A method for performing a safe guard detection of unexpected operations launched by an operator for a manufacturing execution system (MED system) is based on a first database containing a set of operations, a set of operators, calendar information for a shift and calendar information for the equipment of the MES-system. The MES-systems further has a second database containing a login history of carried out logins of the operator. The detection of a malicious operation is carried out as to whether the operation complies with a set of rules defining allowed operations or with a learning module, in which specific roles of operators are contained and whether an operation complies with a specific role. In case of non-compliance, the operation is stored as an entry in an event trace file for generating alerts.

A program analysis assistance apparatus 10 includes: an instruction analyzing unit 11 that extracts, from the device control program, instructions and comments in which the registers are used as operands, and identifies the signal values output by the registers based on the extracted instructions; and a matching processing unit 12 that identifies the signal lines to which the registers are connected by matching the extracted comments by the instruction analyzing unit 11 and the identified signal values by the instruction analyzing unit 11, against rules defining relationships between signal lines, signal values, and keywords.

A method may include receiving, via a secure deployment management (SDM) system, data associated with operations of an industrial device from a SDM node associated with the industrial device. The data is received via a secure communication channel established by the SDM system with the SDM node and security protocols. The SDM node is communicatively coupled with a machine learning system for sending and receiving data. The machine learning system may generate an updated machine learning model based on the data and a machine learning model representative of expected outputs associated with the operations of the industrial device and generate updated configuration data based on the updated machine learning model. The method may then include receiving the updated configuration data from the SDM node via the secure communication channel and sending the updated configuration data to the industrial device without performing security operations on the updated configuration data.

A method may include receiving, via a secure deployment management (SDM) system, a notification indicative of a change in configuration data associated with an industrial device from a secure deployment management (SDM) node associated with the industrial device. The notification is received via a secure communication channel established by the SDM system with the SDM node and one or more security protocols. The method also includes retrieving, via the SDM system, the configuration data associated with the industrial device from a data source in response to receiving the notification and sending, via the SDM system, the configuration data to the SDM node via the secure communication channel. The industrial device may receive the configuration data from the SDM node without performing one or more security operations on the configuration data.

A method may include receiving, via a secure deployment management (SDM) system, data associated with one or more operations of an industrial device from a secure deployment management (SDM) node associated with the industrial device. The data is received via a secure communication channel established by the SDM system with the SDM node and security protocols. The method also includes sending the data to a computerized maintenance management system (CMMS) container component may perform tasks in conjunction with a computerized maintenance management system (CMMS) process, such that the CMMS container component may communicate with the CMMS process via a first firewall through which the SDM system is incapable of communicating. The SDM system may enable the data associated with the operations to communicate with the SDM node through a second firewall between the SDM system and the SDM node, the second firewall being different from the first firewall.

According to at least one embodiment, a computer-implemented method to interface with an automation system is disclosed. One or more activation parameters and deactivation parameters may be identified associated with a mobile control panel. A concealed interface of the mobile control panel may be activated based at least in part on the one or more activation parameters. The activated interface of the mobile control panel may be deactivated based at least in part on one or more sleep parameters.

A method includes establishing, using a connection policy at a first device, a security association with a second device of an industrial process control and automation system. The method also includes, once the security association is established, activating a process data policy at the first device. The security association is established during first and second types of negotiations. The process data policy is activated during the second type of negotiation without the first type of negotiation. The second type of negotiation is faster than the first type of negotiation. The connection policy defines a communication channel between the devices using a non-process communication port of the first device. The process data policy defines a communication channel between the devices for real-time industrial process data. The first type of negotiation could include an IKE main mode negotiation, and the second type of negotiation could include an IKE quick mode negotiation.

A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.

A method for authenticating devices and/or applications, specifically web applications, in a control system for an industrial plant, wherein the control system includes at least one local registration service and at least one software inventory, where the method includes determining by the at least one local registration service information about which communications protocols and/or applications are supported by the devices and/or applications and/or which communications protocols and/or applications are active, during authentication of the devices and/or applications within the control system, and storing the device-specific information determined by the local registration service in the at least one software inventory of the control system.

A method may include receiving, via a secure deployment management (SDM) system, a notification indicative of a change in configuration data associated with an industrial device from a secure deployment management (SDM) node associated with the industrial device. The notification is received via a secure communication channel established by the SDM system with the SDM node and one or more security protocols. The method also includes retrieving, via the SDM system, the configuration data associated with the industrial device from a data source in response to receiving the notification and sending, via the SDM system, the configuration data to the SDM node via the secure communication channel. The industrial device may receive the configuration data from the SDM node without performing one or more security operations on the configuration data.