Products
Services
Support
About Us
Contact Us

Functional Description of Product

Protocol Security Gateway (PSG) - How it works

By device we mean the controller of a process or of a physical device such as a generator, sensor, lighting system, motors etc. Devices are monitored and controlled by other systems and devices, often in remote locations, using a protocol for data communication. The widely used BACnet/IP Protocol has a number of significant vulnerabilities that open a path for devices and systems to be attacked. A PSG protects a currently installed and in-service device from being attacked using the vulnerabilities of the data communication protocol used to monitor and control the device. It does this by securely

  • Controlling access to the devices data and operational state.
  • Reporting attacks
  • Providing audit trails of communication

It should also have the following key features

  • Support connection to two independent physical networks. Thus separating the security communications function from operational communications.
  • Allow for a system of secure updates so that in service devices can be protected from new threats.
  • Allow for integration into a work order system.

Controlling Access

  • Devices that send messages have identifiers. For example; IP Addresses, MAC addresses, Serial Numbers, Device ID Numbers, Other Device identification parameters. Access can be controlled based on the identification of the message source.
  • Access to particular data objects and particular properties of those objects can be controlled and time limited.
  • The transmission of certain BACnet service requests or commands can be limited. For example - The reinitialization service.
  • Preventing the use of unauthorized Ethernet ports and protocols to send messages to the device.
  • Any combination of these controls can be used as an authorization system.

Reporting Attacks

The Security Department need to know of attempts to perform unauthorized actions so that their response protocols can be followed. Ie threat identification, risk identification, countermeasures etc.

Audit Trails

Who turned the lights off ? By keeping records of particular actions diagnostics can be performed and responsibility allocated. This is also how system bugs are found.

Work Order System

If a technician is going to change the setting which controls the tripping of an electrical breaker as a measure to protect from a current overload and it hazards of damage and fire then the task requires a work order. A work order is the system of managing and authorizing and budgeting tasks or projects. In many institutions and companies the work order system is mandatory. A new component can be added to the work order system for certain types of tasks - the establishment of a PSG work authorization. Ie. Which technician can change the which trip setpoint of which breaker during what period of time. This data can be sent to the PSG which will then permit the task. The PSG can also log before (as-found) and after (as-left) data - commonly a manual procedure which is not always performed.

 

Next: Market Opportunity

Testimonials

See more testimonials...
!

Contact Us

Contact us via phone (+1 866-383-1657) or leave a detailed message below for sales, support, or any other needs

*Required Field
*Required Field
I'd like to receive the newsletter. *Check email for confirmation.
*Required Field
8:00am - 12:00pm 12:00pm - 5:00pm