SYSTEM AND METHOD FOR ENHANCING COMPUTER NETWORK RELIABILITY BY COUNTERING DISRUPTIONS IN NETWORK COMMUNICATIONS

Abstract

A monitoring system includes a processor configured to perform operations including: place the monitoring system into a training mode to generate a model of an industrial process or other operation; receive indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the multiple monitored devices is configured to control the industrial process or other operation; and from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generate the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process are expected to occur.

Description

RELATED APPLICATION

This application is a continuation-in-part of U.S. patent application Ser. No. 17/106,060 entitled “METHOD AND SYSTEM OF DEDUCING STATE LOGIC DATA WITHIN A DISTRIBUTED NETWORK” filed Nov. 27, 2020 by Paul Williams; which claims the benefit of the priority date of U.S. Provisional Application 62/941,576 entitled “METHOD AND SYSTEM OF DEDUCING STATE LOGIC DATA WITHIN A DISTRIBUTED NETWORK” filed Nov. 27, 2019 by Paul Williams; the disclosures of each of which are incorporated herein by reference for all purposes. This application also claims the benefit of the priority date of each of U.S. Provisional Application 63/445,654 entitled “SYSTEM AND METHOD FOR COUNTERACTING EFFECTS OF CYBER SECURITY BREACH OR OTHER DISRUPTION IN NETWORK COMMUNICATIONS” filed Feb. 14, 2023 by Paul Williams; and of U.S. Provisional Application 63/445,663 entitled “SYSTEM AND METHOD FOR ENHANCING COMPUTER NETWORK RELIABILITY AND COUNTERACTING EFFECTS OF A CYBER SECURITY BREACH” filed Feb. 14, 2023 by Paul Williams; the disclosures of each of which are also incorporated herein by reference for all purposes.

BACKGROUND

1. Technical Field

The present disclosure relates to the fields of information technology and operational technology computer networks, specifically counteracting the effects of an electronic communications breach among devices.

2. Description of the Related Art

It has become commonplace to employ computing devices to control industrial processes, including and not limited to, chemical processes, automated assembly lines, and the provision of various utilities, including electric power. Unfortunately, this has opened the door to a wide variety of communications failures and electronic attacks that may affect the control of industrial processes, thereby creating a plethora of information technology and industrial process failure scenarios.

More specifically, and by way of two examples, in an information technology network a computer server may fail with little or no warning such as a malfunctioning or erroneously configured hardware or software component, or in an operational technology network a cyber attack technique as a distributed denial of service (DDOS) attack may be directed against computing devices involved in the control of industrial processes. Such attacks may so thoroughly inundate such computing devices with network traffic as to entirely prevent them from engaging in communications related to industrial processes such that necessary transmissions of operational commands are at least significantly delayed, or simply never occur. As will be familiar to those skilled in the art, the timing of the transmission of a particular operational command from one device to another may be as important to the correct performance of an industrial process as whether such a transmission ever occurs, at all.

The failure to transmit information and/or commands when expected, or the failure to transmit information and/or commands at all, may result in portions of an information technology network or industrial process being performed for too long a period of time, being commenced at too late a time, or not being performed at all. A whole host of failures may result, including and not limited to, expensive failures cascading throughout an information technology network in an organization or failures in the successful production of products or successful provision of services, damage to equipment used to produce products or provide services, creation of hazardous conditions where industrial processes are performed, injuries and/or fatalities among personnel involved in performing industrial processes, and/or reputational and/or financial damage to corporate entities and/or other entities associated with information technology network or industrial processes. Still further, where an industrial process is part of a chain of related industrial processes, such compromising of the performance of one industrial process may adversely affect the ability to perform one or more preceding industrial processes, and/or one or more subsequent industrial processes.

The use of cyber attack techniques in such attacks on industrial processes often begets the temptation to focus on using longstanding cybersecurity measures to counter them. Such longstanding cybersecurity measures include, and are not limited to, the use of various types of signatures to detect 1) the transmission, receipt and/or storage of particular sequences of executable instructions of malicious pieces of software, 2) the transmission of particular malicious combinations of operational commands across a network by a computing device, and/or 3) the performance of particular malicious combinations of actions by a computing device. Such approaches have been useful in attempting to prevent the infiltration and/or execution of malicious software, and/or halting further execution of malicious software. However, as will be familiar to those skilled in the art, such approaches often set up a form of “arms race” between developers of malicious software and developers of the signatures used in such detection.

Unavoidably, there is a delay between the deployment of new malicious software and/or other varieties of attacks, and the development of the corresponding defensive measures (e.g., signatures) such that it is inevitable that at least some of such software and/or attacks will be successful in causing harm before being detected. As a result, such approaches usually do little to address the harm done to industrial processes in situations where malicious software and/or other varieties cyber attacks are not yet detected until after some amount of damage has been underway for at least some amount of time.

The present invention addresses these and other drawbacks of the prior art by providing a unique approach to mitigating the effects of interruptions and/or delays in electronic communications among computing devices involved in the performance of industrial processes and other repetitive loop processes. Such a disruption may include a single instance or multiple instances of a communication breakdown, and such a disruption may involve a single device or multiple devices.

BRIEF SUMMARY

Techniques are described for providing a system of one or more devices that implements a method for enhancing computer network reliability by countering disruptions in network communications.

A monitoring system includes a processor configured to perform operations including: place the monitoring system into a training mode to generate a model of an industrial process or other operation; receive indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the multiple monitored devices is configured to control the industrial process or other operation; and from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generate the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process are expected to occur.

A monitoring system includes a processor configured to perform operations including: place the monitoring system into an operating mode to use a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation; receive, from one or more interchange devices, indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and compare received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or particular operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

A method of generating a model of an industrial process or other operation includes: receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions, through the interchange device, of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generating, by the processor, the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process or other operation are expected to occur.

A method of using a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation includes: receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and comparing, by the processor, received indications of observed transmissions of operational commands or operational information associated with the industrial process to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure will be better understood and when consideration is given to the drawings and the detailed description which follows. Such description makes reference to the annexed drawings wherein:

FIGS. 1A, 1B and 1C, together, provide block diagrams of an example embodiment of a combination of a monitored system used to control a process of an external system, and monitoring system used to monitor communications within a monitored system.

FIGS. 2A, 2B and 2C, together, provide a more detailed presentation of monitoring of communications within the monitored system by the monitoring system in the example combination of FIGS. 1A-C.

FIGS. 3A, 3B, 3C, 3D and 3E, together, provide a more detailed presentation of one example embodiment of preparing the monitoring system for use in monitoring communications within the monitored system in the example combination of FIGS. 1A-C.

FIGS. 4A, 4B, 4C and 4D, together, provide a more detailed presentation of another example embodiment of preparing the monitoring system for use in monitoring communications within the monitored system in the example combination of FIGS. 1A-C.

FIGS. 5A, 5B and 5C, together, present details of an embodiment of counteracting the effects of a lack of transmission of an expected operational command.

DETAILED DESCRIPTION

In the following detailed description, reference is made to the accompanying drawings that form a part hereof. In the drawings, similar symbols typically identify similar components, unless context dictates otherwise. The illustrative embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented herein. It will be readily understood that the aspects of the present disclosure, as generally described herein, and illustrated in the figures, can be arranged, substituted, combined, separated, and designed in a wide variety of different configurations, all of which are explicitly contemplated herein.

Disclosed herein is a system of one or more devices that implements a method for enhancing computer network reliability by countering disruptions in network communications.

A monitoring system includes a processor configured to perform operations including: place the monitoring system into a training mode to generate a model of an industrial process or other operation; receive indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the multiple monitored devices is configured to control the industrial process or other operation; and from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generate the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process are expected to occur.

A monitoring system includes a processor configured to perform operations including: place the monitoring system into an operating mode to use a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation; receive, from one or more interchange devices, indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and compare received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or particular operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

A method of generating a model of an industrial process or other operation includes: receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions, through the interchange device, of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generating, by the processor, the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process or other operation are expected to occur.

A method of using a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation includes: receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and comparing, by the processor, received indications of observed transmissions of operational commands or operational information associated with the industrial process to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

FIGS. 1A, 1B and 1C, taken together, present an example of a monitoring system 1000 employed to monitor transmissions of operational commands and/or operational information among monitored devices 2300 within a monitored system 2000, where one or more of the monitored devices 2300 of the monitored system 2000 are involved in controlling at least some aspects of an industrial process or other type of process performed within an external system 3000. Additionally, the particular external system 3000 that is controlled by the monitored system 2000 may be one of multiple external systems 3000 that cooperate to define an external domain 4000 by which products may be produced; utility services may be monitored, controlled and/or provided; etc.

Turning to FIG. 1A, in some embodiments, the monitored system 2000 may include a variety of computing devices interconnected by a communications network 2999. Among such computing devices may be multiple monitored devices 2300 that are involved in controlling the industrial process or other type of process that occurs within the one of the external systems 3000 that is depicted as being coupled to one of the monitored devices 2300. As part of being used together in a cooperative manner to control that process, various operational commands or information may be transmitted through the network 2999 among at least a subset of those monitored devices 2300.

For purposes of this patent application, it is important to note that the use of such terms as “monitoring” and “monitored” refer to the monitoring of communications among the monitored devices 2300 of the monitored system 2000 as part of providing reliability and/or cyber security services for the monitored system 2000. Thus, these terms do not refer to the use of the monitored system 2000 to control of any industrial process or other type of process performed within an external system 3000.

Also connected to the network 2999 may be one or more unmonitored devices 2100 where none of the communications therewith through the network 2999 are monitored by the monitoring system 1000. It may be that the one or more of the unmonitored devices 2100 do engage in communications with one or more of the monitored devices 2300 through the network 2999. However, it may also be that none of those communications are associated with controlling an industrial process or other type of process within an external system 3000, and therefore, it may be deemed unnecessary to monitor those communications.

As depicted, the monitoring of the transmission of operational commands and/or operational information among the monitored devices 2300 through the network 2999 by the monitoring system 1000 may be through one or more interchange devices 2700 that make up part of the network 2999. Each such interchange device 2700 may be any of a variety of network devices, including and not limited to, a router, network switch, wireless network access point, network bridge, etc. It may be that the monitoring system 1000 is remotely located from the monitored system 2000 such that it may be deemed to be entirely separate therefrom. Alternatively, it may be that the monitoring system 1000 is co-located with at least a portion of the monitored system 2000, and/or is otherwise integrated with the monitored system 2000, such that it may be deemed to be included therein.

As additionally depicted, the monitoring system 1000 may include one or more monitoring devices 1500. It may be that each of the one or more monitoring devices 1500 of the monitoring system 1000 is still another computing device. As will be explained in greater detail, each of the one or more monitoring devices 1500 may be configured to monitor the transmissions of at least operational commands and/or operational information through the network 2990 among the monitored devices 2300 as part of detecting an instance of a lack of transmission of a particular operational command or particular operational information within a particular span of time in which that particular transmission was expected to occur. Since, such a missing transmission may be associated with controlling aspects of an industrial process or other type of process occurring within one of the depicted external systems 3000, the fact that the missing transmission did not occur within the span of time in which it was expected to occur may have significant deleterious effects on that process.

The failure of the transmission of a particular operational command or operational information through the network 2990 to occur as expected within a particular span of time may arise for any of a variety of reasons. Among those reasons may be any of a variety of hardware and/or software malfunctions that may have occurred within a particular monitored device 2300 such that it is no longer functioning sufficiently to transmit the operational command or information. Alternatively or additionally, among those reasons may be a cyber attack in which a particular monitored device 2300 that was to transmit the operational command or information through the network 2990 has succumbed to malicious software or other form of internal cyber attack that prevents it from doing so, and/or a cyber attack in which a particular monitored device 2300 is inundated with network activity through the network 2990 such that it is prevented from transmitting the operational command or operational information.

As will additionally be explained in greater detail, the monitoring device(s) 1500 of the monitoring system 1000 may be configured to respond to such a failure of occurrence of the transmission of a particular operational command or operational information through the network 2900 by taking any of a variety of actions. By way of example, in some embodiments, the monitoring device(s) 1500 may simply provide an alert to designated personnel of such a failure (e.g., providing an audible and/or visual alert, and/or transmitting an electronic alert message, such as a text message or phone call). Alternatively or additionally, in other embodiments, the monitoring device(s) 1500 may, through the interchange device(s) 2700, transmit that particular operational command or operational information through the network 2999 such that the particular operational command or operational information is still provided to whichever other monitored device 2300 is supposed to receive it, thereby enabling the associated industrial process or other type of process to continue without interruption.

Turning to FIG. 1B, as will be explained in greater detail, the industrial process or other type of process performed within one of the external systems 3000 that is controlled from within the monitored system 2000 may have multiple states where particular action(s) are to be performed and/or where particular event(s) are to occur within each state. The performance of that process may, therefore, progress through a tree of such states with particular transitions occurring between particular states at particular times and/or in response to particular conditions.

As will also be explained in greater detail, there may be particular transmissions of operational commands and/or operational information among particular ones of the monitored devices 2300 that are associated with different ones of such transitions between states of such a process within an external system 3000. By way of example, it may be that a particular operational command or operational information is meant to be transmitted through the network 2999 within a particular span of time in response to the occurrence of particular conditions, such as a transition into a particular state. Or, by way of another example, it may be that a particular operational command or operational information is meant to be transmitted through the network 2999 within a particular span of time to cause a transition into a particular state. Thus, the failure of one of those transmissions to occur when expected within a particular span of time may result in a failure of occurrence of a transition between states that would otherwise normally take place, and/or may result in an errant transition to an incorrect state.

As will be familiar to those skilled in the art, an external system 3000 in which a process is performed, such as the depicted external system 3000x in which a process 3003x may is performed, may include multiple sensing devices 3200 to detect various conditions, and/or multiple effecting devices 3800 able to be commanded to perform various functions. Depending on what the nature of the depicted process 3003x that is performed within the external system 3000x, each of the sensing devices 3200 may be any of a variety of type of sensing device based on any of a variety of technologies to sense any of a variety of conditions, including and not limited to, a temperature sensor, pressure sensor, light sensor, vibration sensor, accelerometer, gyroscope, spectrometer, chemical release sensor, particle emission detector, manually-operable control, manual data input device, air speed sensor, RADAR, LIDAR, SONAR, RPM sensor, etc. Correspondingly, depending on the nature of the process 3003x that is performed within the external system 3000x, each of the effecting devices 3800 may be any of a variety of type of effecting device based on any of a variety of technologies to effect any of a variety of actions, including and not limited to, a robotic arm, gantry crane, remotely controllable mobile platform, welding device, metal press, valve, heater, cooler, power supply, magnet or set of magnets, data storage device, display system, aerofoil or hydrofoil control surface, rudder, magnetron, radiation source, electric motor, internal combustion engine, turbine engine, etc.

As depicted, it may be that one of the monitored devices 2300, such as the depicted monitored device 2300x, is coupled to individual ones of the sensing devices 3200 and/or the effecting devices 3800 of the external system 3000x. Thus, the effecting devices 3800 of the external system 3000x may be operated in a concerted manner by the monitored device 2300x to perform various steps of the process 3003x, while being guided by data received by the monitored device 2300x from the sensing devices 3200 of the external system 3000x.

As also depicted, the monitored device 2300x may include one or more processors 2350x, a storage 2360x, and/or a port 2390x to couple the monitored device 2300x to the network 2999. The storage 2360x and/or the port 2390x may each be communicatively coupled to the processor(s) 2350x to exchange executable instructions and/or data therewith through the exchange of electrical, optical, magnetic and/or other signals through one or more buses and/or other form of interconnect within the monitored device 2300x. Further, the storage 2360x may store a control routine 2340x that may include instructions executable by the processor(s) 2350x to cause the processor(s) 2350x to perform various functions.

In various embodiments, it may be that the control routine 2340x is operative on the processor(s) 2350x of the monitored device 2300x to cause the processor(s) 2350x to monitor the sensing devices 3200 of the external system 3000x to monitor aspects of the process 3003x performed within the external system 3000x, and/or to command the effecting devices 3800 of the external system 3000x in a manner that causes the processor(s) 2350x to put the external system 3000x into at least a subset of the multiple states of the process 3003x. Stated differently, the control routine 2340x may be capable of causing the processor(s) 2350x to monitor for and/or to implement at least a subset of those multiple states of the process 3003x.

While the monitored device 2300x may be so coupled to the external system 3000x so as to be capable of monitoring for and/or implementing states of the process 3003x performed therein, it may be that the overall actual performance of the process 3003x is controlled by another of the monitored devices 2300, such as the depicted monitored device 2300a. More precisely, it may be that the monitored device 2300a transmits operational commands and/or operational information to the monitored device 2300x to cause the monitored device 2300x to implement at least a subset of the transitions between states within the external system 3000x as part of causing the process 3003x to be performed. It may also be that the monitored device 2300x transmits operational information to the monitored device 2300a indicative of data received from one or more of the sensing devices 3200 to enable the monitored device 2300a to determine when particular ones of such transitions between states of the process 3003x should occur.

As depicted, the monitored device 2300a may include one or more processors 2350a, a storage 2360a, and/or a port 2390a to couple the monitored device 2300a to the network 2999. The storage 2360a and/or the port 2390a may each be communicatively coupled to the processor(s) 2350a to exchange executable instructions and/or data therewith through the exchange of electrical, optical, magnetic and/or other signals through one or more buses and/or other form of interconnect within the monitored device 2300a. Further, the storage 2360a may store a control routine 2340a that may include instructions executable by the processor(s) 2350a to cause the processor(s) 2350a to perform various functions.

In various embodiments, it may be that the control routine 2340a is operative on the processor(s) 2350a of the monitored device 2300a to cause the processor(s) 2350a to transmit operational commands to the monitored device 2300x to control the performance of the process of the external system 3000x based, at least in part, on operational information received from the monitored device 2300x. Stated differently, the control routine 2340a may be capable of causing the processor(s) 2350a to command the occurrence of transitions among at least a subset of the states of the process of the external system 3000x, thereby causing the process to be performed. Thus, in this more specific example provided in FIG. 1B, the monitored devices 2300a and 2300x, together, may implement the logic of a finite state machine for the process performed within the external system 3000x.

Turning to FIG. 1C, as previously discussed, the network 2999 includes one or more interchange devices 2700 such that operational commands and/or operational information that are transmitted through the network 2999 are necessarily also transmitted through one or more of such interchange devices 2700.

As depicted, each such interchange device 2700 may include one or more processors 2750, a storage 2760, multiple bi-directional ports 2790, and/or a span port 2795. The storage 2760, the ports 2790 and/or the span port 2795 may each be communicatively coupled to the processor(s) 2750 to exchange executable instructions and/or data therewith through the exchange of electrical, optical, magnetic and/or other signals through one or more buses and/or other form of interconnect within each interchange device 2700. Further, the storage 2760 may store a control routine 2740 that may include instructions executable by the processor(s) 2750 to cause the processor(s) 2750 to perform various functions. Alternatively or additionally, a portion of the storage 2760 may be allocated to serve as a buffer 2766.

As previously discussed, each interchange device 2700 may be any of a variety of types of network device. Thus, in some embodiments, the depicted interchange device 2700 may be a relatively simple hub device in which execution of the control routine 2740 by the processor(s) 2750 may cause the processor(s) 2790 to, in response to receiving a transmission at one of the ports 2790, output the very same transmission in a broadcasting manner at all other ports 2790. Alternatively, in other embodiments, the depicted interchange device 2700 may be a relatively more sophisticated device in which execution of the control routine 2740 by the processor(s) 2750 may cause the processor(s) 2790 to use internally stored address information associated with each port 2790 to more selectively relay a transmission received at one port 2750 to just one other port 2750 or just a subset of the other ports 2750.

Regardless of the level of sophistication of the depicted interchange device 2700, it may be that received transmissions are temporarily stored within the buffer 2766 for a predetermined period of time and/or until there is an indication of success in being relayed onward through the network 2999. This may be done to enable one or more attempts at retransmission to be performed in response to an indication of failure in an initial attempt at relaying onward through the network 2999.

Further, the depicted interchange device 2700 may include a span port 2795 that may be implemented as an output-only port that relays each transmission that is received at any port 2790 of the interchange device 2700. Thus, as depicted, the span port 2795 may be coupled to a monitoring device 1500 of the monitoring system 1000 to enable copies of all traffic that passes through the interchange device 2700 to be provided to that monitoring device 1500. As will be discussed in greater detail, this enables that monitoring device 1500 to detect an instance in which a transmission of a particular operational command and/or operational information among the monitored devices 2300 that was expected to occur within a particular span of time, but which fails to occur. As additionally, depicted, the same depicted monitoring device 1500 may also be coupled to the depicted interchange device 2700 via another of the ports 2790. As will also be explained in greater detail, such an additional coupling therebetween may enable the monitoring device 1500 to respond to such a lack of occurrence of such a transmission by providing the missing transmission, itself.

In embodiments in which the interchange device 2700 is of a more sophisticated variety, it may be that execution of the control routine 2740 causes the processor(s) 2750 thereof to respond to commands received from such a monitoring device 1500 to limit the copies and/or indications of network traffic that are provided through the span port 2795 to those of particular types and/or to those associated with particular devices. In this way, it may be that the depicted interchange device 2700 is caused to cooperate with the depicted monitoring device 1500 to limit the copies and/or indications of network traffic that are output to the monitoring device 1500 to operational commands and/or operational information exchanged among monitored devices 2300.

As depicted, each such monitoring device 1000 may include one or more processors 1550, a storage 1560, and/or one or more ports 1590 for coupling to one or more interchange devices 2700 of the network 2999. The storage 1560 and/or the port(s) 1590 may each be communicatively coupled to the processor(s) 1550 to exchange executable instructions and/or data therewith through the exchange of electrical, optical, magnetic and/or other signals through one or more buses and/or other form of interconnect within each monitoring device 1500. Further, the storage 1560 may store a control routine 1540 that may include instructions executable by the processor(s) 1550 to cause the processor(s) 1550 to perform various functions. Alternatively or additionally, the storage 1560 may store a database 1530 of information concerning states, operational commands and/or operational information associated with one or more processes that may be performed within one or more external systems 3000, as well as information concerning actions to be taken in response to situations observed on the network 2999 that at least appear to fall outside what is expected to occur during the performance of each of those one or more processes.

Returning to FIG. 1A, although the monitored system 2000 has been discussed as being made up of multiple networked computing devices 2100, 2300 and/or 2700, in alternate embodiments, it may be that the monitored system 2000 is, itself, a single computing device. In such alternate embodiments, the device(s) 2100, 2300 and/or 2700 may be components of that single computing device that are interconnected by an internal network of buses 2999. In such alternate embodiments, it may be that each of the one or more interchange devices 2700 is an integrated circuit providing a form of crosspoint switch function for the network of buses 2999 by which commands and/or data are exchanged among the other devices 2100 and/or 2300.

Further, in such alternate embodiments, it may additionally be that the monitoring system 1000 is implemented using one or more microcontrollers that may be physically incorporated into the single computing device of the monitored system 2000. However, it may also be that the monitoring system 1000 is otherwise isolated from the central processing units (CPUs) thereof of that single computing device.

Still further, and regardless of whether the monitored system 2000 is made up of multiple networked computing devices, or is, itself, a computing device, it may be that the monitoring system 1000 is implemented via public or private cloud-based network computing resources.

FIGS. 2A, 2B and 2C, taken together, present various aspects of example implementations of the network 2999, including example implementations of the interchange device(s) 2700.

Turning to FIG. 2A, each of the ports 2790 of an interchange device 2700 of the one or more interchange devices 2700 may be coupled by a separate link 2990 to a separate unmonitored device 2100 or monitored device 2300. As those skilled in the art will readily recognize, this may create a form of hub-and-spoke topology, or other electrically similar topology, in which an interchange device 2700 may be at the center of a set of point-to-point connections to a corresponding set of multiple devices 2100/2300. Turning briefly to FIG. 2B, along with FIG. 2A, in larger embodiments of the monitored system 2000, it may be that multiple interchange devices 2700 are coupled together to form a larger version such a hub-and-spoke topology.

Returning to FIG. 2A, for each monitored system 2000, the span port 2795 of at least a single interchange device 2700 may be coupled by a separate link 2995 to at least a single monitoring device 1500 of a monitoring system 1000. As the devices 2100 and/or 2300 of the monitored system 2000 engage in communications thereamong through the network 2999, copies and/or indications of at least operational commands and/or operational information that are transmitted among at least the monitored devices 2300 may be relayed to the one or more monitoring devices 1500 via the span port(s) 2995 and links 2995. In some embodiments, it may be that such a single monitoring device 1500 is additionally or alternatively coupled, by a link 2995, to a bi-directional port 2790 of such a single interchange device 2700 to enable the single monitoring device 1500 to control one or more the interchange device 2700 and/or to transmit an operational command or operational information to a monitored device 2300 therethrough.

Turning again briefly to FIG. 2B, along with FIG. 2A, where there are multiple interchange devices 2700 incorporated into an embodiment of the monitored system 2000, it may be that each one of the multiple interchange devices 2700 incorporates a separate span port 2795. The span port 2795 of each of those multiple interchange devices 2700 may then be separately coupled by a separate link 2995 to one or more monitoring devices 1500 of the monitoring system 1000 of that embodiment, thereby enabling each one of those multiple interchange devices 2700 to directly relay indications and/or copies of at least operational commands and/or operational information that are transmitted among at least the monitored devices 2300 thereto. Alternatively, it may be that just a single one of those multiple interchange devices 2700 is so coupled to a monitoring device 1500, and that single interchange device 2700 may relay indications and/or copies of such operational commands and/or operational information conveyed through all of the multiple interchange devices 2700 through the single span port 2795 and single link 2995.

Regardless of the quantity of interchange devices 2700 and/or the exact manner in which those interchange device(s) 2700 are coupled to one or more monitoring devices 1500, as previously discussed, the interchange device(s) 2700 may include the ability to be programmed to specify a particular subset of transmissions for which indications and/or copies thereof are relayed to the monitoring device(s) 1500. Such a subset may be specified by identifiers of devices involved, types of transmission, types of protocol used, size of what is transmitted, time of day or day of week of transmissions, etc. Indeed, in some embodiments, it may be the use of identifiers of devices in defining such a subset that effectively defines which devices within the monitored system 2000 are the monitored devices 2300, versus which devices are the unmonitored devices 2100.

In embodiments in which the monitored system 2000 is made up of a set of networked computing devices, each link 2990 and/or 2995 may be implemented using any of a variety of wireless and/or cabling-based network technologies, including and not limited to, Bluetooth, Wi-Fi, cellular signaling, twisted-pair electrical cabling, coaxial electrical cabling, and fiber optic cabling. Such wireless and/or cabling-based technologies may adhere to any of a wide variety of specifications, including and not limited to, Ethernet and/or TCP/IP. In embodiments in which the monitored system 2000 is made up of a single computing device, each link 2990 and/or 2995 may be implemented using any of a variety of widely used and accepted internal bus specifications, including and not limited to, PCI-Express bus, and I2C bus.

Turning to FIG. 2C, in some embodiments, it may be that a monitored device 2300 includes multiple components 2303 where transmissions of operational commands or operational information thereto and/or therefrom are at least able to be observed through the link 2990 by which that monitored device 2300 is coupled to an interchange device 2700. More specifically, it may be that a single monitored device 2300 incorporates multiple components 2303 that are able to be separately addressed and communicated with through that link 2990 in a manner almost akin to being entirely separate devices. Alternatively or additionally, it may be that transmissions of operational commands or operational information among multiple components 2303 within a single monitored device 2300 are also reflected on that link 2990.

Thus, and by way of example, where the depicted monitored component 2303A of the depicted monitored device 2300 transmits an operational command or operational information to another depicted monitored component 2303B within the same monitored device 2300, a copy of that transmission may also be transmitted onto the depicted link 2990, thereby enabling the depicted interchange device 2700 to relay an indication and/or copy of that transmission onward to the depicted monitoring device 1500. As still another alternative, it may be that such a transmission between the depicted monitored components 2303A and 2303B is performed by the monitored component 2303A transmitting the operational command or operational information out to the depicted interchange device 2700, followed by the interchange device 2700 relaying that operational command or operational information back along the same link 2990 to the monitored component 2303B.

Regardless of the exact manner in which transmissions of operational commands or operational information are relayed to the monitoring device(s) 1500 of the monitoring system 1000, as will shortly be explained in greater detail, the indications and/or copies of operational commands or operational information that are so relayed may be compared to information stored within the database 1530 concerning what transmissions of operational commands or operational information are expected to occur (and when) as part of identifying instances in which observed transmissions of operational commands or operational information deviate from what is expected.

FIGS. 3A, 3B, 3C, 3D and 3E, taken together, present various aspects of an example embodiment of preparing a monitoring device 1500 for monitoring transmissions 3400 through a network 2999 of an embodiment of the monitored system 2000, and/or for taking action to address anomalies associated with therewith. In so doing, FIGS. 3A-E depict further aspects of the example process 3003x that was earlier introduced in connection with FIG. 1B.

Turning to FIG. 3A, as previously discussed, and as depicted, a process performed within one of the external systems 3000 may be defined as having a tree of multiple states that is traversed during its performance, such as the depicted process states 3600p1, 3600p2, etc., of the depicted process 3003x performed within the depicted external system 3000x. As also previously discussed, such an external system as the depicted external system 3000x may include one or more sensing devices 3200 to monitor various aspects of the process 3003x performed therein, and/or one or more effecting devices 3800 to effect various aspects of a performance of the process 3003x therein.

As also previously discussed, one or more transmissions 3400 through the network 2999 may be associated with the beginning of a performance of the process 3003x, such as the depicted one or more transmissions 3440np. More specifically, in various embodiments, there may be one or more transmissions 3440np that trigger the commencement of the process 3003x. By way of example, there may be transmission(s) 3400np that convey operational command(s) between monitored devices 2300 (e.g., the depicted monitored devices 2300a and 2300x) through the network 2999 to prepare for beginning the process 3003x, and/or to actually begin the process 3003x. Such operational command(s) may, in turn, cause one or more effecting devices 3800 to be commanded to perform operations that implement such preparations, and/or that actually begin the process 3003x at the depicted process state 3600p1. Alternatively or additionally, there may be transmission(s) 3440np that convey operational information between monitored devices 2300 through the network 2999 that preparations for beginning the process 3003x have been completed, and/or that the process 3003x has begun. Such operational information may include data collected by one or more sensing devices 3200.

Further, as has additionally been discussed, there may be one or more transmissions 3400 that are not associated within performing the process 3003x, and that don't occur during a performance of the process 3003x, such as the depicted one or more transmissions 3400n. Such transmissions 3400n may be associated with maintaining the external system 3000x in the depicted non-process state 3600n, such as a distinct “off” state, a “sleep” state, or a “standby” state. As will be familiar to those skilled in the art, such a non-process state 3600n may be configured to minimize the consumption of energy, to maintain device(s) in a known inactive state, and/or maintain substance(s) in a known safe storage state. Such a minimal consumption of energy may be directed toward maintaining a cache of pre-loaded data in readiness for a future performance of the process 3003x, and/or such a safe storage state may preserve substances in a condition for use in a future performance of the process 3003x. By way of example, there may be transmission(s) 3400n that convey operational command(s) between monitored devices 2300 through the network 2999 to effect and/or maintain the non-process state 3600n. Such operational command(s) may, in turn, cause one or more effecting devices 3800 to be command to perform operations that implement and/or maintain various aspects of the non-process state 3600n. Alternatively or additionally, there may be transmission(s) 3400n that convey operational information between monitored devices 2300 through the network 2999 concerning aspects of maintaining the non-process state 3600n. Such operational information may include data collected by one or more sensing devices 3200 about the ongoing preservation of data, and/or about the ongoing preservation of substance(s) in storage.

As has also been additionally discussed, it may be that a particular transmission 3400n of the non-process state 3600n, a particular transmission 3400np associated with commencing the process 3003x, or a combination of multiple transmissions 3400n and/or 3400np, are selected to serve as an indication that is observable on the network 2999 that the process 3003x has begun. Thus, by monitoring transmissions 3400 occurring on the network 2999 (through one or more interchange devices 2700), a monitoring device 1500 may identify instances in which such particular transmissions 3400n and/or 3400np (or such a combination thereof) have occurred on the network 2999, and use such instances as an indication of when to begin monitoring the network 2999 for transmissions 3400 associated with the process 3003x.

As previously discussed, just as there may be transmissions 3400n and/or 3400np that are associated with the beginning of a performance of a process, such as the depicted process 3003x, there may also be various transmissions 3400 between monitored devices 2300 that may be associated with transitions between process states 3600p, such as the depicted one or more transmissions 3400pp associated with transitioning between the process states 3600p1 and 3600p2. More specifically, and as previously discussed, for each process state 3600p, there may be one or more transmissions 3400pp that are associated with the beginning of that process state 3600p, and/or there may be one or more transmissions 3400pp that are associated with the ending of that process state 3600p. Again, this may arise from the fact that some transmissions 3400pp may trigger the beginning of a process state 3600p, some transmissions 3400pp may be caused to occur by the beginning of a process state 3600p, some transmissions 3400pp may trigger the ending of a process state 3600p, and/or some transmissions 3400pp may be caused to occur by the ending of a process state 3600p. In a manner similar to the commencement of the process 3003x, ones of the transmissions 3400pp that trigger the beginning or the ending of a process state 3600p may convey operational command(s) that, in turn, cause effecting device(s) 3800 to be commanded to perform operations that effectuate such a beginning or ending.

Correspondingly, ones of the transmissions 3400pp that are caused to occur by the beginning or the ending of a process state 3600p may convey operational information that includes data collected by one or more sensing device 3200 associated with such a beginning or ending.

As also previously discussed, there may be transmissions 3400 that convey operational commands and/or operational information between monitored devices 2300 during one or more of the process states 3600p, such as the depicted transmissions 3400p occurring during each of the depicted process states 3600p1 and 3600p2. Again, such transmissions 3400p may convey operational information that may include data collected by sensing devices 3200 that is indicative of various measurements associated with a portion of a process 3003 that occurs during a process state 3600p. Alternatively or additionally, such transmissions 3400p may convey operational commands that, in turn, cause effecting device(s) 3800 to perform various operations during a process state 3600p.

FIG. 3B depicts aspects of various causal relationships among various aspects of a performance of a process, such as the depicted process 3003x. More specifically, there may be causal relationships between transmissions 3400 and at least a subset of the process states 3600p. As those skilled in the art will readily recognize, such causal relationships may dictate what transmissions 3400 are to occur on the network 2999, the type of transmission (e.g., a transmission conveying operational command(s), or a transmission conveying operational information), aspects of the content of each transmission (e.g., which operational command is conveyed, what parameters accompany each command, and/or what data values are included in operational information that is conveyed), and/or the timing of each transmission (e.g., when each transmission is expected to occur on the network 2999).

As previously discussed, there may be one or more transmissions 3400np that may trigger the beginning of a performance of the process 3003x, and various aspects of such transmission(s) 3400np may be dictated by various requirements associated with the process 3003x. By way of example, it may be that the protocol used to control the process 3003x dictates that at least one particular operational command be transmitted to triggering the commencement of the process 3003x. This may dictate that a transmission 3400np of a type that conveys an operational command is required, and that the particular operational command specified by the protocol is the one that is to be conveyed. The same protocol may also dictate one or more of the parameters that are to be included with the particular operational command in that transmission 3400np.

Again, the transmissions 3400n that occur during the depicted non-process state 3600n may be associated with monitoring and/or maintaining aspects of the non-process state 3600n, and may not be associated with the process 3003x. However, it may also be that there is a causality between the occurrence of such a transmission 3400n during the non-process state 3600n, and a later transmission 3400np that triggers the commencement of the process 3003x. By way of example, it may be that operational information that is conveyed in one or more of the transmissions 3400n includes data indicative of measurements taken during the non-process state 3600n that in some way influences a parameter of an operational command that is later conveyed in a transmission 3400np that triggers the commencement of the process 3003x. As those skilled in the art will readily recognize, such a situation may arise where a measurement of an aspect of a device and/or of a substance that is taken during the non-process state 3600n may influence an aspects of how the process 3003x is to begin, such as a temperature reading taken during the non-process state 3600n that affects of a parameter for controlling heating or cooling within an operational command for triggering the commencement of the process 3003x. As will be discussed further, there may be logic employed in the control of the process 3003x that is used to derive a value for such a parameter based on such input as an earlier-collected measurement.

As also previously discussed, there may be one or more transmissions 3400np that are caused to occur by the commencement of the process 3003x. By way of example, it may be that the protocol used to control the process 3003x dictates that operational information be conveyed that includes an indication of success or failure in commencing performance of the process 3003x, along an indication of the type of failure in situations where failure occurs. This may dictate that a transmission 3400np of a type that conveys operational information is required, as well as dictating what operational information is to be included. The same protocol may also dictate one or more aspects of the formatting of the data values that are used to represent that operational information in that transmission 3400np. As will be discussed further, there may be logic employed in the control of the process 3003x that is used to identify such a failure, and thereby determine the particular indication of type of failure that may be included in such operational information.

In a manner similar to the transmission(s) 3400np associated with the commencement of a process 3003, there may be one or more transmissions 3400pp that may trigger a transition between process states 3600, such as the depicted transition from the process state 3600p1 to the process state 3600p2 of the depicted process 3003x. This may include transmission(s) 3400pp that separately trigger the ending of one process state 3600p, and/or transmission(s) 3400pp that separately trigger the beginning of the next process state 3600p, as well as transmission(s) 3400pp that may serve both purposes. Also in a similar manner, various aspects of such transmission(s) 3400pp may be dictated by various requirements associated with the process 3003x, and/or dictated by various requirements of the particular process states 3600 between which the transition occurs. Again, such aspects may include requirements for the transmission(s) 3400pp based on protocols uses. Also, and as will be discussed further, there may be logic employed in the control of the process 3003x that is used to determine what operational commands and/or what operational information is to be transmitted, used to derive values for parameters of operational commands that may be transmitted, and/or used to derive data values included in operational information that may be transmitted.

Again, the transmissions 3400p that occur during each of process state 3600p may be associated with monitoring and/or controlling operations that are performed during each of the process states 3600p as part of performing the process 3003x. As depicted, there may be causality between such transmissions 3400p and preceding transmissions 3400np for the commencement of the process 3003x and/or preceding transmissions 3400pp for a preceding transition between process states 3600p. Alternatively or additionally, there may be causality between such transmissions 3400p and subsequent transmissions 3400pp for a subsequent transition between process states 3600p. Also alternatively or additionally, there may be causality among such transmissions 3400p associated with a single process state 3600p, or among multiple process states 3600p. Each of such causalities may include influences that previously transmitted operational commands, parameters of previously transmitted operational commands, and/or data values in previously transmitted operational information, may exert on subsequently transmitted operational commands, parameters of subsequently transmitted operational commands, and/or data values in subsequently transmitted operational information. Again, there may be logic employed in the control of the process 3003x that is used to determine what operational commands and/or what operational information is to be transmitted, used to derive values for parameters of operational commands that may be transmitted, and/or used to derive data values included in operational information that may be transmitted.

FIG. 3C depicts aspects of various timing relationships among various aspects of a performance of a process, such as the depicted process 3003x. More specifically, there may be timing relationships between transmissions 3400 and at least a subset of the process states 3600p. The earlier discussed causal relationships may at least partially dictate aspects of the timing of at least a subset of the transmissions 3400n, 3400np, 3400p and/or 3400pp.

More specifically, the start times (Tstart), the stop times (Tstop) and/or the transmission duration times (Txmt) for at least a subset of these transmissions may be at least partially determined by whether each of such transmissions is causes or is caused by the commencement of the process 3003x, and/or causes or is caused by a transition between process states 3600p. Thus, although FIG. 3C depicts an example transmission 3400np as occurring at least partially simultaneously with the transition from the non-process state 3600n and to the process state 3600p1, the entirety of this same example transmission 3400np could occur entirely before that transition or entirely afterward. Similarly, although an example transmission 3400pp is depicted as occurring at least partially simultaneously with the transition from the process state 3600p1 and to another process state 3600p, the entirety of this same example transmission 3400pp could occur entirely before that transition or entirely afterward.

Also depicted is an example transmission 3400n that occurs entirely within the non-process state time period (Tnps) of the non-process state 3600n, and an example transmission 3400p that occurs entirely within the process state time period (Tps) of the process state 3600p1.

However, despite the role that causality in connection with such transitions may play in at least partially dictating timing of various ones of these transmissions 3400n, 3400np, 3400p and/or 3400pp, other factors unrelated to such transitions may also play a role. By way of example, during the portion of the performance of the process 3003x that occurs during the depicted process state 3600p1, a circumstance may arise that triggers the occurrence of a transmission 3400p during that process state that conveys operational information indicative of a milestone in the process 3003x having been reached, or of an anomalous event having been detected by one of the sensing devices 3200 (e.g., a high temperature reading, or of a lack of imminent lack of available data storage space). While such a transmission 3400p may occur entirely within the Tps of the process state 3600p1, its occurrence may be entirely based on logic used to trigger such notification transmissions, and may not actually be dictated by any direct constraint relative to either the start or end of that time period beyond the fact that such logic may only be used during the process state 3600p1.

Turning to FIG. 3D, as previously discussed, it may be that portions of the logic for controlling a process 3003 may be distributed among multiple ones of the monitored devices 2300, such as the depicted monitored devices 2300a and 2300x associated with controlling the example process 3003x within the depicted external system 3000x. As also depicted, it may be that still another portion of such logic is distributed to one or more components within the external system 3000x (e.g., to one or more sensing devices 3200 and/or to one or more effecting devices 3800 therein).

Again, it may be that a monitored device 2300 that is in direct communication with an external system 3000 (e.g., the monitored device 2300x in direct communication with the external system 3000x) may implement lower level portions of logic associated with controlling individual effecting devices 3800 to implement specific details of at least a subset of the process states 3600 of a process 3003. Alternatively or additionally, a monitored device 2300 that is in such direct communication with an external system 3000 may implement lower level portions of logic for receiving data from sensing devices 3200 and/or for responding to such data by transmitting operational information to one or more other monitored devices 2300 implementing other portions of the logic for controlling a process 3003.

Also, it may be that a monitored device 2300 that is not in direct communication with an external system 3000 (e.g., the monitored device 2300a that communicates with the monitored device 2300x concerning the external system 3000x) may implement higher level portions of logic associated with using received operational information to determine whether a transition between process states 3600 has occurred in a process 3003, and/or when to command that a transition between process states 3600 is to be caused to occur. Alternatively or additionally, a monitored device 2300 that is not in direct communication with an external system 3000 may provide a user interface to an operator tasked with overseeing the performance of a process 3003 within an external system 3000.

Further, it may be that components of an external system 3000, such as sensing devices 3200 and/or effecting devices 3800 of the external system 3000x, may incorporate or otherwise implement various forms of relatively simple logic for locally handling various specific events. Such events may include loss of communication with a monitored device 2300 that would otherwise monitor and control the external system 3000, such that the locally implemented logic serves as a backup form of monitoring and/or control for a limited period of time until such communication is reestablished. Alternatively or additionally, such events may include an emergency situation, such as the outbreak of a fire or other condition that triggers the locally implemented logic to independently act to quickly implement a transition to a known failsafe state.

As part of preparing a monitoring device 1500 for use in monitoring and addressing anomalies in transmissions 3400 among monitored devices 2300 through the network 2999 concerning a process 3003, it may be deemed desirable to provide details of such portions of the logic for controlling that process 3003 to the monitoring device 1500. Doing so may enable the monitoring device 1500 to internally simulate the such logic as that process is performed, and thereby anticipate each transmission 3400 that is expected to occur on the network 2999 in connection with that process, and/or anticipate when each such transmission 3400 is to occur. In this way, the monitoring device 1500 may be prepared to analyze such communications and recognize instances in which anomalies in such communications occur. This may also enable the monitoring device 1500 to identify one or more transmissions 3400 that provide an indication that the performance of a particular process 3003 has begun and/or is being triggered to begin.

Thus, as depicted, it may be that the control routine 1540 of the depicted monitoring device 1500 incorporates an intake component 1544 that, when executed by processor(s) 1550 thereof, causes the intake and/or interpretation of such portions of such logic. It may be that each such portion of such logic is described and/or implemented in one or more scripting languages, logic tables, etc. As those skilled in the art will readily recognize, due to the vast variety of available control components based on a vast variety of widely differing processers, microcontrollers, etc., it may be that different portions of such logic are encoded in any of a wide variety of different scripting languages, logic tables, etc. Thus, the processor(s) 1550 may be caused, by execution of the intake component 1544, to employ a variety of interpretation components thereof to parse each portion of logic.

Turning to FIG. 3E, as depicted, the database 1530 may include multiple entry sets 1531 that are each employed to store details of the logic of a different process 3003. As also depicted, each entry set 1531 may include multiple state entries 1533 that each store various details of a single state of a process 3003. Again, it may be that a process 3003 that may be performed within one of the external systems 3000 may be definable as a set of states 3600p among which particular transitions occur at particular times and/or in response to particular conditions. As also previously discussed, it may be that each such transition between states 3600p is associated with the transmission of one or more particular operational commands or operational information among monitored devices 2300 through the network 2999.

More specifically, each state entry 1533 may include a description of the logic that triggers entry into the corresponding state 3600p, the logic that triggers exiting therefrom, and/or the logic for selecting the next state 3600p that is to be transitioned to. Each state entry 1533 may include various details associated with each transmission 3400 that may occur on the network 2999 in connection with the corresponding state 3600p, including and not limited to, the logic for selecting the type of transmission that is to occur, the logic for selecting what command(s) and/or parameter values are to be included in each transmission of operational command(s), the logic for deriving the data value(s) that are to be included in each transmission of operational information, and/or the logic for determining the timing(s) of when each transmission is to occur.

Still further, each state entry 1533 may include various other details that may also be provided from such an intake of details of portions of logic, and/or that may be learned through observation of transmissions 3400 that occur during one or more performances of the corresponding process 3003. Such additional details may include, but not be limited to, what operational command(s) or operational information are observed as being transmitted through the network, what other state(s) may validly be transitioned from to enter the corresponding state, what other state(s) may validly be transitioned to from the corresponding state, identifiers of those monitored devices 2300, and/or the frequency with which each is observed to occur.

Such additional details may also include, but not be limited to, observations of the timings with which each transmission 3400 occurs. More precisely, each state entry 1533 may specify span(s) of time in which particular operational command(s) or operational information are expected to be transmitted. Again, such spans of time may be associated with an occurrence of a transition between states, or may be associated with a particular set of conditions having been met such that transmissions of particular operational commands or operational information may be relied upon to cause a transition between states. Over time, as such transmissions 3400 are observed to occur, it may be that, for each transmission, a model is derived of the span of timing in which each transmission is expected to occur and/or of the relative probabilities of when each transmission is expected to occur. In some embodiments, it may be that the span of time is at least partially derived from a statistical analysis of observations of timing of multiple observed instances of transmissions 3400 of operational commands or operational information associated with an industrial process. Such a statistical derivation of timing may allow for variances in the timing of transmission(s) 3400 that have not been observed, but which are deemed to be at least statistically plausible based on such observations.

Additionally, each state entry 1533 may also include at least one identification (ID) entry 1532 that describes transmission(s) 3400 or a sequence of transmissions 3400 that, if observed as occurring on the network 2999, serve as an indication that the corresponding process 3003 has begun, or is being triggered to begin. Such details may include the types of the one or more transmissions 3400, the particular commands and associated parameters that may be included in particular transmission(s) 3400 of operational commands, and/or aspects of the particular data that may be included in particular transmission(s) 3400 of operational information.

Thus, and briefly returning to FIG. 3D, it may be that the control routine 1540 also incorporates a learning component 1543 that, when executed by the processor(s) 1550, cause the processor(s) 1550 to monitor the transmissions 3400 that are associated with the corresponding process 3003, as those transmissions 3400 occur, to observe their timings. This may be done in recognition that the descriptions of the logic that lead to the occurrences of those transmissions 3400 may not provide a complete enough picture. As those skilled in the art will readily recognize, numerous factors concerning the selection of devices and/or components of devices within a monitored 2000, and/or within the network 2999 thereof, can affect the timings of each transmission 3400. In particular, delays in the propagation of a transmission 3400 through a network 2999 are incurred as that transmission 3400 makes its way through each component of that network 2999. Additionally, there may be numerous additional variables in the internal operation of each monitored device 2300 that impose a varying amount of delay from the time when a determination is made to transmit an operational command or operational information, and to the time at which that transmission 3400 emanates from the network interface 2390 of that monitored device 2300. Thus, even though the logic for controlling a process 3003 may control when the determination is made to cause a transmission 3400 to occur on the network 2999, there is likely to be some amount of delay until when that transmission 3400 actually does occur on the network 2999.

Continuing with FIG. 3D, it may be that the learning component 1543 also causes observations to be made of the data values that are included within transmissions 3400 of operational information that occur on the network 2999 in connection with one or more performances of a process 3003. As those skilled in the art will readily recognize, although it may be the case that the logic for controlling a process 3003 dictates at least a subset of the data values that are included in transmissions 3400 of operational information between monitored devices 2300, there may be other data values in such transmissions 3400 that are indicative of, or based on, data collected by sensing devices 3200. Since such collected data may be influenced by any of a variety of conditions occurring during a process 3003, at least a subset of the transmissions 3400 of operational information may include data values that are not predictable based on the logic for controlling that process 3003. Thus, observations made of data values included in transmissions 3400 of operational information may be used to derive models of expected ranges of data values and/or of the relative probabilities thereof. In this way, an monitoring device 1500 may be provided to determine what data values to expect in such transmissions 3400 during subsequent performances of that same process 3003.

FIGS. 4A, 4B, 4C and 4D, taken together, present various aspects of another example embodiment of preparing a monitoring device 1500 for monitoring transmissions 3400 through a network 2999 of an embodiment of the monitored system 2000, and/or for taking action to address anomalies associated with therewith. In so doing, FIGS. 4A-D again depict further aspects of the example process 3003x that was earlier introduced in connection with FIG. 1B. Unlike the example embodiment of FIGS. 3A-E where the monitoring device 1500 was provided with descriptions of the logic used to control the process 3003x, the example embodiment of FIGS. 4A-D is of a situation in which such logic is not so provided. Thus, the example embodiment of FIGS. 4A-D illustrates preparing a monitoring device 1500 based on machine learning from observations of network traffic during multiple performances of the process 3003x.

FIG. 4A, when compared to FIG. 3D, illustrates this difference in approach to preparing a monitoring device 1500. With no provision of information concerning any portion of the logic used to control the process 3003x in the external system 3000x, the processor(s) 1550 of the depicted monitoring device 1500 are caused, by execution of the learning component 1543, to rely largely (if not entirely) on observations of transmissions 3400 that occur on the network 2999 during multiple performances of the process 3003x. Thus, in addition to observations of timings of transmissions 3400 and/or observations of data values in transmissions 3400 of operational information (as described above in reference to FIG. 3D), the monitoring device 1500 may also rely on observations of types of transmissions 3400 occur (and in what order), and relies on observations of what commands and/or parameters are included in transmissions 3400 of operational commands.

FIG. 4B, when compared to FIG. 3B, illustrates causality information that is not provided to the monitoring device 1500 as a result of not being provided with a description of the logic for controlling the process 3003x. In some embodiments, indications that are manually entered by an operator of what transmission(s) 3400, or sequence of transmissions 3400, are associated with the beginning of the process 3003x may be relied upon by the monitoring device 1500 to serve as an indicator for when a performance of the process 3003x has begun and/or is being triggered to begin. Thus, as depicted, it may still be possible for the monitoring device 1500 to correlate specific transmission(s) 3400 (e.g., one or more of the depicted transmissions 3400n, 3400np and/or 3400p1) with the beginning of a performance of the process 3003x.

However, even with the benefit of an operator of the monitored system 2000 providing manual identification of each transmission 3400 that is associated with the process 3003x versus other transmissions 3400 that are not associated with the process 3003x, there remains no information provided to the monitoring device 1500 that correlates individual process states 3600p to individual transmissions 3400p (e.g., the specifically labeled transmissions 3400p1, 3400p2, and so on). As a result, identifying instances of causality between particular process states 3600p and the occurrence and/or content of particular transmissions 3400p, and/or identifying instances of causality between particular transitions between process states 3600p and the occurrence and/or content of particular transmissions 3400p, may not be possible.

FIG. 4C, when compared to FIG. 3C, illustrates timing information that is not provided to the monitoring device 1500 as a result of not being provided with a description of the logic for controlling the process 3003x. Again, indications that are manually entered by an operator of what transmission(s) 3400, or sequence of transmissions 3400, are associated with the beginning of the process 3003x may be relied upon by the monitoring device 1500 to serve as an indicator for when a performance of the process 3003x has begun and/or is being triggered to begin. Thus, as depicted, it may still be possible for the monitoring device 1500 to correlate the timings of specific transmission(s) 3400 (e.g., one or more of the depicted transmissions 3400n, 3400np and/or 3400p1) with the beginning of a performance of the process 3003x.

However, even with the benefit of an operator of the monitored system 2000 providing manual identification of each transmission 3400 that is associated with the process 3003x versus other transmissions 3400 that are not associated with the process 3003x, there remains no information provided to the monitoring device 1500 that correlates the timings of the start and/or ending of individual process states 3600p to individual transmissions 3400p (e.g., the specifically labeled transmissions 3400p1, 3400p2, and so on). As a result, identifying specific times at which particular transmissions 3400p are expected to occur based on the when particular process states 3600p start and/or end may not be possible.

Thus, and turning to FIG. 4D, such a lack of access to a description of the logic for controlling the process 3003x, the monitoring device 1500 may be rely on the aforedescribed observations of the type, content and timing of transmissions 3400 as inputs to deriving models 3404p for each transmission 3400p that is to occur during a performance of the process 3003x. By way of example, and as depicted, individual models 3404p1, 3404p2 and 3404p3 may be derived for each of the depicted transmissions 3400p1, 3400p2 and 3400p3, respectively.

Regarding timings, with no access to information concerning the logic for determining when any particular transmission 3400p is to be expected to occur, each of the models 3404p1-p3 may include a model for the time at which to begin its corresponding transmission 3400p1-p3 that is based on the time period from when the last transmission 3400p ended (i.e., Tbetw). Such a model of timing may also be derived to include some degree of variation (including relative probabilities) for when to begin transmitting based on observations of such variations across multiple performances of the process 3003x.

Regarding what commands and/or associated parameters are to be transmitted in transmissions of operational commands, each one of the models 3404p1, 3404p2 and/or 3404p3 that is associated with a transmission 3400p1, 3400p2 and/or 3400p3 that is of a type for transmitting an operational command may include a model for the selection of the particular command to be transmitted and/or a model for the selection of the parameter(s) to be included therewith. Such a model may take into account timings relative to one or more preceding transmissions 3400p, along with the content of one or more preceding transmissions 3400p.

Regarding what data values are to be transmitted in transmissions of operational information, each one of the models 3404p1, 3404p2 and/or 3404p3 that is associated with a transmission 3400p1, 3400p2 and/or 3400p3 that is of a type for transmitting operational information may include a model for the derivation of data values to be transmitted therein. Again, such a model may take into account timings relative to one or more preceding transmissions 3400p, along with the content of one or more preceding transmissions 3400p.

As such models for each transmission 3400p are developed and/or refined based on observations from multiple performances of the process 3003x, an entry set 1531 for the process 3003x may be generated and stored in the database 1530. Such an entry set 1531 may have an organizational structure similar to what was previously described in connection with FIG. 3E.

Again, with the lack of provision of information concerning the logic for controlling the process 3003x, there may be no information available concerning any aspect of the set of process states 3600p of the process 3003x. In some embodiments, the set of process states 3600p may be inferred from the observed transmissions 3400p. More specifically, from observations of the transmissions 3400p that occur on the network 2999 during multiple performances of the process 3003x, the beginnings and endings of different process states 3600p may be inferred to be associated with each instance in which there appears to be a point in the multiple performances at which a selection is made from among multiple observed possibilities of what transmission 3400p is to occur.

By way of example, where there is observed to be some variation between the transmission of one command or another among the multiple performances, or where there is observed to some variation between the transmission of an operational command and the transmission of operational information, the processor(s) 1550 may be caused by execution of the learning component 1543, to infer that one process state 3600p ends at that point, and that there is a selection of what process state 3600p is to begin at that point.

FIGS. 5A, 5B and 5C, taken together, present various aspects of an example embodiment of training a monitoring device 1500 to address instances in which an expected transmission of a particular operational command or operational information does not occur, and then an example embodiment of additionally using that monitoring device 1500 to effectuate the transmission of the particular operational command or operational information.

Turning to FIG. 5A, the depicted monitoring device 1500 may be coupled to the depicted interchange device by its port 1590 and through the depicted link 2955. As previously discussed, in executing the learning component 1543, the processor(s) 1550 may be caused to place the monitoring device 1500 in a training mode in which observations are made of the occurrence of transmissions 3440 on the network 2999 (e.g., through the depicted links 2990a and 2990b, and through the depicted interchange device 2700). More specifically, copies and/or indications of transmissions 3400 of operational commands and/or operational information among particular monitored devices 2300 that are associated with controlling a particular process 3003 are relayed by the interchange device 2700 to the monitoring device 1500. Within the monitoring device 1500, the received copies and/or indications of such transmissions 3400 may be used, as previously discussed, to generate and/or augment information stored within an entry set 1531 of the database 1530 that corresponds to the process 3003.

More specifically, and as previously discussed, in embodiments where the monitoring device 1500 was earlier provided with descriptions of portions of the logic used by monitored devices 2300 and/or by components of an external system 3000 to control the process 3003, the entry set 1531 may have already been generated at an earlier time based on such descriptions of such logic. Again, such descriptions of such logic may include descriptions of aspects of the process states 3600, along with descriptions of aspects of transmissions 3400p associated with individual process states 3600p, and/or descriptions of aspects of transmissions 3400pp associated with transitions between process states 3600p. As previously discussed, in such embodiments, the timings and/or data values of at least some of the transmissions 3400p and/or 3400pp, for which copies and/or indications are relayed to the monitoring device 1500, are correlated to indications in the entry set 1531 of expected transmissions 3400p and/or 3400pp. The observed timings and/or data values may be used to derive models that are descriptive of variations observed in those timings and/or data values, as well as being descriptive of relative probabilities of such variations. Alternatively or additionally, the observed timings and/or data values may be used to derive and/or train models based on neural networks and/or other forms of machine learning.

Alternatively, in other embodiments where the monitoring device 1500 was not earlier provided with descriptions of portions of the logic used to control the process 3003, the entry set 1531 may be generated from the observations made of transmissions 3400 among the particular monitored devices 2300 that are associated with controlling the process 3003. More specifically, the copies and/or indications of such transmissions 3400 that are relayed to the monitoring device 1500 may be analyzed for their timings, for the types of the transmissions 3400, for what commands and/or parameters were included in transmissions 3400 of the type used to convey operational commands, and/or for what data values were included in transmissions 3400 of the type used to convey operational information. As previously discussed, with there being no access to data concerning the process states 3600p of the process 3003 with which such transmissions are associated, the analysis of at least observed variations in what types of transmissions occur and/or in what commands are transmitted may be used as a basis for deriving a set of process states 3600p of the process 3003. Again, models based on statistical analyses and/or models based on any of a variety of machine learning technologies may be derived based on observed variations in commands and/or parameters transmitted, variations in data values transmitted, and/or variations in timings of the transmissions 3400.

Regardless of the exact manner in which the various entry sets 1531 are generated and/or augmented, the processor(s) 1550 may be caused, by further execution of the learning component 1543, to transition the monitoring device 1500 out of such a training mode upon reaching a predefined threshold, such as a threshold quantity of performances of the process 3003 from which observations of transmissions of operational commands or operational information are made, and/or a threshold amount of time spent in the training mode.

It should be noted that, in some embodiments, use of such a training mode may be entirely obviated by pre-loading the monitoring device 1500 with a database 1530 that has already been previously generated, either within the very same monitored system 2000, or within another monitored system that is similar enough that any variations in timings of transmissions 3400 therein are relatively small such that proper operation of the monitoring device 1500 with the monitored system 2000 is not impaired. In some of such embodiments, it may be that the database 1530 was previously generated through earlier training using another monitoring device 1500 that was trained based on observing the same monitored system 2000, or such another sufficiently similar monitored system.

Turning to FIG. 5B, the control routine 1540 may incorporate a monitoring component 1545 that, when executed by the processor(s) 1550, may cause the monitoring device 1500 to enter into an operating mode in which the monitoring device 1500 is used to detect and address instances in which transmissions 3400 of operational commands or operational information are observed among the monitored devices 2300 that do not conform to what is expected.

Indeed, FIG. 5B specifically depicts an instance in which a transmission 3400 of an operational command or operational information associated with controlling a particular process 3003 does not occur when expected. More specifically, the depicted monitored device 2300A fails to transmit a particular operational command to the depicted monitored device 2300B (through the depicted interchange device 2900 and links 2990A and 2990B) during a span of time in which that transmission 3400 of that operational command or operational information was expected to take place, according to the information about the expected transmission 3400 that is stored within the corresponding entry set 1531 within the database 1530. In continuing to execute the monitoring component 1545, the processor(s) 1550 may be caused to detect this lack of transmission of the particular operational command or operational information.

As previously discussed, and as will be familiar to those skilled in the art, the failure of the monitored device 2300A to transmit a particular operational command or operational information when expected (or at all) may be caused by any of a variety of conditions. Again, the cause may be any of a variety of hardware and/or software malfunctions that may befall a computing device. As still another possibility, the monitored device 2300A may be in the process of being serviced, replaced and/or upgraded under circumstances in which the need for the monitored device 2300A to transmit the particular operational command or operational information during an expected span of time has somehow not been accommodated. Alternatively, the cause may be some form of cyber attack that has compromised the monitored device 2300A, itself, or at least has compromised the ability of the monitored device 2300A to access the link 2990A and/or to use the link 2990A to transmit the particular operational command or operational information.

Turning to FIG. 5C, the control routine 1540 may incorporate a correction component 1547 that, when executed by the processor(s) 1550, may cause the processor(s) 1550 to take action to address the lack of occurrence of this expected transmission 3400 on the network 2999. More specifically, in response to this lack of transmission of the particular operational command or operational information, the processor(s) 1550 may be caused to use information stored within the depicted entry set 1531 concerning this particular transmission to, itself, generate and transmit the operational command or operational information to the monitored device 2300B (through the interchange device 2900 and the depicted links 2995 and 2990B). In effect, the monitoring device 1500 is caused to take the place of the monitored device 2300A for purposes of transmitting the particular operational command or operational information to the monitored device 2300B.

As part of generating and/or transmitting the particular operational command or operational information to the monitored device 2300B, the processor 1550(s) may be caused to refer to indications stored in the depicted entry set 1531 of the database 1530 concerning what the particular operational command or operational information to be transmitted is, and/or various protocol details to be adhered to in transmitting the particular operational command or operational information. Among such protocol details may be the need to include one or more identifiers with the operational command or operational information that may specify the destination for the transmission, that identify the iteration of the process 3003 that the particular operational command or operational information is directed to, etc. Also among such protocol details may be an indication of a need to generate a command sequence number that identifies the relative position of the particular operational command or operational information among other operational commands or operational information that are transmitted as part of controlling the process 3003 (this command sequence number should not be confused with the sequence numbers used in TCP/IP). By way of example, such a command sequence number may need to be generated by incrementing the command sequence number of the last operational command or operational information associated with the process 3003 that was observed to have been transmitted.

It should be noted that, although an example of a breakdown in electronic communications involving a failure to output an expected transmission 3400 by a single monitored device has been presented an discussed in connection with FIGS. 5A-C, it is envisioned that there could be a breakdown in electronic communications involving a failure by multiple monitored devices and involving multiple expected transmissions 3400. In such an eventuality, it may be that the monitoring device 1500 is caused to detect such multiple failures by such multiple monitored devices 2300 (e.g., such failures occurring in both of the monitored devices 2300A and 2300B), and may be further caused to act to correct each of the resulting instances of the lack of output of an expected transmissions 3400.

There is thus disclosed a system of one or more devices that implements a method for enhancing computer network reliability by countering disruptions in network communications. The features set forth below may be combined in any of a variety of ways to create any of a variety of embodiments of such a system and/or of a method of decision making augmentation that may incorporate such a system.

A monitoring system includes a processor configured to perform operations including: place the monitoring system into a training mode to generate a model of an industrial process or other operation; receive indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the multiple monitored devices is configured to control the industrial process or other operation; and from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generate the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process are expected to occur.

The multiple monitored devices may be incorporated into a monitored system; the monitored system may include at least one interchange device to which each monitored device of the multiple monitored devices is separately coupled; the transmissions of operational commands among the multiple monitored devices may be conveyed through the one or more interchange devices; and the monitoring system may be coupled to the at least one interchange device to receive the indications of observed transmissions of operational commands or operational information among the multiple monitored devices.

The model may include a finite state model that includes indications of multiple states of the industrial process or other operation and indications of valid transitions among the multiple states.

The model may include an indication of when a particular operational command or operational information is expected to be transmitted in response to a valid transition between two states of the multiple states.

The model may include an indication of when a particular operational command or operational information is expected to be transmitted in response to a specified set of conditions being met to cause a valid transition between two states of the multiple states.

The processor may be further configured to perform operations including: employ a statistical analysis to generate a span of time during which a transmission of a particular operational command or operational information associated with the industrial process or other operation is expected to occur based on observations of prior instances of exchanging of the particular operational command or operational information in prior iterations of performing the industrial process or other operation; and add an indication of the span of time to the model.

A monitoring system includes a processor configured to perform operations including: place the monitoring system into an operating mode to use a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation; receive, from one or more interchange devices, indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and compare received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or particular operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

The multiple monitored devices may be incorporated into a monitored system; the monitored system may include at least one interchange device to which each monitored device of the multiple monitored device is separately coupled; the transmissions of operational commands among the multiple monitored devices may be conveyed through the one or more interchange devices; and the monitoring system may be coupled to the at least one interchange device to receive the indications of observed transmissions of operational commands among the multiple monitored devices.

The processor may be further configured to respond to the instance of failure of the transmission of the particular operational command or particular operational information within the specified span of time by transmitting the particular operational command or particular operational information from the monitoring system, and through the one or more interchange devices.

The model may include a finite state model that includes indications of multiple states of the industrial process and indications of valid transitions among the multiple states.

The model may be generated from data descriptive of logic employed in performing the industrial process or other operation, wherein the generation of the model comprises deriving the multiple states from the logic.

A method of generating a model of an industrial process or other operation includes: receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions, through the interchange device, of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generating, by the processor, the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process or other operation are expected to occur.

The method may further include: employing, by the processor, a statistical analysis to generate a span of time during which a transmission of a particular operational command or particular operational information associated with the industrial process is expected to occur based on observations of prior instances of exchanging of the particular operational command or particular operational information in prior iterations of performing the industrial process; and adding an indication of the span of time to the model.

The model may include a finite state model that includes indications of multiple states of the industrial process and indications of valid transitions among the multiple states.

The model may include an indication of when a particular operational command or particular operational information is expected to be transmitted in response to a valid transition between two states of the multiple states.

The model may include an indication of when a particular operational command or particular operational information is expected to be transmitted in response to a specified set of conditions being met to cause a valid transition between two states of the multiple states.

A method of using a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation includes: receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and comparing, by the processor, received indications of observed transmissions of operational commands or operational information associated with the industrial process to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

The method may further include responding to the instance of failure of the transmission of the particular operational command or operational information within the specified span of time by transmitting the particular operational command or particular set of operational information, by the processor, from the monitoring system, and through the interchange device.

The model may include a finite state model that includes indications of multiple states of the industrial process and indications of valid transitions among the multiple states.

The model may be generated from data descriptive of logic employed in performing the industrial process or other operation, wherein the generation of the model comprises deriving the multiple states from the logic.

Claims

1. A monitoring system comprising a processor configured to perform operations comprising:

place the monitoring system into a training mode to generate a model of an industrial process or other operation;

receive indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the multiple monitored devices is configured to control the industrial process or other operation; and

from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generate the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process are expected to occur.

2. The monitoring system of claim 1, wherein:

the multiple monitored devices are incorporated into a monitored system;

the monitored system includes at least one interchange device to which each monitored device of the multiple monitored devices is separately coupled;

the transmissions of operational commands among the multiple monitored devices are conveyed through the one or more interchange devices; and

the monitoring system is coupled to the at least one interchange device to receive the indications of observed transmissions of operational commands or operational information among the multiple monitored devices.

3. The monitoring system of claim 1, wherein the model comprises a finite state model that includes indications of multiple states of the industrial process or other operation and indications of valid transitions among the multiple states.

4. The monitoring system of claim 3, wherein the model comprises an indication of when a particular operational command or operational information is expected to be transmitted in response to a valid transition between two states of the multiple states.

5. The monitoring system of claim 3, wherein the model comprises an indication of when a particular operational command or operational information is expected to be transmitted in response to a specified set of conditions being met to cause a valid transition between two states of the multiple states.

6. The monitoring system of claim 1, wherein the processor is further configured to perform operations comprising:

employ a statistical analysis to generate a span of time during which a transmission of a particular operational command or operational information associated with the industrial process or other operation is expected to occur based on observations of prior instances of exchanging of the particular operational command or operational information in prior iterations of performing the industrial process or other operation; and

add an indication of the span of time to the model.

7. A monitoring system comprising a processor configured to perform operations comprising:

place the monitoring system into an operating mode to use a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation;

receive, from one or more interchange devices, indications of observed transmissions of operational commands or operational information among multiple monitored devices of a monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and

compare received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or particular operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

8. The monitoring system of claim 7, wherein:

the multiple monitored devices are incorporated into a monitored system;

the monitored system includes at least one interchange device to which each monitored device of the multiple monitored device is separately coupled;

the transmissions of operational commands among the multiple monitored devices are conveyed through the one or more interchange devices; and

the monitoring system is coupled to the at least one interchange device to receive the indications of observed transmissions of operational commands among the multiple monitored devices.

9. The monitoring system of claim 8, wherein the processor is further configured to respond to the instance of failure of the transmission of the particular operational command or particular operational information within the specified span of time by transmitting the particular operational command or particular operational information from the monitoring system, and through the one or more interchange devices.

10. The monitoring system of claim 7, wherein the model comprises a finite state model that includes indications of multiple states of the industrial process and indications of valid transitions among the multiple states.

11. The monitoring system of claim 10, wherein the model is generated from data descriptive of logic employed in performing the industrial process or other operation, wherein the generation of the model comprises deriving the multiple states from the logic.

12. A method of generating a model of an industrial process or other operation comprising:

receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions, through the interchange device, of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and

from received indications of observed transmissions of operational commands or operational information associated with the industrial process or other operation, generating, by the processor, the model of the industrial process or other operation, wherein the model comprises indications of expected spans of time during which transmissions of operational commands or operational information associated with the industrial process or other operation are expected to occur.

13. The method of claim 12, further comprising:

employing, by the processor, a statistical analysis to generate a span of time during which a transmission of a particular operational command or particular operational information associated with the industrial process is expected to occur based on observations of prior instances of exchanging of the particular operational command or particular operational information in prior iterations of performing the industrial process; and

adding an indication of the span of time to the model.

14. The method of claim 12, wherein the model comprises a finite state model that includes indications of multiple states of the industrial process and indications of valid transitions among the multiple states.

15. The method of claim 14, wherein the model comprises an indication of when a particular operational command or particular operational information is expected to be transmitted in response to a valid transition between two states of the multiple states.

16. The method of claim 14, wherein the model comprises an indication of when a particular operational command or particular operational information is expected to be transmitted in response to a specified set of conditions being met to cause a valid transition between two states of the multiple states.

17. A method of using a model of an industrial process or other operation to analyze observed transmissions of operational commands or operational information associated with the industrial process or other operation, the method comprising:

receiving, by a processor of a monitoring system, and from an interchange device of a monitored system, indications of observed transmissions of operational commands or operational information among multiple monitored devices of the monitored system, wherein at least one of the monitored devices is configured to control the industrial process or other operation; and

comparing, by the processor, received indications of observed transmissions of operational commands or operational information associated with the industrial process to indications in the model of expected transmissions of operational commands or operational information associated with the industrial process or other operation to identify an instance of a failure of a transmission of a particular operational command or operational information associated with the industrial process or other operation to occur within a span of time specified in the model.

18. The method of claim 17, further comprising responding to the instance of failure of the transmission of the particular operational command or operational information within the specified span of time by transmitting the particular operational command or particular set of operational information, by the processor, from the monitoring system, and through the interchange device.

19. The method of claim 17, wherein the model comprises a finite state model that includes indications of multiple states of the industrial process and indications of valid transitions among the multiple states.

20. The method of claim 19, wherein the model is generated from data descriptive of logic employed in performing the industrial process or other operation, wherein the generation of the model comprises deriving the multiple states from the logic.