Abstract: A process control system includes one or more field devices positioned in a process control plant and a control module configured to generate control signals for controlling the one or more field devices. The control module may be configured to operate on one or more internal parameters to execute a control strategy. A control module software interface may be configured to define a set of interface parameters based on a strategy type associated with the control strategy of the control module. Each interface parameter of the set of interface parameters may be linked to one of the one or more internal parameters of the control module. Additionally, each interface parameter may be accessible by other control modules and/or other external applications.

Abstract: Apparatuses, systems, and methods of the present disclosure may provide access security in a process control system. For example, current biometric data representative of a user may be acquired and compared to stored biometric data representative of previously identified users. Access to the process control system may be authorized when the current biometric data matches stored biometric data.

Abstract: The described methods and systems enable process control devices to transmit and receive device variable values in a manner that enables the receiving device to verify the integrity of the received values on a variable-by-variable basis. To facilitate verification of integrity, any desired number of variables in a message may have a data integrity check in the message. For each received value that has a data integrity check, the receiving device can calculate its own data integrity check based on the received value and a seed (known to both the transmitting and receiving devices), which it can then compare to the received data integrity check to verify if the received value has been altered during communication.

Abstract: The described methods and systems enable process control devices to transmit and receive device variable values in a manner that enables the receiving device to verify the integrity of the received values on a variable-by-variable basis. To facilitate verification of integrity, any desired number of variables in a message may have a data integrity check in the message. For each received value that has a data integrity check, the receiving device can calculate its own data integrity check based on the received value and a seed (known to both the transmitting and receiving devices), which it can then compare to the received data integrity check to verify if the received value has been altered during communication.

Abstract: A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

Abstract: Apparatuses, systems, and methods of the present disclosure may provide access security in a process control system. For example, current biometric data representative of a user may be acquired and compared to stored biometric data representative of previously identified users. Access to the process control system may be authorized when the current biometric data matches stored biometric data.

Abstract: Apparatuses, systems, and methods of the present disclosure may provide access security in a process control system. For example, current biometric data representative of a user may be acquired and compared to stored biometric data representative of previously identified users. Access to the process control system may be authorized when the current biometric data matches stored biometric data.

Abstract: An anomaly detection system installed in a plant communications network detects unexpected changes or anomalies in the traffic patterns over the communications network to detect infected or potentially infected nodes. The anomaly detection system includes various data collection modules at each of the nodes of the network which operate to view the message traffic into and out of the node and to generate metadata pertaining to the message traffic. The communication modules at the nodes send the traffic metadata to an anomaly analysis engine, which processes the metadata using a rules engine that analyzes the metadata using a set of logic rules and traffic pattern baseline data to determine if current traffic patterns at one or more network nodes are anomalous. If so, the analysis engine may generate an alert or message to a user informing the user of the potentially infected node, may automatically disconnect the node from the network, or may take some other action to minimize the effects of an infected node.

Abstract: A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

Abstract: Apparatuses, systems, and methods of the present disclosure may provide access security in a process control system. For example, current biometric data representative of a user may be acquired and compared to stored biometric data representative of previously identified users. Access to the process control system may be authorized when the current biometric data matches stored biometric data.

Abstract: An anomaly detection system installed in a plant communications network detects unexpected changes or anomalies in the traffic patterns over the communications network to detect infected or potentially infected nodes. The anomaly detection system includes various data collection modules at each of the nodes of the network which operate to view the message traffic into and out of the node and to generate metadata pertaining to the message traffic. The communication modules at the nodes send the traffic metadata to an anomaly analysis engine, which processes the metadata using a rules engine that analyzes the metadata using a set of logic rules and traffic pattern baseline data to determine if current traffic patterns at one or more network nodes are anomalous. If so, the analysis engine may generate an alert or message to a user informing the user of the potentially infected node, may automatically disconnect the node from the network, or may take some other action to minimize the effects of an infected node.