公开(公告)号：WO2016154036A1

公开(公告)日：2016-09-29

申请号：PCT/US2016/023225

申请日：2016-03-18

Applicant: SIERRA NEVADA CORPORATION

Inventor： FISCHER, Peter ,  FELDKAMP, Andrew ,  RODRIGUEZ, Nelson ,  EDWARDS, Joshua

IPC: H04L29/06

CPC classification number: H04L67/12 ,  H04L63/0245 ,  H04L63/0263

Abstract: A cyber-security system, including a device and associated method, provides secure communications bi-directionally between an external network and an internal network, including a supervisor control and data acquisition (SCADA) device. The device includes a processor in data communication with the external and internal networks that is programmed with a rule-set establishing validation criteria configured to validate data received from the external and internal networks. The processor is operable in an operational mode to pass between the external and internal networks only data that are compliant with the validation criteria. The processor may be configured to save certain validated data indicating a system state that can inform the application of the rule-set to data. The processor is re-programmable with a new rule-set only in a programming mode. The device includes a switch that is manually operable to switch the processor from the operational mode to the programming mode.

Abstract translation: 包括设备和相关方法在内的网络安全系统在外部网络和内部网络之间双向提供安全通信，包括主管控制和数据采集（SCADA）设备。 该设备包括与外部和内部网络进行数据通信的处理器，该处理器利用规则集来编程，所述规则集建立验证标准，其被配置为验证从外部和内部网络接收的数据。 处理器在操作模式下可操作地仅在外部和内部网络之间通过符合验证标准的数据。 处理器可以被配置为保存指示可以将规则集的应用通知给数据的系统状态的某些经验证的数据。 处理器只能在编程模式下使用新的规则集进行重新编程。 该设备包括可手动操作以将处理器从操作模式切换到编程模式的开关。

公开(公告)号：WO2015116379A1

公开(公告)日：2015-08-06

申请号：PCT/US2015/011249

申请日：2015-01-13

Applicant: SIERRA NEVADA CORPORATION

Inventor： FISCHER, Peter ,  FELDKAMP, Andrew ,  RODRIGUEZ, Nelson ,  EDWARDS, Joshua

IPC: H04L12/22 ,  H04L29/08

CPC classification number: H04L63/02 ,  G05B2219/32404 ,  G06Q50/06 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/029 ,  H04L63/1408 ,  H04L67/02 ,  H04L69/22

Abstract: A cyber-security device provides secure communications bi-directionally between an external network and an internal network including a supervisor control and data acquisition (SCADA) device. The device includes a processor in data communication with the external and internal networks, the processor being programmed with a rule-set establishing validation criteria configured to validate data received from the external and internal networks. The processor is operable in an operational mode to pass between the external and internal networks only data that are compliant with the validation criteria. The processor is re-programmable with a new rule-set only in a programming mode. The device includes a switch that is manually operable to switch the processor from the operational mode to the programming mode.

Abstract translation: 网络安全设备在外部网络和内部网络之间双向提供安全通信，包括监控器控制和数据采集（SCADA）设备。 该设备包括与外部和内部网络进行数据通信的处理器，处理器利用规则集进行编程，所述规则集建立验证标准，其被配置为验证从外部和内部网络接收的数据。 处理器在操作模式下可操作地仅在外部和内部网络之间通过符合验证标准的数据。 处理器只能在编程模式下使用新的规则集进行重新编程。 该设备包括可手动操作以将处理器从操作模式切换到编程模式的开关。