Abstract: This disclosure provides an apparatus and method for inferred detection of data replication errors of source applications by enterprise applications, including but not limited to in industrial control systems and other systems. A method includes periodically generating and storing a heartbeat data value by a site risk manager (RM) system. The method includes sending site data with the current heartbeat data value by the site RM system to an enterprise application executing on an enterprise RM system. The enterprise RM system periodically compares a current time and the last received heartbeat data value to produce a calculated time difference. The enterprise RM system determines that site data replication is not functioning correctly when the calculated time difference is greater than a predefined threshold. When the replication is not functioning correctly, the enterprise RM system notifies a user that replicated site data may be inaccurate.

Abstract: This disclosure provides an apparatus and method for a consolidated enterprise view of cybersecurity data from multiple sites, including but not limited to in industrial control systems and other systems. A method includes receiving, by a replicator system, cybersecurity data from a site risk manager (RM) database. The method includes transferring the cybersecurity data, by the replicator system, through a secure firewall to an enterprise RM database. The enterprise RM database consolidates data received from a plurality of replicator systems.

Abstract: This disclosure provides an apparatus and method for replication of identity-derived primary keys without range restrictions, including but not limited to in industrial control systems and other systems. A method includes maintaining, by a publisher system, a data table associated with a primary key PK-i. The method includes adding, by the publisher system, a unique value PK-g associated with every record of the data table. The method includes defining, by the publisher system, a primary key PK based on PK-i and PK-g. The method includes publishing the data table, including the primary key PK, by the publisher system, to at least one subscriber system.

Abstract: This disclosure provides an apparatus and method for inferred detection of data replication errors of source applications by enterprise applications, including but not limited to in industrial control systems and other systems. A method includes periodically generating and storing a heartbeat data value by a site risk manager (RM) system. The method includes sending site data with the current heartbeat data value by the site RM system to an enterprise application executing on an enterprise RM system. The enterprise RM system periodically compares a current time and the last received heartbeat data value to produce a calculated time difference. The enterprise RM system determines that site data replication is not functioning correctly when the calculated time difference is greater than a predefined threshold. When the replication is not functioning correctly, the enterprise RM system notifies a user that replicated site data may be inaccurate.

Abstract: This disclosure provides an apparatus and method for a consolidated enterprise view of cybersecurity data from multiple sites, including but not limited to in industrial control systems and other systems. A method includes receiving, by a replicator system, cybersecurity data from a site risk manager (RM) database. The method includes transferring the cybersecurity data, by the replicator system, through a secure firewall to an enterprise RM database. The enterprise RM database consolidates data received from a plurality of replicator systems.

Abstract: This disclosure describes an apparatus and method for monitoring distributed industrial control systems using a flexible hierarchical model. A method includes providing, a plurality of hierarchically-organized industrial control devices in an industrial control network. The method includes executing, by each of a plurality of the industrial control devices, a publisher application or a subscriber application that is associated with a hierarchical level of the industrial control network. The method includes associating each publisher application or subscriber application with an application hierarchy property that identities the associated hierarchical level in the industrial control network. The method includes executing a process, by one of the industrial control devices according to the application hierarchy properties.