Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate device settings on one or more of the industrial assets to implement the security event management policies, and deploys these instructions to the appropriate assets in order to implement the defined policies.

Abstract: Technology disclosed herein describes a system and method for aggregating event information in an industrial automation system for analysis and response. In an implementation, industrial automation devices perform industrial automation processes in an industrial automation environment. A computing device receives event data relating to events that occurred on an associated industrial automation device of the industrial automation devices. The computing device normalizes the event data to generate normalized event data which describes the events. The computing device supplements the normalized event data with context information relevant to the associated industrial automation device to generate complete event data. The computing device identifies an anomaly for an industrial automation device of the industrial automation devices based on analyzing the complete event data associated with the industrial automation device.

Abstract: A security device includes one or more processors and a memory that includes instructions, that when executed by the processors, cause the processors to perform operations. The operations include monitoring data traffic between industrial automation devices in an industrial system and one or more devices in an external network, determining that a first industrial automation device does not include native security features for receiving secure data from the devices in the external network or transmitting secure data to the devices in the external network, and implementing one or more security techniques in response to determining that the first industrial automation device does not include the native security features.

Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate device settings on one or more of the industrial assets to implement the security event management policies, and deploys these instructions to the appropriate assets in order to implement the defined policies.

Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. When new industrial devices are subsequently installed on the plant floor, the system determines whether a security policy defined by the model is applicable to the new device and commissions the new device to comply with any relevant security policies. This mitigates the necessity for a system administrator to manually configure individual devices to comply with plant-wide security policies.

Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate device settings on one or more of the industrial assets to implement the security event management policies, and deploys these instructions to the appropriate assets in order to implement the defined policies.

Abstract: A device may include a communication component that may communicatively couple to a first network. The device may also include a processor that may transmit a first signal via the communication component to a network address translation (NAT) system, the first signal including a first request to discover a server device. The NAT system may communicatively couple to the first network and a second network, such that the first network is inaccessible to the second network. The processor may then receive location data associated with the server device and transmit a second signal addressed to the server device based on the location data. The second signal is transmitted to the NAT system, such that the second signal may include a second request for a security policy from the server device. The processor may then receive the security policy via the NAT system and adjust one or more communication operations based on the security policy.

Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate device settings on one or more of the industrial assets to implement the security event management policies, and deploys these instructions to the appropriate assets in order to implement the defined policies.

Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. When new industrial devices are subsequently installed on the plant floor, the system determines whether a security policy defined by the model is applicable to the new device and commissions the new device to comply with any relevant security policies. This mitigates the necessity for a system administrator to manually configure individual devices to comply with plant-wide security policies.

Abstract: A device may include a communication component that may communicatively couple to a first network. The device may also include a processor that may transmit a first signal via the communication component to a network address translation (NAT) system, the first signal including a first request to discover a server device. The NAT system may communicatively couple to the first network and a second network, such that the first network is inaccessible to the second network. The processor may then receive location data associated with the server device and transmit a second signal addressed to the server device based on the location data. The second signal is transmitted to the NAT system, such that the second signal may include a second request for a security policy from the server device. The processor may then receive the security policy via the NAT system and adjust one or more communication operations based on the security policy.