Systems and methods for configuring industrial devices through a secured wireless side channel may include a compute device. The compute device may have primary communication circuitry configured to communicate through a network and side channel communication circuitry configured to communicate through a wireless side channel that is different from the network. The compute device may additionally include circuitry configured to obtain, via the wireless side channel, configuration data indicative of a configuration for one or more operations of an industrial device of an industrial process plant. Additionally the circuitry may be configured to configure, in response to obtaining the configuration data, the one or more operations of the industrial device.

An engineering assistant system 1 includes: an engineering server 10 that issues a work list including information related to work necessary for performing the engineering of a process control system 100; and an at least one engineering client 20 that grants work authority for each worker based on the work list issued by the engineering server 10 and makes it possible to perform work on a constituent apparatus that constitutes the process control system 100 within a range of granted work authority.

A secure medication dispenser or apparatus dispensing only prescribed amounts of controlled medication (e.g., pain medication, narcotics and the like) on a limited, periodic basis. Medication is dispensed through an access slot. The dispenser cannot be opened by the user or any third party except on this limited, periodic basis. The dispenser is manufactured from strong, penetration-resistant material, and cannot easily be broken, smashed, cut, or otherwise opened.

The invention relates to a method for sending target values to a wind farm regulator of a wind farm via a wind farm server, wherein the wind farm server has an input interface, and the input interface is used to receive target values for the wind farm regulator after a successful authentication by an access data record, wherein one of several predefined user identifiers is allocated in the wind farm server to each of several access data records, which correspond to predefined access data records, wherein the wind farm server is used to allocate the user identifier allocated to the access data record used for successful authentication before receiving the target value to a target value received from the input interface, and received target values with the allocated user identifier are output to the wind farm regulator. The invention further relates to a wind farm server and a system with a wind farm server.

A method of providing cyber security to an industrial control system is described. The method includes detecting an anomaly and recording and reporting the detected anomaly to a control system within a network associated with the industrial control system. Detecting the anomaly may include recording all unauthorized attempts to connect to a communication port in the network, capturing identifying information associated with the unauthorized attempts, detecting scanning activity of a hacker in the network, detecting an attempt to manipulate a log file to conceal malicious activity in the network; and recording and reporting the detected anomaly to a controller within the network

A method for performing a safe guard detection of unexpected operations launched by an operator for a manufacturing execution system (MED system) is based on a first database containing a set of operations, a set of operators, calendar information for a shift and calendar information for the equipment of the MES-system. The MES-systems further has a second database containing a login history of carried out logins of the operator. The detection of a malicious operation is carried out as to whether the operation complies with a set of rules defining allowed operations or with a learning module, in which specific roles of operators are contained and whether an operation complies with a specific role. In case of non-compliance, the operation is stored as an entry in an event trace file for generating alerts.

A method and arrangement for providing data from an industrial automation arrangement to an external application operated in a data cloud and arranged outside a first data network, where an industrial Edge device processes raw data from the data source and makes the processed data available to the external application, the external application transmits a work order to the gateway component, the work order is checked by the gateway component, the raw data are captured and processed according to the work order, and the processed, abstracted and/or anonymized data are provided to the external application or a destination defined in the work order, such that an external user can automatically control access and hence use the data without accessing the underlying raw data because the level of data access is automatically negotiated and produced between the components involved (data source, gateway component) while taking into account requirements and rules.

A security unit for an industrial control system comprises an interface adapted to communicate with a plurality of components of an industrial control system via a data network, a security assignor adapted to access a first component among the plurality of components via the interface, and further adapted to assign a first security level pertaining to the first component to the first component. The security assignor is further adapted to access a second component among the plurality of components via the interface, and to assign a second security level pertaining to the second component to the second component. The security assignor is adapted to assign the first security level and the second security level to the first component and the second component, respectively, in accordance with a system security level pertaining to the industrial control system.

Methods, systems, and computer-readable media storing instructions are described for receiving an Enterprise Quality Management (EQM) communication from a first computer system on the computer network, the EQM communication being transmitted in a first data format and being configured to pass EQM data between the first computer system and a second computer system on the computer network, determining whether the EQM communication is in a data format interpretable by the second computer system, transforming the EQM communication into a second data format interpretable by the second computer system based at least in part on a determination that the EQM communication is not in a data format interpretable by the second computer system, and transmitting the transformed EQM communication to the second computer system.

A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process.