Apparatuses, computer-implemented methods, and computer program products for managing initiation of an automated healing process for operational technology devices in a network

Inventors

BASSI, Atul • Gupta, Tarun • MISRA, Anubhav

Assignees

Honeywell International Inc

Abstract

Embodiments of the present disclosure provide for improved methodologies for managing initiation of an automated healing process for operational technology devices in a network. Some embodiments include identifying at least one operational technology (OT) device connected to a network that is vulnerable to at least one cybersecurity risk, where the at least one OT device is wirelessly connected to the network, identifying at least one computer-executable resolution to the at least one cybersecurity risk, executing a simulation that tests performance of the network with resolution of the at least one cybersecurity risk utilizing the at least one computer-executable resolution, generating a solution implementation report based at least in part on the simulation, and determining whether to automatically initiate the at least one computer-executable resolution based at least in part on the solution implementation report.

Core Innovation

The invention relates to managing initiation of an automated healing process for operational technology (OT) devices in a network, where at least one OT device is wirelessly connected. The process identifies an OT device that is vulnerable to at least one cybersecurity risk and identifies at least one computer-executable resolution to the cybersecurity risk. It then executes a simulation that tests performance of the network with resolution of the cybersecurity risk using the computer-executable resolution.

The simulation identifies a component of the network affected by the resolution of the cybersecurity risk using the computer-executable resolution. The simulation classifies the affected component as a critical component of the network or a non-critical component of the network, and determines whether the resolution affects the component in a critical manner or a non-critical manner. Based at least in part on the simulation, the method generates a solution implementation report.

The invention further determines whether to automatically initiate the computer-executable resolution based at least in part on the solution implementation report. The management includes generating the solution implementation report and then either automatically initiating the resolution or alerting an administrator for manual review/authorization, with alerting and action-response flows tied to the solution implementation report.

Claims Coverage

The document provides three independent claims covering a computer-implemented method, an apparatus, and a computer program product. Across these independent claims, the core inventive workflow includes identifying wireless OT devices vulnerable to cybersecurity risk, selecting computer-executable resolutions, simulating impacts and classifying affected components as critical versus non-critical, generating a solution implementation report, and determining whether to automatically initiate the resolution based on that report.

Overall claim coverage centers on a processor-executed healing initiation workflow that identifies wirelessly connected vulnerable OT devices, evaluates at least one computer-executable resolution via simulation, classifies impacted network components as critical or non-critical and the impact as critical or non-critical, generates a solution implementation report, and then decides whether to automatically initiate the resolution based on that report.

Stated Advantages

Documented Applications