Systems and methods for controlling file execution for industrial control systems

摘要

A system includes a controller configured to control a process, and store at least one binary file, wherein the at least one binary files is generated from at least one source file, wherein the at least one source file comprises instructions configured to be executed by a processor in the controller. The controller may also be configured to retrieve a whitelist file comprising a first hash key value derived from the at least one binary file, and execute an executable file based on the whitelist file, wherein the executable file comprises the source file.

主权项

1. A system comprising:
a machinery disposed on an industrial plant; at least one sensor disposed on an industrial plant component of the machinery; a hardware controller communicatively coupled to the sensor, the hardware controller configured to :
receive at least one sensor value from the at least one sensor;execute an executable file that utilizes the at least one sensor value as input to the executable file to derive a control action, wherein the executable file comprises an executable binary file stored in a memory of the hardware controller;control a process of the industrial plant by actuating a field device based on the control action, wherein actuating the field device controls an operation of a gas turbine system of the machinery;retrieve a whitelist file wherein the whitelist file comprises an encrypted file stored in the hardware controller and used by the hardware controller to enable execution of commands;decrypt the whitelist file to derive a first hash key value;derive a second hash key value from the executable file;determine whether the executable file is listed in the whitelist file by comparing the first hash key value to the second hash key value; andexecuting, during machinery operations, the executable file to control the gas turbine based on the determination that the executable file is listed on the whitelist file.