By Gregory Hale
One of the safest and most secure methods of OT security has always been communication going one way, or unidirectional gateways, after all it is difficult for bad guys to interrupt a process of the data is only going one way.

The problem along those lines was generally about speed of the solution and could it sustain ongoing communications and the other issue was cost.

“We want to change the paradigm of the data diode market,” said Kevin Senator, president and chief executive at Bayshore Networks. “We are looking at a paradigm shift, we are taking this very sophisticated policy, learning and enforcement engine and forcing behavior. We are entering the market to broaden the market. We believe there are people there that want to use the data diode type of capability, unidirectional traffic enforcement, but haven’t done it because of cost and ease of use issue.

To keep in tune with what Senator is saying, Bayshore Networks released Monday SCADAwall, a hardware device that provides safe, non-routable, one-way data transfer from trusted sources in-plant to untrusted destinations such as corporate IT and other outside business destinations.

Schneider Bold

The transfer is completed via data diode functionality, providing a singular encrypted tunnel. SCADAwall physically separates, secures and isolates sensitive equipment in the trusted plant zone from risk of Internet exposure or malicious activity while allowing critical plant data to flow into corporate business systems.

“This allows you to isolate high valued devices and enable them to talk to management tools from the trusted side to the less trusted side in a unidirectional manner, and guarantee the less trusted side cannot to do anything to interact with the machines in any form,” said Toby Weir-Jones, chief product officer at Bayshore Networks. “We have to ensure the trusted domain is flexible and has all types of communication options outbound to the less trusted domain, but there is no return path.”

SCADAwall is the anchor product Bayshore Networks just released to go along with SCADAfuse and OTaccess.

Data diodes, or unidirectional gateways, are one of the strongest security controls available to organizations who want to transfer data from trusted to untrusted domains. Data diodes apply hardware-enforced one-way communication, isolating the trusted network from all forms of inbound connections. Data diodes are routinely used to protect and isolate government networks with differing security levels that need to exchange data. They are also used in large, regulated industries such as nuclear power plants, and electric utilities.

SCADAwall uses standard, commercial off-the-shelf hardware for the base systems, which presents a cost savings. It also uses dedicated high-speed serial interface cards installed in each system and applies an industrial content inspection engine to analyze data in-transit.
“The only way these remote access connections work is through the outbound tunnel that our end point gateway software creates to our OT access server,” Weir-Jones said. “Those are the only two devices allowed to maintain that connection.”

Key features include:

  • Easier to bridge the airgap without burdensome security measures
  • File transfers and server replication from trusted to untrusted networks with guaranteed delivery and provable file validation
  • Hardware-enforced one-way only communication – no network connectivity back into the trusted plant environment
  • Bandwidth-efficient, does not use bandwidth-intensive retransmission methods
  • High performance, 1 gigabit/sec with content-inspection and policy enforcement for data in-transit
  • Budget friendly, very high price:performance ratio
  • 2x1U 19” rack-mountable hardware delivered pre-loaded with software and with hardware dongles for secure management

“We want these tools to be understood and used by operators first rather than by IT people that happen to be walking around the plant floor,” Weir-Jones said. “There are fundamental differences in how an operator works rather than an IT guy. Anything that impacts operations is catastrophically bad. It doesn’t matter if it is a large impact or a small impact, it all leads to a lack of confidence.

“While the high profile media stories about international attacks and espionage attacks are scary, the pragmatic risk our customers continuously identify is people that are on site and they have some degree of permission and access and tools, but they do the wrong thing. It is not necessarily malicious, but it still can have the same type of catastrophic affect. The customers’ concern is about unauthorized or unexpected communications that occur from within or behind the IT/OT perimeter.

SCADAwall will start shipping by July 15.

ISSSource

Pin It on Pinterest

Share This