 |
| 20160261482 | Mixer et al. | Sep 2016 | A1 |
| 20160337390 | Sridhara et al. | Nov 2016 | A1 |
| 20160344754 | Rayapeta et al. | Nov 2016 | A1 |
| 20160366174 | Chernin et al. | Dec 2016 | A1 |
| 20170126727 | Beam et al. | May 2017 | A1 |
| 20170353484 | Knapp | Dec 2017 | A1 |
| 20180020014 | Kamiya et al. | Jan 2018 | A1 |
| 20180063244 | Maturana et al. | Mar 2018 | A1 |
| 20180096153 | DeWitte et al. | Apr 2018 | A1 |
| Number | Date | Country |
|---|---|---|
| 10 2005 063052 | Jul 2007 | DE |
| 2775685 | Sep 2014 | EP |
| 2000-267957 | Sep 2000 | JP |
| 2003-288282 | Oct 2003 | JP |
| 2010-081610 | Apr 2010 | JP |
| 2013-161432 | Aug 2013 | JP |
| 2015001594 | Jan 2015 | WO |
| 2015104691 | Jul 2015 | WO |
| Entry |
|---|
| Non-Final Rejection dated Jan. 9, 2019, which issued during the prosecution of U.S. Appl. No. 15/373,638. |
| Akira Wakabayashi, “Safety Instrumented System for Process Industry”, Japan Industrial Publishing Co., Ltd., Oct. 1, 2013, vol. 41, pp. 46-51 (8 pages total). |
| Masashi Murakami, “To Build a Control System that is Strong against Cyber Attacks”, Instrumentation Control Engineering, Japan, Kogyogijutsusha, Feb. 18, 2013, vol. 56, pp. 63-71 (13 pages total). |
| Shoichi Doi, “The Optimal Security Design for a Production Control System”, Masahiro Miyauchi, Japan Technical Association of the Pulp and Paper Industry, Feb. 27, 2015, vol. 69, pp. 43-48 (9 pages total). |
| Karnouskos et al., “Architecting the next generation of service-based SCADA/DCS system of systems”, IEEE, 2011, pp. 359-364. |
| Schuster et al., “A Distributed Intrusion Detection System for Industrial Automation Networks”, IEEE, 2012, 4 pages total. |
| Briesemeister et al., “Detection, Correlation, and Visualization of Attacks Against Critical Infrastructure Systems”, 2010 Eighth Annual International Conference on Privacy, Security and Trust, IEEE, 2010, pp. 15-22. |
| Jiang et al., “A Zone-Based Intrusion Detection System for Wireless Ad Hoc Distribution Power Communication Networks”, 2005 IEEE/PES Transmission and Distribution Conference & Exhibition: Asia and Pacific, 2005, pp. 1-6. |
| Yang et al., “Multiattribute SCADA-Specific Intrusion Detection System for Power Networks”, IEEE Transactions on Power Delivery, vol. 29, No. 3, Jun. 2014, pp. 1092-1102. |
| Zhu et al., “SCADA-specific Intrusion Detection/Prevention Systems: A Survey and Taxonomy”, University of California at Berkley, Berkley, CA, 2010, 16 pages total. |
| Cheung et al., “Using Model-based Intrusion Detection for SCADA Networks”, Computer Science Laboratory, SRI International, Dec. 7, 2006, pp. 1-12. |
| Number | Date | Country | |
|---|---|---|---|
| 20170171243 A1 | Jun 2017 | US |
