US 12,470,594 B1
Systems and methods for blocking, detecting and responding to cyber attacks in physically controlled distributed systems
Jay T. Johnson, Albuquerque, NM (US); Christian B. Jones, Albuquerque, NM (US); Adrian R. Chavez, Davis, CA (US); and Shamina S. Hossain-McKenzie, Albuquerque, NM (US)
Assigned to National Technology & Engineering Solutions of Sandia, LLC, Albuquerque, NM (US)
Filed by National Technology & Engineering Solutions of Sandia, LLC, Albuquerque, NM (US)
Filed on Feb. 27, 2024, as Appl. No. 18/588,646.
Claims priority of provisional application 63/448,748, filed on Feb. 28, 2023.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1458 (2013.01) [H04L 63/145 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A Security Orchestration, Automation, and Response (SOAR) system for a plurality of physically controlled distributed system (PCDS), including:
a plurality of distributed Intrusion Detection Systems (IDS) in communication with the plurality of PCDS collecting cyber-physical data directed to or generated by the plurality of PCDS;
one of or a combination of at least one of plurality of distributed IDS and a SOAR system analyzing the collected cyber-physical data;
one of or a combination of the at least one of plurality of distributed IDS and the SOAR system employing at least one of a plurality of playbooks to detect one of a signature-based attack, a behavior-based attack, and a physical configuration attack on at least one of the plurality of PCDS based on the analyzed collected cyber-physical data; and
one of the SOAR system or a combination of the at least one of plurality of distributed IDS and the SOAR system responding to the attack on the at least one of the plurality of PCDS by employing at least one of a plurality of playbooks.