An electronic control device comprising a number of application partitions and a firewall partition, also comprising a number of secure interfaces which can only be accessed by the firewall partition. This increases the safety of the electronic device for example when used as an embedded controller.

A method for intercepting, by a security gateway, a secure data session comprises the steps of establishing a first secure data session between a client device and a server device, intercepting the first secure data session by the security gateway, establishing a second secure data session between the server device and the security gateway, receiving a first secure session request from the client device, generating a second secure session request based on the first secure session request, receiving a server certificate from the server device, sending the second secure session request to the server device, receiving first secure content from the client device over the first secure data session, creating first encrypted secure content using the first secure content and the server certificate, and sending the first encrypted secure content to the server device over the second secure data session.

An autonomous report composer composes a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience. The autonomous report composer cooperates with libraries with prewritten text templates with i) standard pre-written sentences written in the natural language prose and ii) prewritten text templates with fillable blanks that are populated with data for the cyber threats specific for a current report being composed, where a template for the type of report contains two or more sections in that template. Each section having different standard pre-written sentences written in the natural language prose.

A device for a secure data connection of at least one manufacturing machine (104) has an information-processing system (114), which is subdivided into individual zones (108, 110, 112) interconnected by data diodes (120) such that data originating from the machine control (118) of the manufacturing machine (104) in a data flow can be transferred to other zones (108, 110, 112) without the possibility of a data return flow. The individual zones (110, 112) are ordered hierarchically. Each individual zone has a lower level of data security than the upstream individual zone (108, 110) in relation to the data flow. Every individual zone (108, 110, 112) is formed as an independent computer in the manner of an isolated application. In addition, a manufacturing machine and a production plant includes the device for secure data connection.

A system for secure data transfer using air gapping. A first module includes: a first module communication interface configured to communicate with a public network. A second module includes: a first read-only memory storing an operating system; a second read-only memory storing sets of private keys of the second module and at least one public key of another remote entity; a cryptographic unit configured to encrypt and/or decrypt data using the keys stored in the second read-only memory. A bridge module includes: a bridge module controller; memory for storing data; a switch configured to selectively connect the bridge module data interface to either the first module data interface or to the second module data interface such that the first module data interface is never connected with the second module data interface.

Apparatus and methods for controlling unmanned systems (UMSs), such as unmanned aircraft, are provided. A UMS can be provided that includes a physical computer, one or more auxiliary systems for the UMS, and a payload. The physical computer can execute software to cause the physical computer at least to instantiate a plurality of virtual computers that include a mission virtual computer and a payload virtual computer for: controlling the one or more auxiliary systems for the UMS using the mission virtual computer, communicating with the payload using the payload virtual computer, determining whether a software fault has occurred on one virtual computer of the plurality of virtual computers, and after determining that a software fault has occurred on one virtual computer of the plurality of virtual computers, preventing the software fault from causing a fault on a different virtual computer of the plurality of virtual computers.

Systems and methods for detecting transmission of covert payloads of data are provided. A datagram is received at a host within a network. A determination is made that processing the datagram creates an error condition. A determination is made that that the datagram contains a payload intended for covert transmission where at least one suspicious condition is present. The suspicious conditions include an encrypted payload, a destination not matching any known address for hosts within the network, a time to live value matching the number of gateways traversed by the datagram within the network, and a particular type of error condition.

According to one or more embodiments, a system can comprise a processor and a memory that can store executable instructions that, when executed by the processor, facilitate performance of operations. The operations can include establishing a wireless connection to a wireless network. The operations can further include receiving, via the wireless connection, data from a gateway device, that has been communicated via a network device of a publicly accessible network, wherein the data has been compared, by the gateway device, to a template of anomalous activity.

Techniques for providing a networking and security split architecture are disclosed. In some embodiments, a system, process, and/or computer program product for providing a networking and security split architecture includes receiving a flow at a security service; processing the flow at a network layer of the security service to perform one or more networking functions; and offloading the flow to a security layer of the security service to perform security enforcement based on a policy.

The disclosed embodiments provide a method and apparatus for protecting a critical computer system from malware intrusions. An isolator containing access approval features is disclosed. The isolator requires the approval of a Supervisor which can be a person with authority or an intelligent computer before a user can have access to the critical computer system. The isolator contains features used to facilitate cascaded encryption and decryption of messages which further enhances the security of the critical computer system. The isolator can greatly improve security of infrastructure such as industrial control systems, servers and workstations.