0% found this document useful (0 votes)
189 views15 pages

DigiSAFE Data Diode & FCS (2018-06-27)

The document discusses cybersecurity threats and strategies for protecting industrial control systems and sensitive networks. It describes using hardware-enforced unidirectional data diodes to isolate networks and prevent data leakage. The data diode allows operational data and logs to be consolidated for monitoring while keeping networks air-gapped. Protocols like SFTP, SMB, and OPC are supported to integrate networks securely.

Uploaded by

Tuan MA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
189 views15 pages

DigiSAFE Data Diode & FCS (2018-06-27)

The document discusses cybersecurity threats and strategies for protecting industrial control systems and sensitive networks. It describes using hardware-enforced unidirectional data diodes to isolate networks and prevent data leakage. The data diode allows operational data and logs to be consolidated for monitoring while keeping networks air-gapped. Protocols like SFTP, SMB, and OPC are supported to integrate networks securely.

Uploaded by

Tuan MA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

 Hardware-enforced Unidirectional Communication

 Secure Data Transfer


 Prevent Data Leakage

Co-confidential
Recent Cyber Attacks

2 | Co-confidential
Cyber Attacks Attack Impact and
Scenarios Consequences
Stolen Information/
Wi-Fi Execution of Malware
Why do organisations
need to protect
Stolen Identity/
their critical Internet Surfing Execution of Malware
information?
Forging of Email/
Email Execution of Malware

Why is unidirectional Creation of


IoT Devices Backdoor Access
data diode more
resilient than firewalls? Forging Data/
ICS/SCADA Manipulation of
Control System

3 | Co-confidential
PLCs/RTUs Loss of Lives
Defeating the Cyber Attack Kill Chain
STEE Data Diode prevents data
leakages from secure networks. Malicious payload grows
exponentially.
A “signature-less” solution is
STEE Secure Files Transfer more enduring.
solutions ensures malicious
payload does not infiltrate the
secured networks.

Vulnerabilities exist at both


Isolation is a better protection hardware and software.
mechanism than detection.
The unidirectional STEE Data
Diode disables all C2
communications.

Degrade, Disrupt, Denial


and Destroy.

4 | Co-confidential
Protecting Industrial Control System /
SCADA Networks
SCADA Server /
Historian Database
Corporate IT
Networks

Power Generation /
Water Treatment
Networks Data Diode

Replicated Server /
Database

6 | Co-confidential
Protecting Sensitive Network
File Cleansing
Internet Controller

Data Diode
File Cleansing
Receiver

Highly
Sensitive
Networks

9 | Co-confidential
Protecting the Big Data Central System
Video Surveillance
Smart Metering Wearable sensors
Autonomous
Transport Payment

Smart Home
Industry 4.0

Data Diode
Big Data
Central
(Analytics)
System

11 | Co-confidential
Integrating Networks Securely
OT Networks Physical Sensors IT Network OSINT
(e.g. Building Mgmt Sys) Security (e.g. radar) activities (e.g. Social Media,
(e.g. CCTV) (e.g. SYSLOG) Dark Web, etc)

Historian Proprietary
Database Video Logs Files
Data
Internet / Intranet

Operation Centers
(NOC/SOC)
Data Diode allows for operational data & logs from different enterprise OT and IT networks to be consolidated at NOC / SOC
for monitoring and analysis, while keeping each network isolated (air-gap) from each other.

12 | Co-confidential
Data Diode Protocols
Data Diode Data Diode
Sending System A Sender Receiver Receiving System B

UDP / TCP / SNMP Data IP Add / Port IP Add / Port Data


SYSLOG / HTTPS
Video VLC VLC
Player Player
Streaming

Files Transfer SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS
Client Server Client Server
(Filezilla, WinSCP) 500
Folders Mirroring SMB / CIFS SMB / CIFS Mbps
(Windows / Linux)
Emails (Domain) (Domain)
(S / MIME)
Client Server Proxy Client Server
SCADA OPC OPC UA OPC UA
OPC Server OPC Client OPC Server OPC Client
DA / UA

13 | Co-confidential
Protecting the Confidentiality, Integrity and
Availability of Critical Systems
Information Assurance by Design
Ensures no data leakage due to hardware-enforced one-way communication

High Throughput & Robust Performance


Configurable for High Availability

Compact Design
Allows all Data Diode functionalities to be encapsulated within a 1U hardware
rack space

Ease of System Integration & Customisation


Supports multiple IT and SCADA/ICS networking protocols and can be
customised to any operational requirement
15 | Co-confidential
Secure Files Transfer Solution

Co-confidential
Files, Files, Files Isolation is the better Protection Mechanism.
Signature-less is the more Enduring solution.

Convert &
Extract

Data Files

Parse & Opcode Detection


Check In Data Files
Data Files
(Need to preserve Content)
True File Type
Detection
Malware
Detection
Machine Learning Traditional Genetic
Binaries
AV Scanner AV Scanner AV Scanner

17 | Co-confidential
Secure Files Transfer Architecture
NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B

Files Cleansing Controller Engines


• True Files Type Detection
• Files Conversion
• Content Disarm & Reconstruction
• Static Codes Analysis
• Anti-Virus Scanners
• Sandbox Solutions

18 | Co-confidential
Secure Files Transfer Architecture

NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B High Assurance Architecture
• HAG Design – FCS engines
protected by 2 pairs of
FCS FCS FCS data diodes.
TXC
DD Engines RXC
• System Alerts @ FCS RXC
• Active-Active Paths
• Zero-loss feedback loop
DD MXC DD CXC • System Dashboard @ CXC

19 | Co-confidential
Thank You

Co-confidential

You might also like