CPC H04L 63/1416 (2013.01) [H04L 63/0869 (2013.01); H04L 63/145 (2013.01)] | 19 Claims |
1. A cyber security monitor comprising:
a receiver having a network interface that is input-only configured to surreptitiously and covertly receive bit-level, physical layer communication between networked field devices comprising at least one field device control element and one or more field device sensors within a network;
a memory containing one or more distinct native attribute (DNA) fingerprinting methods for detecting one or more of remote access attacks (RAA) and physical access attack (PAA) of the networked field devices;
an external security engine interface communicatively coupled for input and output with an external security engine;
a controller that is communicatively coupled to the receiver, the memory, and the external security engine interface, and which:
receives, via the receiver, respective transmissions from the networked field devices;
generates a DNA fingerprint for each networked field device using the one or more DNA fingerprint methods; and
transmits an alert, via the external security engine interface, to the external security engine indicating a detected at least one of RAA and PAA based on a change in the DNA fingerprint of one or more networked field devices.
|