A robot controller is configured to control operation of at least one industrial robot. The robot controller includes: a processor; a memory configured to store a current system configuration of the robot controller, and an editing interface configured to enable modification of the current system configuration. It further includes a stored fingerprint corresponding to the system configuration according to original manufacturer settings; and a fingerprinting interface configured to facilitate computation of a fingerprint based on the current system configuration. The stored and computed fingerprints may be compared to determine whether any modification has occurred.

A data-processing system having at least one operating memory holding operating data is provided with a protection unit having an execution environment protected from unauthorized access. At least one monitoring logic in the execution environment is connected to the operating memory for monitoring unauthorized modifications, access, or similar protection violations of the operating data stored in the operating memory and for generating an output on detection of such a protection violation. A protection logic in the execution environment holds replacement data capable of replacing the operating data and is connected to the monitoring logic for, on generation of the output, providing to the operating memory the replacement data for the operation or for a substitute operation of the data-processing system.

An industrial control system providing security against tampering or modification generates periodic state thumbprints defining a state of control elements that may be forwarded to a security or safety appliance for comparison to a benchmark thumbprint indicating no tampering. The transmitted state thumbprint may capture not only programs but also configuration and environmental states of the control element.

Embodiments include methods, network security computer systems, and computer program products for identifying deviant engineering modifications to programmable logic controllers. Aspects include: collecting, by a network traffic collection device of the network security computer, network traffic data from one or more engineering stations, and storing, by a network traffic data storage device, the network traffic data collected. Each of the engineering stations may include one or more programmable logic controllers. The method also may include: comparing, by a network traffic comparison module, the network traffic data collected, detecting, by an abnormality detection module, any deviant engineering modifications to the programmable logic controllers in the engineering stations; and generating, by an alarming and correction module, one or more reports for the deviant engineering modifications to programmable logic controllers. The alarming and correction module may generate one or more alarms and block any network traffic associated with the deviant engineering modifications.

Embodiments include methods, network security computer systems, and computer program products for identifying deviant engineering modifications to programmable logic controllers. Aspects include: collecting, by a network traffic collection device of the network security computer, network traffic data from one or more engineering stations, and storing, by a network traffic data storage device, the network traffic data collected. Each of the engineering stations may include one or more programmable logic controllers. The method also may include: comparing, by a network traffic comparison module, the network traffic data collected, detecting, by an abnormality detection module, any deviant engineering modifications to the programmable logic controllers in the engineering stations; and generating, by an alarming and correction module, one or more reports for the deviant engineering modifications to programmable logic controllers. The alarming and correction module may generate one or more alarms and block any network traffic associated with the deviant engineering modifications.

An industrial controller for safety control is disclosed. The controller comprises an interface for receiving a download of a safety control program, a memory for storing at least one safety control program and at least one processing unit for executing a safety control program stored in the non-volatile memory. The at least one processing unit is configured to determine whether a safety control program is verified and to limit an execution of an unverified safety control program according to an unverified run mode. An indicator is configured to indicate the execution of an unverified safety control program. A method of assigning a verification ID to an industrial controller comprises steps of configuring and downloading a safety control program, validating the configured safety control program for the target industrial controller, and assigning a verification ID. Execution of the configured safety control program is limited before the verification ID is assigned.

A template for implementing a control system with security features provides a generic control program and device programs for distribution to one or more industrial controllers and associated control devices together with matching security programs for distribution to the control devices, the security programs providing for the generation of security thumbprints indicating the state of the control devices. The template may also be associated with a security-monitoring program that can receive and process the security thumbprints.