US 12,218,966 B2
Systems and methods for providing cybersecurity analysis based on operational techniques and information technologies
Kuenley Chiu, San Francisco, CA (US); Jeremy Kolter, Pittsburgh, CA (US); Nikhil Krishnan, Los Altos, CA (US); and Henrik Ohlsson, San Francisco, CA (US)
Assigned to C3.ai, Inc., Redwood City, CA (US)
Filed by C3.ai, Inc., Redwood City, CA (US)
Filed on Jul. 5, 2022, as Appl. No. 17/810,757.
Application 17/810,757 is a continuation of application No. 15/891,630, filed on Feb. 8, 2018, granted, now 11,411,977.
Application 15/891,630 is a continuation of application No. 14/728,932, filed on Jun. 2, 2015, granted, now 9,923,915, issued on Mar. 20, 2018.
Prior Publication US 2022/0407885 A1, Dec. 22, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06Q 10/0635 (2023.01); G06Q 50/06 (2024.01)
CPC H04L 63/1433 (2013.01) [G06Q 10/0635 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01); G06Q 50/06 (2013.01); H04L 63/101 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
acquiring, by a computing system, a first set of data from a first group of data sources including a plurality of network components associated with an operational technology component of an energy delivery network, wherein the first set of data is associated with detected network traffic within the energy delivery network, and wherein the operational technology component includes energy delivery infrastructure;
generating, by the computing system, based on the first set of data, a first metric indicating a likelihood that a particular network component, from the plurality of network components, is currently affected by one or more cyber vulnerabilities, has been affected by the one or more cyber vulnerabilities, will be affected by the one or more cyber vulnerabilities, or a combination thereof, wherein the generating the first metric includes analyzing the detected network traffic based on an advanced behavioral indicator and any of a rule-based indicator or a computed indicator, and wherein the likelihood that the particular network component is currently affected by one or more cyber vulnerabilities, has been affected by the one or more cyber vulnerabilities, will be affected by the one or more cyber vulnerabilities, or a combination thereof is calculated based on the advanced behavioral indicator and any of the rule-based indicator or the computed indicator;
acquiring, by the computing system, a second set of data from a second group of data sources including an information technology component associated with one or more services of a collection of services, wherein the one or more services are associated with the energy delivery network, and wherein the one or more services facilitate management of energy delivery through the energy delivery infrastructure;
generating, by the computing system, based on the second set of data, a second metric indicating a calculated impact to at least a portion of the energy delivery network when the one or more cyber vulnerabilities affect the particular network component;
generating, by the computing system, based on the first metric and the second metric, a third metric indicating an overall level of cybersecurity risk associated with the particular network component; and
prioritizing examination or repair of the particular network component based on the third metric.