Abstract: A system and a method provide multilevel consistency check for a cyber attack detection in an automation and control system wherein the multilevel consistency check of sensor measurements, commands and settings on different automation devices on a plant floor is able to provide end-to-end intrusion detection on exchanged data. The multilevel consistency check includes a measurement consistency check and a commands and settings consistency check to enable a cyber security solution for industrial control systems (ICS). An alarm is set when detecting a first value inconsistent from a second value. An anomaly is detected based on at least one of the measurement consistency or the commands and settings consistency and it is identified as an intrusion detection.

Abstract: A network system includes a first network user having a plurality of network devices, wherein the network devices have identification parameters for identification, a second network user having a cloud computing infrastructure, and a cloud connector having a first interface and a second interface. The cloud connector is connected via the first interface to the first network user and connected via the second interface to the second network user. The cloud connector executes a passive scan and an active scan of the first network user so that at least one of the network devices is identifiable by the cloud connector. A network device profile is loadable from the second network user into the cloud connector, and the active scan is executed on the basis of the network device profile being loaded into the cloud connector.

Abstract: The present embodiments relate to monitoring and analyzing programmable logic controllers (PLC) for security threats. By way of introduction, the present embodiments described below include apparatuses and methods for non-intrusive monitoring and forensic data collection for PLCs. Security monitoring and forensic applications are provided to perform secure collection, compression and export of PLC information. The security monitoring and forensic applications collect data indicative of low level PLC data and operations, and a forensic environment is provided to analyze the PLC data and operations and to perform forensic simulations.

Abstract: A system includes a first network including a network device, a second network including a cloud-computing infrastructure, a module including a first interface and a second interface. The first interface is in communication with the first network and the second interface is in communication with the second network. The module includes a virtual honeypot which simulates the network device. Further disclosed are a Cloud Connector and a method of using the system.

Abstract: A network system includes a first network user having a plurality of network devices, wherein the network devices have identification parameters for identification, a second network user having a cloud computing infrastructure, and a cloud connector having a first interface and a second interface. The cloud connector is connected via the first interface to the first network user and connected via the second interface to the second network user. The cloud connector executes a passive scan and an active scan of the first network user so that at least one of the network devices is identifiable by the cloud connector. A network device profile is loadable from the second network user into the cloud connector, and the active scan is executed on the basis of the network device profile being loaded into the cloud connector.