A system and method of managing a network with assets are described. The method includes generating a directed graph with each of the assets represented as a node, determining individual failure probability of each node, computing downstream failure probability of each node according to an arrangement of the nodes in the directed graph, computing upstream failure probability of each node according to the arrangement of the nodes in directed graph, and computing network failure probability for each node based on the corresponding individual failure probability, the downstream failure probability, and the upstream failure probability. Managing the network is based on the network failure probability of the assets.

In an aspect of the disclosure, a method, a computer-readable medium, and a computer system are provided. The computer system includes a baseboard management controller (BMC). The BMC receives a first message from a first remote device on a management network. The BMC determines whether the first message is directed to a storage service or fabric service running on a host of the BMC. The host is a storage device. The BMC extracts a service management command from the first message, when the first message is directed to the storage service or fabric service. The BMC sends, through a BMC communication channel to the host, a second message containing the service management command to the host. The BMC communication channel established for communicating baseboard management commands between the BMC and the host.

A secure control system includes a network of multiplexers that control end/field devices of an infrastructure system, such as an electric power grid. The multiplexers have a default secure lockdown state that prevents remote access to data on the multiplexers and prevents modification of software or firmware of the multiplexer. One or more of the multiplexers include a physical authentication device that confirms the physical proximity of a trusted individual when remote access is requested. A user accesses the network and one of the multiplexers remotely by way of login credentials. The trusted individual confirms the identity of the remote user and operates the physical authentication device connected with and in proximity to that multiplexer, thereby confirming that the remote user can be trusted to access data and reconfigure the multiplexers. The multiplexer connected with the physical authentication device generates a token that is passed to each of the multiplexers that the remote user needs access to. The token may specify a time period, after which, the multiplexers will reenter secure lockdown mode.

Methods and apparatus for detecting whether network nodes and CPE devices serviced by the network nodes are in the same region of a utility power grid are described. Methods and apparatus for using the result of the determination to control, e.g., automatically, backup power resource allocation are also described. Transforming the information collected from CPE devices and other devices into images which are displayed, e.g, as maps, is also described. An automatic determination of whether a network node is in the same power grid region as one or more groups of CPE devices to which the network node provides service. If a network node and a group of CPE devices serviced by the network node are in different utility power regions, backup power devices are automatically deployed to support service to CPE devices during an external power outage at the network node.

Attributes of a power system having one or more distributed energy resources are characterized by continuously receiving data comprising a power data stream having at least two components and derived from at least one distributed energy resource. A control data stream comprising at least two components is generated. An error data stream is determined based on a difference between respective components of the power data stream to components of a reference data stream comprising at least two components. The error data stream and the reference data stream are processed to generate the control data stream. The control data stream is continuously output to enable control and/or monitoring of the power flow of at least one distributed energy resource.

A control arithmetic device controls so that an approval-receiving device displays a content of a new control program that the control arithmetic device received from the editing device. The approval-receiving device receives input of approval information that indicates whether a change of a control program is approved or not from an manager. The control arithmetic device changes the control program to the new control program in the case where the approval information received from the approval-receiving device indicates approval of the control program.

A robot for data logging is described as a module of a portable data transfer system for use in physically transferring very big amounts of data in secure, fast and cheap way. The data logger logs and optionally analyzes sensory and operation data by statistically correlating and combining data, events, and control data from a variety of system modules, user actions, and sensors used to track system transit, handling, operation, and events. The data logger allows forensic analysis and comparison against a mission description to identify system location, transit path, mishandling, tampering, security breaches and problems arising from environmental conditions, design problems, etc. As a result, persons or events causing problems can be identified, retrained, and rectified, and system debugging can solve problems with error in hardware and software. Furthermore, decision and actions can be taken by the robot or by remote control to protect stored data from unauthorized access from third parties, such actions can include destruction of operating keys repository, electrical destruction of storage modules, system shutdown etc.

A method for generating contact graphs for delay/disruption tolerant networking for a constellation of network nodes (e.g., satellites in low earth orbit, terrestrial sensors, and ground stations). A contact graph indicates the availability and data rates for communications links between spacecraft and ground stations. The links may be intermittent due to orbital dynamics and the earth's rotation, and may be line-of-sight or relayed. The method predicts the future locations of satellite nodes in the Earth Centered inertial reference frame, and converts the locations of terrestrial nodes by converting their coordinates from the Earth Centered Earth Fixed reference frame. The method also determines whether line-of-sight links are possible, and estimates the closing velocity between network nodes to estimate signal Doppler shift. Contact graph routing determines the links used to most effectively move data over the network. Output data files may be directly used by Interplanetary Overlay Network administration software.

A network switch includes a first port configured for communication with a first electric device and a second port configured for communication with a second electric device in a deterministic network. The network switch includes one or more processors configured to receive at the first port a communication packet associated with the first electric device and the second electric device, determine if the communication packet satisfies a plurality of protocol constraints, and in response to the communication packet satisfying the plurality of protocol constraints, input one or more message characteristics from the communication packet into a model associated with a first industrial process. The model is configured to output a process behavioral classification based on the one or more message characteristics. The one or more processors receive a process behavioral classification for the communication packet, and selectively generate a control action for the ICS based on the process behavioral classification.

A service providing device included in a process control system in a plant, the service providing device includes a communicator configured to perform communication via a network, a service provider configured to provides a service via the communicator by exclusively assigning first identification information to one of the service providing device and an alternative service providing device, the first identification information being common to the alternative service providing device which provides the service instead of the service providing device, and a heartbeat transmitter configured to transmit heartbeat information for notifying that the service is normal to the alternative service providing device via a relaying device by using second identification information which is different from the first identification information.