DETAILED ACTION
 	Claims 1-4, 6-12 and 14-20 are pending. This is in response to Application arguments and amendments filed on April 14, 2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with David D’Zurilla #36,766 on May 19, 2022.

The application has been amended as follows: 

1. 	(Currently Amended)  A system comprising:	one or more Industrial Control System (ICS) firewall hardware processors in a data network, the ICS firewall[[s]] hardware processors operable to execute a deep packet inspection among a plurality of ICS systems or among components of an industrial system that use ICS protocols; and	a dynamic policy engine hardware processor comprising a model of the ICS firewall[[s]] hardware processors and of ICS component data, the dynamic policy engine hardware processor operable to process ICS protocol network traffic;	wherein the dynamic policy engine hardware processor comprises cyber security policies that block the ICS protocol network traffic or transmit an alert when the ICS protocol network traffic traverses an ICS firewall network path that is not defined as a valid data item of a system component;	wherein the dynamic policy engine hardware processor uploads ICS protocol-based policies to each ICS firewall network path, wherein the ICS firewall[[s]] hardware processors are operable to execute policy rules utilizing the deep packet inspection to validate a data value or value transition of a defined data item; 
wherein the industrial system comprises a shipboard hull, mechanical, and electrical (HM&E) system; 
wherein the dynamic policy engine hardware processor monitors an output stream of the ICS firewall hardware processors to output alerts when the cyber security policies are violated and to output data item state information when policy logging rules are executed;
wherein the output stream of the ICS firewall processors indicates an attack to a motor system to stop a propulsion system of the HM&E system and the attack is prevented by blocking a write operation of a motor state to a first register, or wherein the output stream indicates an attack to a revolutions per minute (RPM) setpoint of the HM&E system and the attack is prevented by blocking a write operation to a second register; and 
wherein the deep packet inspection comprises checking specific fields within data messaging traffic within ICS protocol packets and blocking ICS protocol packets that do not meet ICS protocol conditions and rules.

2.	(Currently Amended) The system of claim 1, wherein the ICS firewall hardware processors comprise an application programming interface (API) for uploading firewall policies and attaching the firewall policies to the ICS firewall network path.

3.	(Currently Amended) The system of claim 1, wherein the ICS firewall hardware processors are configured to function as a sensor and an effector; and wherein the ICS firewall hardware processors employ a stateful policy enforcement that is specific to ICS operating constraints and ICS protocols.

4.	(Currently Amended) The system of claim 1, wherein the dynamic policy engine hardware processor automates generation, deployment, and monitoring of the cyber security policies; and wherein the dynamic policy engine hardware processor is operable to whitelist capabilities of the ICS firewall hardware processors.

5.	(Canceled)

6.	(Currently Amended) The system of claim 1, wherein the ICS firewall hardware processors execute policy rules which set and persist variables;	wherein the variables comprise one or more of a literal value, a variable value, a value derived from the deep packet inspection, or a mathematical expression utilizing a mathematical operator such as addition, subtraction, division, multiplication, or modulo in combination with any of the literal value, the variable value, or the value derived from the deep packet inspection.

7.	(Currently Amended) The system of claim 1, wherein the dynamic policy engine hardware processor generates policies which set ICS firewall variables as a state machine which instructs the ICS firewall hardware processors to employ stateful policy enforcement protections that dynamically adjust upon sensing feedback of system state.

8.	(Currently Amended) The system of claim 1, wherein the dynamic policy engine hardware processor generates one or more ICS protocol specific policies to include submodules of policies with conditions to access different layers of data in the data network, and generates rules to perform actions based on the state of the ICS systems on the data network.

9.	(Currently Amended) The system of claim 1, wherein the dynamic policy engine hardware processor converts XML models of the ICS systems and the components of the industrial system that uses ICS protocols; and	wherein the dynamic policy engine hardware processor is hardware processors between segments of the data network.

10.	(Currently Amended The system of claim 1, wherein the dynamic policy engine hardware processor monitors state information produced by logging rules in the ICS protocol-based policies and dynamically regenerates the ICS protocol-based policies and uploads the ICS protocol-based policies to the ICS firewall network path when defined in XML models to react to state transition triggers.

11.	(Currently Amended) The system of claim 1, wherein the industrial system comprises a factory system[[,]] or a power management systemhardware processors comprises an XML-based model.

12.	(Currently Amended) A process for providing security for information technology (IT) and operational technology (OT) networks associated with an industrial control system (ICS) comprising:	deploying an initial model for a particular IT and OT network;	dynamically updating security policies as the particular IT and OT network are used, patched, and modified;	utilizing a deep packet inspection to enforce ICS constraints and ICS behaviors defined by the initial model, wherein the deep packet inspection comprises checking specific fields within data messaging traffic within ICS protocol packets and blocking ICS protocol packets that do not meet ICS protocol conditions and rules;	reporting a state of the deep packet inspection for situational awareness and debugging purposes; and	transmitting an alert or blocking ICS protocol traffic when anomalies are detected when the ICS protocol traffic traverses ICS firewall network paths that execute ICS policies;	wherein the ICS communicates via ICS protocols;
wherein the ICS comprises a shipboard hull, mechanical, and electrical (HM&E) system; and
wherein the ICS protocol traffic traversing ICS firewall network paths indicates an attack to a motor system to stop a propulsion system of the HM&E system and the attack is prevented by blocking a write operation of a motor state to a first register, or wherein the ICS protocol traffic traversing ICS firewall network indicates an attack to a revolutions per minute (RPM) setpoint of the HM&E system and the attack is prevented by blocking a write operation to a second register.

13.	(Canceled)

14.	(Original)    The process of claim 12, comprising converting XML models of the ICS constraints and the ICS behaviors into ICS firewall policies comprised of rules and conditions to check and enforce the ICS constraints and the ICS behaviors of the XML models;	wherein policies associated with ICS protocol network paths are uploaded to ICS firewalls and are attached to the ICS firewall network paths; and	comprising defining ICS component data, thereby reducing exposure and vulnerability of the ICS.

15.	(Original)    The process of claim 14, comprising generating cyber protection policies that instruct ICS firewalls to block an ICS protocol operation that references data that are not defined in an XML model and to transmit an alert regarding the blocking.

16.	(Original)    The process of claim 14, comprising generating cyber protection policies that instruct ICS firewalls to block an ICS protocol operation not defined as valid for defined components in an XML model and to transmit an alert regarding the blocking.

17.	(Original)    The process of claim 14, wherein the vulnerability of the ICS is reduced by defining component data of the ICS as valid discrete values or as a data range.

18.	(Original)    The process of claim 14, comprising generating cyber protection policies that instruct ICS firewalls to block an ICS protocol operation for a component that contains an invalid value and transmitting an alert regarding the blocking.

19.	(Original)    The process of claim 14, comprising defining valid value transitions of a component of the ICS, thereby reducing exposure and vulnerability of the ICS.

20.	(Original)    The process of claim 14, comprising generating cyber protection policies that instruct ICS firewalls to block an ICS protocol operation of a component of the ICS with a valid value when the system state does not match a value transition criterium and transmitting an alert regarding the blocking;	defining state machine elements in XML models of components of the ICS, thereby reducing exposure and vulnerability of the ICS; and	generating cyber protection policies that instruct the ICS firewalls to block or alert ICS protocol operations that do not meet criteria of a defined state machine.


Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
 	Per interview on May 19, 2022, Applicant agrees for the amendment above for compact prosecution since there  is no art singly or in combination teaches a system to detect an attack on a ship/vessel having ICS firewall processors indicates an attack to a motor system to stop a propulsion system of the HM&E system and the attack is prevented by blocking a write operation of a motor state to a first register, or wherein the output stream indicates an attack to a revolutions per minute (RPM) setpoint of the HM&E system and the attack is prevented by blocking a write operation to a second register. Therefore, claims 1 and 12 are allowed. The closest art is PG Pub 20170214717 (hereinafter Bush) that teaches a policy enforcement applied to industrial system such as motor drive (Fig. 14 and related paragraphs) and WO2014042636A1 (hereinafter Brian) that teaches using ICS for detecting attack (Fig. 3 and related text). However, neither in combination teach the aforementioned allowed claimed features.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Inquiry Communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571) 270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRI M TRAN/Primary Examiner, Art Unit 2432