Abstract

A method for cyber security monitor includes monitoring a network interface that is input-only configured to surreptitiously and covertly receive bit-level, physical layer communication between networked control and sensor field devices. During a training mode, a baseline distinct native attribute (DNA) fingerprint is generated for each networked field device. During a protection mode, a current DNA fingerprint is generated for each networked field device. The current DNA fingerprint is compared to the baseline DNA fingerprint for each networked field device. In response to detect at least one of RAA and PAA based on a change in the current DNA fingerprint to the baseline DNA fingerprint of one or more networked field devices, an alert is transmitted, via an external security engine interface to an external security engine.

Document Type

Patent

Status

Issued

Issue Date

12-26-2023

Patent Number

US 11856012 B2 [ 11,856,012 ]

CPC Classification

H04L63/14

Application number

18/106,533

Assignees

United States of America, as represented by the Secretary of the Air Force, Wright-Patterson AFB, OH (US)

Filing Date

2-7-2023

Share

COinS