Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: A system includes a security server including a memory and a processor configured to receive a first set of communications from a human machine interface (HMI) device, wherein the first set of communications relates to HMI device security events. The security server is also configured to receive a second set of communications from an industrial controller, wherein the second set of communications relates to industrial controller security events. The security server is further configured to package and send the received first and second sets of communications to a remote managed security service provider (MSSP) for analysis.

Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: A system includes an industrial controller having a memory and a processor configured to operate the industrial controller in an open mode, wherein the open mode is configured to enable the industrial controller to receive instructions via unauthenticated network connection or a local connection. The processor of the industrial controller is further configured to operate the industrial controller in a secure mode, wherein the secure mode is configured to enable the industrial controller to receive instructions only via an authenticated network connection.

Abstract: A system includes a build system processor configured to generate a private encryption key and configured to add the private encryption key to at least one of a plurality of source files. Each of the plurality of source files includes instructions configured to be executed by an industrial controller processor. The processor is also configured to generate a plurality of binary files from the plurality of source files. The processor is further configured to construct a whitelist file including first hash key values determined for the plurality of binary files and configured to encrypt the whitelist file using the private key to provide an encrypted whitelist file.

Abstract: A system includes a controller and a certificate authority. The controller is configured to control a process. The certificate authority (CA) is configured to issue and to revoke certificates, wherein the controller is configured to use the CA to mutually authenticate a user to enter into a secure mode of operation.

Abstract: In one embodiment, an industrial process control system includes a processor configured to translate a device definition (DD) file, extract device information for a field device from the DD file, and convert the device information into a first format. The process control system also includes a configuration server configured to receive the device information in the first format from the processor, store the device information in a memory, and respond to queries for the device information in the memory.

Abstract: A system includes a controller and a certificate authority. The controller is configured to control a process. The certificate authority (CA) is configured to issue and to revoke certificates, wherein the controller is configured to use the CA to mutually authenticate a user to enter into a secure mode of operation.

Abstract: A system includes a build system processor configured to generate a private encryption key and configured to add the private encryption key to at least one of a plurality of source files. Each of the plurality of source files includes instructions configured to be executed by an industrial controller processor. The processor is also configured to generate a plurality of binary files from the plurality of source files. The processor is further configured to construct a whitelist file including first hash key values determined for the plurality of binary files and configured to encrypt the whitelist file using the private key to provide an encrypted whitelist file.

Abstract: A system includes an industrial controller having a memory and a processor configured to operate the industrial controller in an open mode, wherein the open mode is configured to enable the industrial controller to receive instructions via unauthenticated network connection or a local connection. The processor of the industrial controller is further configured to operate the industrial controller in a secure mode, wherein the secure mode is configured to enable the industrial controller to receive instructions only via an authenticated network connection.

Abstract: A system includes a security server including a memory and a processor configured to receive a first set of communications from a human machine interface (HMI) device, wherein the first set of communications relates to HMI device security events. The security server is also configured to receive a second set of communications from an industrial controller, wherein the second set of communications relates to industrial controller security events. The security server is further configured to package and send the received first and second sets of communications to a remote managed security service provider (MSSP) for analysis.

Abstract: An industrial process control system includes a field device having a first plurality of device parameter values corresponding to a plurality of device parameters. The industrial process control system also includes a processor configured to determine a second plurality of device parameter values, corresponding to the plurality of device parameters, from a device definition (DD) file. The processor is also configured to present a reconciliation tool comprising a first portion of the plurality of device parameters, the corresponding first plurality of device parameter values, and the corresponding second plurality of device parameter values. The processor is also configured to set a second portion of the plurality of device parameters to the corresponding second plurality of device parameter values based on instructions received from the reconciliation tool.

Abstract: In one embodiment, an industrial process control system includes a processor configured to translate a device definition (DD) file, extract device information for a field device from the DD file, and convert the device information into a first format. The process control system also includes a configuration server configured to receive the device information in the first format from the processor, store the device information in a memory, and respond to queries for the device information in the memory.