Abstract: A process control system (PCS) includes a cable connection including physical cables including a first cable for connecting between a process controller and an I/O access device, and an independent second cable for connecting the process controller and a second node being the I/O access device or another device. The I/O access device is for coupling to I/O module(s) to receive an output of the I/O access device. An output of the I/O module is coupled to a field device coupled to processing equipment. The process controller and I/O access device each include a processor and memory that implement send and receive logic for communicating using any of multiple redundancy protocols including a first and a second redundant protocol. The cable connection is for supporting simultaneously communicating between the process controller and the second node utilizing both the first redundant protocol and the second redundant protocol.

Abstract: An apparatus and system is disclosed connected to at least one input/output (I/O) module and to at least one controller of an industrial distributed control system. The apparatus and system comprises a control network module having a control component that uses a processor to execute operating software that implements operating configurations for the control network module. At least one I/O port is connected to the control component that is configurable by the operating software to enable port configurations to connect the at least one I/O module to the control network module. An expansion component connected to the control component has at least one expansion port connected to the at least one controller. The expansion port connects the at least one controller to the control component for communicating data and control signals to and from the at least one controller to the at least one I/O module. A security component regulates access to the apparatus based upon one or more security attributes.

Abstract: A process control system (PCS) includes a cable connection including physical cables including a first cable for connecting between a process controller and an I/O access device, and an independent second cable for connecting the process controller and a second node being the I/O access device or another device. The I/O access device is for coupling to I/O module(s) to receive an output of the I/O access device. An output of the I/O module is coupled to a field device coupled to processing equipment. The process controller and I/O access device each include a processor and memory that implement send and receive logic for communicating using any of multiple redundancy protocols including a first and a second redundant protocol. The cable connection is for supporting simultaneously communicating between the process controller and the second node utilizing both the first redundant protocol and the second redundant protocol.

Abstract: An electronic device and other electronic device include a first and second port that utilizes a parallel redundancy protocol in a communications network including a first and second lane. The devices include a processing circuit, a PRP handler, a protocol stack, a memory, permanent storage accessible by the processing circuit, and transmit and receive circuitry for transmitting and receiving packets. A redundancy manager is for identifying path faults in the network. The processing circuit implements a method of detecting network path fault, including the other electronic device transmitting a frame pair over the first lane and second lane. The electronic device receives the frame pair and implements a receive processing flow, when the first frame or the second frame is identified to be a redundant frame, removes the redundant frame, and compares a first frame parameter to a second frame parameter to determine when the path fault is present.

Abstract: A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications. In addition, the method includes using an in-band channel to update or replace the first cryptographic key.

Abstract: A method includes receiving, from a device, (i) a certificate request for a certification authority and (ii) a first digital certificate. The certificate request is digitally signed by the first device, and the first digital certificate is stored in the device. The method also includes verifying, at the certification authority, the first digital certificate using a second digital certificate of another certification authority. The method further includes verifying a digital signature of the certificate request using the first digital certificate. In addition, the method includes, after verifying the first digital certificate and the digital signature, transmitting a second digital certificate to the device.

Abstract: A method includes verifying that firmware of a device is trusted and contains a root of trust. The method also includes verifying that a protected storage of the device contains a private or secret key associated with a device certificate that is stored in a persistent storage of the device. The method further includes verifying the device certificate of the device using the root of trust. In addition, the method includes, in response to verifying that the protected storage contains the private or secret key associated with the device certificate and verifying the device certificate, determining that the device is a genuine device. The root of trust could include a trusted certificate or a trusted public key.

Abstract: A method includes transmitting, over a virtual private network (VPN) to a remotely-located control platform, a request for first information associated with a BOOTP protocol synchronization process. The method also includes receiving, from the control platform, a first response comprising the requested first information. The method further includes receiving, over a local network from an embedded device in a distributed control system, a request for second information associated with the BOOTP protocol. In addition, the method includes transmitting, to the embedded device, a second response comprising the requested second information.

Abstract: A method includes receiving, from a device, (i) a certificate request for a certification authority and (ii) a first digital certificate. The certificate request is digitally signed by the first device, and the first digital certificate is stored in the device. The method also includes verifying, at the certification authority, the first digital certificate using a second digital certificate of another certification authority. The method further includes verifying a digital signature of the certificate request using the first digital certificate. In addition, the method includes, after verifying the first digital certificate and the digital signature, transmitting a second digital certificate to the device.

Abstract: An apparatus includes a first distributed control system (DCS) node. The first DCS includes at least one interface configured to communicate, over a network, with a second DCS node. The first DCS node also includes at least one processing device. The processing device is configured to exchange a security association policy with the second DCS node. The processing device is also configured to exchange public keys with the second DCS node using the security association policy. The processing device is also configured to send a public key of the second DCS node to a field programmable gate array of the first DCS node. The processing device is also configured to receive a shared secret from the field programmable gate array. The processing device is also configured to generate a hash of a message using the shared secret.

Abstract: A method includes verifying that firmware of a device is trusted and contains a root of trust. The method also includes verifying that a protected storage of the device contains a private or secret key associated with a device certificate that is stored in a persistent storage of the device. The method further includes verifying the device certificate of the device using the root of trust. In addition, the method includes, in response to verifying that the protected storage contains the private or secret key associated with the device certificate and verifying the device certificate, determining that the device is a genuine device. The root of trust could include a trusted certificate or a trusted public key.

Abstract: A method includes transmitting, over a virtual private network (VPN) to a remotely-located control platform, a request for first information associated with a BOOTP protocol synchronization process. The method also includes receiving, from the control platform, a first response comprising the requested first information. The method further includes receiving, over a local network from an embedded device in a distributed control system, a request for second information associated with the BOOTP protocol. In addition, the method includes transmitting, to the embedded device, a second response comprising the requested second information.

Abstract: A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications. In addition, the method includes using an in-band channel to update or replace the first cryptographic key.

Abstract: An apparatus includes a first distributed control system (DCS) node. The first DCS includes at least one interface configured to communicate, over a network, with a second DCS node. The first DCS node also includes at least one processing device. The processing device is configured to exchange a security association policy with the second DCS node. The processing device is also configured to exchange public keys with the second DCS node using the security association policy. The processing device is also configured to send a public key of the second DCS node to a field programmable gate array of the first DCS node. The processing device is also configured to receive a shared secret from the field programmable gate array. The processing device is also configured to generate a hash of a message using the shared secret.

Abstract: A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.

Abstract: A method includes receiving, at a first distributed control system (DCS) node over a network, information associated with a security manager. The method also includes establishing multiple communication channels between the first DCS node and the security manager over the network using the information, where the communication channels include a non-secure channel and a secure channel. The method further includes receiving security credentials from the security manager at the first DCS node over the non-secure channel and receiving a security policy and an activation time from the security manager at the first DCS node over the secure channel. In addition, the method includes transitioning the first DCS node to communicate with a second DCS node over the network using the security policy at the activation time.

Abstract: A method includes receiving, at a first distributed control system (DCS) node over a network, information associated with a security manager. The method also includes establishing multiple communication channels between the first DCS node and the security manager over the network using the information, where the communication channels include a non-secure channel and a secure channel. The method further includes receiving security credentials from the security manager at the first DCS node over the non-secure channel and receiving a security policy and an activation time from the security manager at the first DCS node over the secure channel. In addition, the method includes transitioning the first DCS node to communicate with a second DCS node over the network using the security policy at the activation time.

Abstract: A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.