Abstract: Techniques are generally described for user-customized computer vision event detection. A camera device may capture a first frame of image data. A first machine learning model may generate first embedding data for the first frame of image data. The first embedding data may be input into a second machine learning model associated with the camera device. The second machine learning model and the first embedding data may be used to determine that an area-of-interest represented by the first frame of image data is in a first state. State data stored in memory may be determined. The state data may indicate that the area-of-interest was previously in a second state. An alert may be sent to a device associated with the camera device indicating that the area-of-interest has changed from the second state to the first state.

Abstract: Techniques are generally described for user-customized computer vision event detection. A camera device may capture a first frame of image data. A first machine learning model may generate first embedding data for the first frame of image data. The first embedding data may be input into a second machine learning model associated with the camera device. The second machine learning model and the first embedding data may be used to determine that an area-of-interest represented by the first frame of image data is in a first state. State data stored in memory may be determined. The state data may indicate that the area-of-interest was previously in a second state. An alert may be sent to a device associated with the camera device indicating that the area-of-interest has changed from the second state to the first state.

Abstract: The disclosure provides for a two-stage method for analyzing data from an oil and gas field operation site for cyber threats. The method includes, in a first stage of analysis, filtering captured events using local edge computing at the site to perform initial cyber anomaly detection by applying classification models to the captured events, forming filtered data. The method includes transmitting the filtered data to a second stage of analysis and, in the second stage of analysis, analyzing the filtered data in a cloud by applying system context and referring vulnerability databases. The disclosure provides for a system for analyzing data, including an edge computing device that includes computer instructions to filter captured events to perform initial cyber anomaly detection, forming filtered data. The system includes a cloud-based ML cluster to implement a second stage of analysis to analyze the filtered.

Abstract: The disclosure provides methods and systems for securing internet of thing systems. One method includes receiving, at a computing device, a token, wherein the token comprises a cryptographically signed list of rights that the computing device is authorized to request. The method also includes requesting, using the computing device, an action of a receiving device in an industrial location, wherein requesting the action comprises sending the token with the request to cause the receiving device to authenticate the user of the computing device and confirm the user is authorized to perform the action.

Abstract: An automated incident response process that is configured to monitor data from at least one internet connected apparatus, use artificial intelligence to determine if the data indicates a fault and perform a playbook of actions if a fault is determined.

Abstract: The disclosure provides for a two-stage method for analyzing data from an oil and gas field operation site for cyber threats. The method includes, in a first stage of analysis, filtering captured events using local edge computing at the site to perform initial cyber anomaly detection by applying classification models to the captured events, forming filtered data. The method includes transmitting the filtered data to a second stage of analysis and, in the second stage of analysis, analyzing the filtered data in a cloud by applying system context and referring vulnerability databases. The disclosure provides for a system for analyzing data, including an edge computing device that includes computer instructions to filter captured events to perform initial cyber anomaly detection, forming filtered data. The system includes a cloud-based ML cluster to implement a second stage of analysis to analyze the filtered.

Abstract: The disclosure provides methods and systems for securing internet of thing systems. One method includes receiving, at a computing device, a token, wherein the token comprises a cryptographically signed list of rights that the computing device is authorized to request. The method also includes requesting, using the computing device, an action of a receiving device in an industrial location, wherein requesting the action comprises sending the token with the request to cause the receiving device to authenticate the user of the computing device and confirm the user is authorized to perform the action.

Abstract: Devices, methods, systems, and computer-readable for providing a cyber-security architecture for microgrid systems are described herein. One or more embodiments include a system for providing a cyber-security architecture for a microgrid, comprising a supervisory control and data acquisition network device having at least one remote network connection to a non-local network device and allowing communication of data and control instructions between the non-local network device and at least one local device in a microgrid network and a control network for providing control instructions to the local device based on data from the microgrid and a power generation network device, the control network allowing communication of data and control instructions between the power generation network device and the local device in the microgrid network.

Abstract: Devices, methods, systems, and computer-readable media for legacy device securitization within a microgrid system are described herein. One or more embodiments include a system having a microgrid network with at least one remote network connection to a non-local network device and the network having at least one local legacy device in communication with the non-local network device and a bump-in-the-wire (BITW) security device between the local legacy device and the at least one remote connection.

Abstract: A system and method includes obtaining a secret key at a processor of a device, obtaining a salt and an environmental variable, generating a cryptographically transformed derived key via the processor of the device using the secret key, the salt, and the environmental variable, storing the derived key in a memory of the device, and using the derived key for cryptographic communications via a network with another device.

Abstract: Physical presence verification by an industrial control system controller is described herein. One industrial control system controller includes a mechanism configured to verify that a user of the industrial control system controller is physically present at a location of the controller, a memory, and a processor configured to execute executable instructions stored in the memory to permit the user to perform industrial control operations using the controller only if the user is physically present at the location of the controller.

Abstract: Devices, methods, systems, and computer-readable for providing a cyber-security architecture for microgrid systems are described herein. One or more embodiments include a system for providing a cyber-security architecture for a microgrid, comprising a supervisory control and data acquisition network device having at least one remote network connection to a non-local network device and allowing communication of data and control instructions between the non-local network device and at least one local device in a microgrid network and a control network for providing control instructions to the local device based on data from the microgrid and a power generation network device, the control network allowing communication of data and control instructions between the power generation network device and the local device in the microgrid network.

Abstract: A system and method includes obtaining a secret key at a processor of a device, obtaining a salt and an environmental variable, generating a cryptographically transformed derived key via the processor of the device using the secret key, the salt, and the environmental variable, storing the derived key in a memory of the device, and using the derived key for cryptographic communications via a network with another device.

Abstract: Devices, methods, systems, and computer-readable media for legacy device securitization within a microgrid system are described herein. One or more embodiments include a system having a microgrid network with at least one remote network connection to a non-local network device and the network having at least one local legacy device in communication with the non-local network device and a bump-in-the-wire (BITW) security device between the local legacy device and the at least one remote connection.

Abstract: Physical presence verification by an industrial control system controller is described herein. One industrial control system controller includes a mechanism configured to verify that a user of the industrial control system controller is physically present at a location of the controller, a memory, and a processor configured to execute executable instructions stored in the memory to permit the user to perform industrial control operations using the controller only if the user is physically present at the location of the controller.