 Hardware-enforced Unidirectional Communication

 Secure Data Transfer

 Prevent Data Leakage

Co-confidential
Recent Cyber Attacks

2 | Co-confidential
Cyber Attacks Attack Impact and
Scenarios Consequences
Stolen Information/
Wi-Fi Execution of Malware
Why do organisations
need to protect
Stolen Identity/
their critical Internet Surfing Execution of Malware
information?
Forging of Email/
Email Execution of Malware

Why is unidirectional Creation of

IoT Devices Backdoor Access
data diode more
resilient than firewalls? Forging Data/
ICS/SCADA Manipulation of
Control System

3 | Co-confidential
PLCs/RTUs Loss of Lives
Defeating the Cyber Attack Kill Chain
STEE Data Diode prevents data
leakages from secure networks. Malicious payload grows
exponentially.
A “signature-less” solution is
STEE Secure Files Transfer more enduring.
solutions ensures malicious
payload does not infiltrate the
secured networks.

Vulnerabilities exist at both

Isolation is a better protection hardware and software.
mechanism than detection.
The unidirectional STEE Data
Diode disables all C2
communications.

Degrade, Disrupt, Denial

and Destroy.

4 | Co-confidential
 Protecting Industrial Control System /
SCADA Networks
SCADA Server /
Historian Database
Corporate IT
Networks

Power Generation /
Water Treatment
Networks Data Diode

Replicated Server /
Database

6 | Co-confidential
 Protecting Sensitive Network
File Cleansing
Internet Controller

Data Diode
File Cleansing
Receiver

Highly
Sensitive
Networks

9 | Co-confidential
 Protecting the Big Data Central System
Video Surveillance
Smart Metering Wearable sensors
Autonomous
Transport Payment

Smart Home
Industry 4.0

Data Diode
Big Data
Central
(Analytics)
System

11 | Co-confidential
Integrating Networks Securely
OT Networks Physical Sensors IT Network OSINT
(e.g. Building Mgmt Sys) Security (e.g. radar) activities (e.g. Social Media,
(e.g. CCTV) (e.g. SYSLOG) Dark Web, etc)

Historian Proprietary
Database Video Logs Files
Data
Internet / Intranet

Operation Centers
(NOC/SOC)
Data Diode allows for operational data & logs from different enterprise OT and IT networks to be consolidated at NOC / SOC
for monitoring and analysis, while keeping each network isolated (air-gap) from each other.

12 | Co-confidential
Data Diode Protocols
Data Diode Data Diode
Sending System A Sender Receiver Receiving System B

UDP / TCP / SNMP Data IP Add / Port IP Add / Port Data

SYSLOG / HTTPS
Video VLC VLC
Player Player
Streaming

Files Transfer SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS
Client Server Client Server
(Filezilla, WinSCP) 500
Folders Mirroring SMB / CIFS SMB / CIFS Mbps
(Windows / Linux)
Emails (Domain) (Domain)
(S / MIME)
Client Server Proxy Client Server
SCADA OPC OPC UA OPC UA
OPC Server OPC Client OPC Server OPC Client
DA / UA

13 | Co-confidential
Protecting the Confidentiality, Integrity and
Availability of Critical Systems
Information Assurance by Design
Ensures no data leakage due to hardware-enforced one-way communication

High Throughput & Robust Performance

Configurable for High Availability

Compact Design
Allows all Data Diode functionalities to be encapsulated within a 1U hardware
rack space

Ease of System Integration & Customisation

Supports multiple IT and SCADA/ICS networking protocols and can be
customised to any operational requirement
15 | Co-confidential
Secure Files Transfer Solution

Co-confidential
 Files, Files, Files Isolation is the better Protection Mechanism.
Signature-less is the more Enduring solution.

Convert &
Extract

Data Files

Parse & Opcode Detection

Check In Data Files
Data Files
(Need to preserve Content)
True File Type
Detection
Malware
Detection
Machine Learning Traditional Genetic
Binaries
AV Scanner AV Scanner AV Scanner

17 | Co-confidential
Secure Files Transfer Architecture
NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B

Files Cleansing Controller Engines

• True Files Type Detection
• Files Conversion
• Content Disarm & Reconstruction
• Static Codes Analysis
• Anti-Virus Scanners
• Sandbox Solutions

18 | Co-confidential
Secure Files Transfer Architecture

NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B High Assurance Architecture
• HAG Design – FCS engines
protected by 2 pairs of
FCS FCS FCS data diodes.
TXC
DD Engines RXC
• System Alerts @ FCS RXC
• Active-Active Paths
• Zero-loss feedback loop
DD MXC DD CXC • System Dashboard @ CXC

19 | Co-confidential
Thank You

Co-confidential