| 发明名称 |
BI-DIRECTIONAL DATA SECURITY FOR SUPERVISOR CONTROL AND DATA ACQUISITION NETWORKS |
| 摘要 |
A cyber-security system, including a device and associated method, provides secure communications bi-directionally between an external network and an internal network, including a supervisor control and data acquisition (SCADA) device. The device includes a processor in data communication with the external and internal networks that is programmed with a rule-set establishing validation criteria configured to validate data received from the external and internal networks. The processor is operable in an operational mode to pass between the external and internal networks only data that are compliant with the validation criteria. The processor may be configured to save certain validated data indicating a system state that can inform the application of the rule-set to data. The processor is re-programmable with a new rule-set only in a programming mode. The device includes a switch that is manually operable to switch the processor from the operational mode to the programming mode. |
| 申请公布号 |
US2015215283(A1) |
申请公布日期 |
2015.07.30 |
| 申请号 |
US201514668602 |
申请日期 |
2015.03.25 |
| 申请人 |
Sierra Nevada Corporation |
发明人 |
Fischer Peter;Feldkamp Andrew;Rodriguez Nelson;Edwards Joshua |
| 分类号 |
H04L29/06;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A cyber-security device for providing secure communications between an external network and an internal network including a supervisor control and data acquisition (SCADA) device, the cyber-security device comprising:
an external communication interface configured to send data to and receive data from the external network; an internal communication interface configured to send data to and receive data from the internal network; a processor in data communication with the external communication interface and the internal communication interface, the processor being programmed with a rule-set establishing validation criteria configured to validate data received from the external network via the external communication interface and data received from the internal network via the internal communication interface, wherein the processor is operable in an operational mode to pass between the external communication interface and the internal communication interface only data that conform with the validation criteria, and wherein the processor has a programming mode in which the processor is re-programmable with a new rule-set; and a switch operable manually to switch the processor between at least the operational mode and the programming mode; wherein the rule-set comprises at least one rule dependent on a state of the SCADA device. |
| 地址 |
Sparks NV US |
