DigiSAFE Data Diode & FCS (2018-06-27)
DigiSAFE Data Diode & FCS (2018-06-27)
Co-confidential
Recent Cyber Attacks
2 | Co-confidential
Cyber Attacks Attack Impact and
Scenarios Consequences
Stolen Information/
Wi-Fi Execution of Malware
Why do organisations
need to protect
Stolen Identity/
their critical Internet Surfing Execution of Malware
information?
Forging of Email/
Email Execution of Malware
3 | Co-confidential
PLCs/RTUs Loss of Lives
Defeating the Cyber Attack Kill Chain
STEE Data Diode prevents data
leakages from secure networks. Malicious payload grows
exponentially.
A “signature-less” solution is
STEE Secure Files Transfer more enduring.
solutions ensures malicious
payload does not infiltrate the
secured networks.
4 | Co-confidential
Protecting Industrial Control System /
SCADA Networks
SCADA Server /
Historian Database
Corporate IT
Networks
Power Generation /
Water Treatment
Networks Data Diode
Replicated Server /
Database
6 | Co-confidential
Protecting Sensitive Network
File Cleansing
Internet Controller
Data Diode
File Cleansing
Receiver
Highly
Sensitive
Networks
9 | Co-confidential
Protecting the Big Data Central System
Video Surveillance
Smart Metering Wearable sensors
Autonomous
Transport Payment
Smart Home
Industry 4.0
Data Diode
Big Data
Central
(Analytics)
System
11 | Co-confidential
Integrating Networks Securely
OT Networks Physical Sensors IT Network OSINT
(e.g. Building Mgmt Sys) Security (e.g. radar) activities (e.g. Social Media,
(e.g. CCTV) (e.g. SYSLOG) Dark Web, etc)
Historian Proprietary
Database Video Logs Files
Data
Internet / Intranet
Operation Centers
(NOC/SOC)
Data Diode allows for operational data & logs from different enterprise OT and IT networks to be consolidated at NOC / SOC
for monitoring and analysis, while keeping each network isolated (air-gap) from each other.
12 | Co-confidential
Data Diode Protocols
Data Diode Data Diode
Sending System A Sender Receiver Receiving System B
Files Transfer SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS
Client Server Client Server
(Filezilla, WinSCP) 500
Folders Mirroring SMB / CIFS SMB / CIFS Mbps
(Windows / Linux)
Emails (Domain) (Domain)
(S / MIME)
Client Server Proxy Client Server
SCADA OPC OPC UA OPC UA
OPC Server OPC Client OPC Server OPC Client
DA / UA
13 | Co-confidential
Protecting the Confidentiality, Integrity and
Availability of Critical Systems
Information Assurance by Design
Ensures no data leakage due to hardware-enforced one-way communication
Compact Design
Allows all Data Diode functionalities to be encapsulated within a 1U hardware
rack space
Co-confidential
Files, Files, Files Isolation is the better Protection Mechanism.
Signature-less is the more Enduring solution.
Convert &
Extract
Data Files
17 | Co-confidential
Secure Files Transfer Architecture
NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B
18 | Co-confidential
Secure Files Transfer Architecture
NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B High Assurance Architecture
• HAG Design – FCS engines
protected by 2 pairs of
FCS FCS FCS data diodes.
TXC
DD Engines RXC
• System Alerts @ FCS RXC
• Active-Active Paths
• Zero-loss feedback loop
DD MXC DD CXC • System Dashboard @ CXC
19 | Co-confidential
Thank You
Co-confidential