Abstract
This disclosure describes techniques of process-aware cyber-physical security in an operational technology (OT) environment. Time-series process data is ingested from a secure replica of a process historian and IT security data. A cyber-physical context engine (CPCE) includes a library of machine learning models each trained for a specific operational state. The CPCE analyzes the process data to detect physical anomalies. Physical anomalies are correlated with IT security data to identify cyber-physical attack patterns. An incident response module enforces a safety-gated, collaborative workflow between security analysts and plant operators, prioritizing physical process stability. A generative AI-assisted workflow enables human analysts to create and approve new, high-fidelity threat intelligence, creating a self-improving defense cycle.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Sakaji, Moath, "Framework for Process-Aware Cyber-Physical Security Monitoring, Detection, Triage, and Response", Technical Disclosure Commons, ()
https://www.tdcommons.org/dpubs_series/9058