Learn how and why these one-way devices are increasingly being used to help protect industrial networks against common cybersecurity vulnerabilities.
By Scott Coleman, director of marketing/product management, Owl Cyber Defense Solutions, Inc.
Cyberattacks increasingly have made news headlines around the globe. Recently, the New York Times published an article about a cyberattack earlier this year that involved Russia’s hacking of utilities and critical infrastructure. Though some infiltration did occur, this solely and specifically was on the network side, leaving operations untouched thanks to a hardware-enforced security technology called a data diode.
The risks, and subsequent strategies to fight these attacks, constantly are changing. Data diodes are one such strategy used to counter cyberthreats. This one-way technology protects against common network vulnerabilities. Here, we’ll take a closer look at how they support cybersecurity.
Traditional cybersecurity solutions are susceptible to getting hacked for one of two reasons:
- A flaw is present and can be exploited in the software configuration or operation of the solution. Such flaws manifest themselves in different ways, but the bottom line is that a mechanism exists whereby an intruder can bypass or disable the security barriers that have been put in place to stop them. These flaws or vulnerabilities are discovered frequently across all types of devices and constantly are in the news, putting companies and digital assets at risk.
- The second kind of failure is the compromising or stealing of legitimate credentials through social engineering, phishing, and other such tactics. This allows an intruder in through a verified and legitimate access point.
Fortunately, data diodes are not susceptible to either of these two methods of network compromise. The first pathway to susceptibility cited above — an existing flaw — is blocked because of the data diode’s hardware design. Data diodes rely on hardware enforcement, which cannot be changed or manipulated electronically and therefore have nothing to exploit.
The second approach — stolen credentials — is thwarted by a data diode’s operational characteristics. A data diode’s hardware only physically allows data to move in one direction. Even with legitimate credentials, an intruder cannot hack into a network through a data diode. Without a software solution’s shortcomings, data diodes cannot be hacked or used as a threat vector into a network.
At its most basic level, a data diode operates based on the circuitry it contains. An LED sends data to a photo-receiver, one way, with no physical return path. It doesn’t rely on software applications, permissions, signatures or configuration parameters (all of which can be changed and compromised) to perform its job.
Why don’t we often hear about data diodes if they’re so great? For several reasons:
- They are a security device, and most users don’t like to disclose how they are protecting their networks.
- They work at the network level, and most people aren’t familiar with how networks operate.
- They initially were adopted by the U.S. Department of Defense, the intelligence community and other government agencies, so they didn’t get a lot of publicity for good reasons.
- They operate in a more secure manner, which requires network designers and security teams to plan a little differently. However, the increased security is well worth it to verify data is protected, client/customer information and operations are secure, and vital systems such as power grids are stable and reliable.
Mitigating Risk and Bolstering Network Security
Organizations actively are decreasing reliance on software and firewalls for cyber defense and opting for hardware-enforced security that is more reliable and virtually unhackable. According to the research firm Gartner, cybersecurity spending is expected to exceed $1 trillion by 2021. Because of this growth, we’ve seen rapid adoption of hardware-enforced security and thousands of data diode deployments globally.
Cybersecurity needs and requirements have changed drastically. Data diodes can’t be hacked and are used in secure, trusted networks across a range of industries, including oil and gas production, financial services, transportation, telecommunications, power generation/transmission/distribution, water/wastewater, universities and manufacturing.
Owl Cyber Defense Solutions, Inc., based in Ridgefield, Connecticut, is an EncompassTM Product Partner in the Rockwell Automation PartnerNetworkTM program. The company provides next-generation cybersecurity. Its DualDiode technology has been deployed in more than 2,000 solutions across government, military and critical infrastructure networks.
The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Putman Media, Inc.