Integrated unified threat management for a process control system

摘要

A Unified Threat Management System (UTMS) for securing network traffic in a process control system may comprise network devices configured to receive network traffic related to the process control system and including a ruleset received from an external source. The ruleset may include one or more rules defining a condition to accept or deny the network traffic received at the network device. The state of the network device may be integrated into the process control system as a process control object or variable, thus allowing the state and other UTMS and component network device parameters and variables to be displayed to an operator at a workstation within a graphical process control system environment. The network devices may also communicate with a perpetual service that proactively supplies the devices with rulesets to meet the latest security threats, threat patterns, and control system vulnerabilities found or predicted to exist within the network.

主权项

1. A method for securing network traffic in a process control system comprising:
providing an operator interface to display and configure various characteristics of both a network access device and a process control device, wherein the network access device facilitates data transmission over a process control system network without changing underlying data communicated over the process control system network, and the process control device changes the data communicated over the process control system network; instantiating an object having a programmable interface to the network access device and the process control device, the object having access to a ruleset including one or more rules defining a condition to accept or deny network traffic received at the network access device, the network traffic originating externally from the process control system and attempting to communicate control information through the network access device to control the process control device; determining which of the one or more rules of the ruleset to apply to the instantiated object; securing the process control device by applying the one or more determined rules to the instantiated object to control the network access device to accept or deny the network traffic received at the network access device; monitoring the network traffic received at the network access device using the instantiated object; and in response to determining that the network traffic received at the network access device violates one or more of the rules applied to the instantiated object, denying the network traffic access to the secured process control device and displaying an alarm in the operator interface.