Search

US-12627702-B2 - Cyber and property management system

US12627702B2US 12627702 B2US12627702 B2US 12627702B2US-12627702-B2

Abstract

A system and method are provided for integrating a property management system and a cyber vulnerability management system to provide remediation for assets in an environment. Information obtained about network connected mechanical assets within the environment is respectively obtained from a tag on the asset. For each asset the asset is identified through a property management database based on the information in the tag and a cyber position of the asset is obtained through a digital network identifier in the tag from the cyber vulnerability management system. In response to identification of the asset having a cyber vulnerability, remediation for the cyber vulnerability is determined, scheduled, and initiated.

Inventors

  • Frederick K. Jones
  • Jeffrey Zhonghua Han

Assignees

  • RAYTHEON COMPANY

Dates

Publication Date
20260512
Application Date
20240405

Claims (16)

  1. 1 . A cyber remediation system comprising: a network interface; and a processor configured to: obtain, from a device within an industrial environment via the network interface, information about each of a plurality of mechanical assets within the industrial environment, each asset of a set of the assets having at least a portion of the information of the asset encoded at a physical tag on the asset, the physical tag comprising an electrically readable portion and a contactless portion, the information about each asset being obtainable via physical contact between the device and the electrically readable portion of the physical tag of the asset and at least one of optical or radio frequency (RF) interaction with the contactless portion of the physical tag of the asset; and for each asset: identify the asset through a property management database based on the at least a portion of the information and a cyber position of the asset through a digital network identifier in the information in a cyber vulnerability management system synchronized with the property management database, identification of the asset based on both the information encoded at the physical tag and the digital network identifier, the cyber position indicating software and version installed on the asset and cyber vulnerability of the software installed on the asset; and in response to identification of the asset having a cyber vulnerability, determine remediation for the asset that includes cyber remediation to mitigate the cyber vulnerability; initiate the remediation via transmission of information related to the remediation, the remediation comprising manipulation of the electrically readable portion of the physical tag of the asset to adjust the information provided by the electrically readable portion of the physical tag of the asset; and analyze data associated with the asset to determine anomalous physical actions of the asset as an indication of exploitation of the cyber vulnerability.
  2. 2 . The system of claim 1 , wherein the information related to the remediation includes a software package to ameliorate the cyber vulnerability of the at least one of the assets.
  3. 3 . The system of claim 1 , wherein: the remediation is based on the assets, the industrial environment, and network characteristics of a network within the industrial environment, the network characteristics include network congestion over different time periods, and the remediation is initiated based on the network congestion.
  4. 4 . The system of claim 1 , wherein the processor is configured to initiate remediation dependent workflows associated with the assets.
  5. 5 . The system of claim 1 , wherein the physical actions of the asset include extraneous or unexpected physical actions of the asset.
  6. 6 . The system of claim 1 , wherein the processor is further configured to analyze the data associated with the asset to determine anomalous network actions of the asset that include inefficiencies in network transmissions of the asset.
  7. 7 . The system of claim 1 , wherein: the assets include at least one of measurement equipment or robots, and each asset is networked to connect at least one of to an internet or to an internet within the industrial environment.
  8. 8 . The system of claim 1 , wherein the remediation includes scheduling coordination between entities of the cyber vulnerability management system and the industrial environment.
  9. 9 . The system of claim 1 , wherein the remediation comprises selection between bringing down a system controlling the asset, changing a configuration of the asset, operator training, or updating intrusion detection and alerts.
  10. 10 . A method of cyber remediation comprising: coordinating identities and cyber positions of assets within an industrial environment; obtaining, from a device within an industrial environment via an internet, information about each of a plurality of mechanical assets within the industrial environment, each asset of a set of the assets having at least a portion of the information of the asset encoded at a physical tag on the asset and being network connected, the physical tag comprising an electrically readable portion and a contactless portion, the information about each asset being obtainable via physical contact between the device and the electrically readable portion of the physical tag of the asset and at least one of optical or radio frequency (RF) interaction with the contactless portion of the physical tag of the asset; and for each asset: identifying the asset through a property management database based on the at least a portion of the information and a cyber position of the asset through a digital network identifier in the information in a cyber vulnerability management system synchronized with the property management database, identification of the asset based on both the information encoded at the physical tag and the digital network identifier, the cyber position indicating software and version installed on the asset and cyber vulnerability of the software installed on the asset, the digital network identifier including a Media Access Control (MAC) address; and in response to identification of the asset having a cyber vulnerability, determining remediation for the asset that includes cyber remediation to mitigate the cyber vulnerability; initiating the remediation via transmission of information related to the remediation, the remediation comprising manipulation of the electrically readable portion of the physical tag of the asset to adjust the information provided by the electrically readable portion of the physical tag of the asset, and analyzing data associated with the asset to determine anomalous physical actions of the asset as an indication of exploitation of the cyber vulnerability, the at least one of the assets including at least one of measurement equipment or a robot.
  11. 11 . The method of claim 10 , wherein: the remediation is based on the assets, the industrial environment, network characteristics of a network within the industrial environment, the network characteristics include network congestion over different time periods, and the remediation is initiated based on metrology workflows of the assets and the network congestion.
  12. 12 . The method of claim 10 , further comprising, for each asset, analyzing the data associated with the asset to determine anomalous network actions of the asset to determine whether the cyber vulnerability of the asset has been exploited, the network actions including inefficiencies in network transmissions of the asset.
  13. 13 . The method of claim 10 , wherein: the remediation includes scheduling coordination between entities of the cyber vulnerability management system and the industrial environment, and the remediation comprises selection between bringing down a system controlling the asset, changing a configuration of the asset, operator training, or updating intrusion detection and alerts.
  14. 14 . A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors, the one or more processors configured to, when the instructions are executed: coordinate identities and cyber positions of assets within an industrial environment; obtain, from a device within an industrial environment via an internet, information about each of a plurality of mechanical assets within the industrial environment, each asset of a set of the assets having at least a portion of the information of the asset encoded at a physical tag on the asset and being network connected the physical tag comprising an electrically readable portion and a contactless portion, the information about each asset being obtainable via physical contact between the device and the electrically readable portion of the physical tag of the asset and at least one of optical or radio frequency (RF) interaction with the contactless portion of the physical tag of the asset; and for each asset: identify the asset through a property management database based on the at least a portion of the information and a cyber position of the asset through a digital network identifier in the information in a cyber vulnerability management system synchronized with the property management database, identification of the asset based on both the information encoded at the physical tag and the digital network identifier, the cyber position indicating software and version installed on the asset and cyber vulnerability of the software installed on the asset, the digital network identifier including a Media Access Control (MAC) address; in response to identification of the asset having a cyber vulnerability, determine remediation for the asset that includes cyber remediation to mitigate the cyber vulnerability; initiate the remediation via transmission of information related to the remediation, the remediation comprising manipulation of the electrically readable portion of the physical tag of the asset to adjust the information provided by the electrically readable portion of the physical tag of the asset, and analyze data associated with the asset to determine anomalous physical actions of the asset as an indication of exploitation of the cyber vulnerability, the at least one of the assets including at least one of measurement equipment or a robot.
  15. 15 . The non-transitory computer-readable storage medium of claim 14 , wherein the one or more processors, when the instructions are executed, for each asset, analyze the data associated with the asset to determine anomalous network actions of the asset to determine whether the cyber vulnerability of the asset has been exploited, the network actions including inefficiencies in network transmissions of the asset.
  16. 16 . The non-transitory computer-readable storage medium of claim 14 , wherein: the remediation comprises at least one of bringing down a system controlling the asset, changing a configuration of the asset, operator training, or updating intrusion detection and alerts.

Description

FIELD The subject matter disclosed herein relates to a combined cyber vulnerability and property management system. BACKGROUND Property management, notably in industrial settings, is disconnected from IT configuration management and cyber status monitoring systems as disparate information is used to index these systems. Computer-controlled assets in such a setting may be managed remotely, such as being periodically upgraded for cyber vulnerabilities. However, remote interactions with industrial assets are rife with difficulties, including human-related and processing-related timing issues. BRIEF DESCRIPTION OF THE FIGURES In the figures, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. The figures illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document. FIG. 1 illustrates an industrial environment according to some aspects. FIG. 2 illustrates a system according to some aspects. FIG. 3 illustrates a block diagram of a device according to some aspects. FIG. 4 illustrates a method of remediation according to some embodiments. DETAILED DESCRIPTION The following description and the drawings sufficiently illustrate specific embodiments to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. Portions and features of some embodiments may be included in, or substituted for, those of other embodiments. Embodiments set forth in the claims encompass all available equivalents of those claims. FIG. 1 illustrates an environment that contains multiple assets according to some aspects. The environment 100 may be an industrial environment, such as a factory or other commercial environment. Although an industrial environment is described herein for managing cyber risks within the industrial environment to robotics, industrial internet of things (IIOT) devices, manufacturing test stations, etc., the technology may also be applicable to other settings such as critical infrastructure (water, electric, agriculture, dams, etc.), hospitals, warehouses, RADAR installations, or anywhere implementing property management with networked components. The environment 100 may include an area 102 in which multiple mechanical assets 104, 106 are located. The assets 104, 106 may include industrial equipment such as robots and/or measurement equipment. For example, one of the assets 104 may be used for (visual) inspection of items 110 traveling along a conveyer 108; another of the assets 106 may move bins 112 containing a predetermined number/weight of the items 110 to storage facilities 114 (e.g., racks) within the environment 100. The assets 106 may move along predetermined tracks 120 or movement may be autonomous, using sensors to reach a desired storage facility 114 in which the bin 112 conveyed by the asset 106 is to be retained until further processing of the items 110 is desired. The assets 104, 106 may include one or more processors and network interfaces that connect the asset 104, 106 to an intranet operational essentially within the environment 100 (e.g., using Zigbee, Bluetooth, and/or another direct or indirect communication protocol) and/or to an internet. The intranet may be used, e.g., for the asset 104, 106 to communicate with other devices within the environment 100, which may include one or more of the other assets 104, 106 and/or to a central controller (e.g., control computer) within the environment 100. Each of the assets 104, 106 may have a physical tag 106a containing information about the asset 104, 106. An operator 116 may use a scanner 118, such as an optical scanner or contact scanner to obtain the information of the physical tag 106a. In some embodiments, information of the physical tag 106a may be obtained via contactless interaction and/or via physical contact. Contactless interaction may include using radio frequency (RF) or optical scanning—e.g., using a radio frequency ID (RFID), quick response (QR) code, or barcode. The physical tag 106a may also include an electrically readable portion that is electrically readable (i.e., readable using electrical contact with the electrically readable portion). In some embodiments, the physical tag 106a may include an adhesive (e.g., paper) tag with contactless portion (e.g., a QR Code) and an electrically readable portion. The electrically readable portion may include a pattern printed using electrically reactive ink (e.g., resistive, conductive, dielectric). The physical tag 106a may be manually read using a QR Code and/or another scanner (e.g., a contact scanner). The information may be separated into different areas of the physical tag 106a, with the QR Code (e.g., top) in one location and the pattern in another location (planar). Alternatively, the inf