1 | Co-confidential

Our Cyber World

Expanding Bandwidth
& Connectivity

ICT Facts & Figures 2017

2 | Co-confidential
 Our Cyber World Cathay Pacific Data Breach Exposed
Personal Information of 9.4 Million
Passengers – 25 Oct 2018

Expanding Bandwidth
& Connectivity
“includes about 860,000 passport numbers, 403
expired credit card numbers, names, nationalities,
dates of birth, phone numbers, emails, addresses” – 26 Feb 2016

Cyber-Attacks
Hack of Saudi Petrochemical Plant Was
Coordinated From Russian Institute
– 23 Oct 2018

Who will be the next Victim? – 3 Oct 2018

“first known attempt to manipulate an
emergency-shutdown system, which is designed
to avoid disaster and protect human lives.”
3 | Co-confidential
 Our Cyber World Total Malwares from 1984-2018

Expanding Bandwidth
& Connectivity

Cyber-Attacks

https://www.av-test.org/en/statistics/malware/

4 | Co-confidential How to deal with cyber threats that grow exponentially?

 Our Cyber World

Expanding Bandwidth
& Connectivity

Cyber-Attacks

Network
Separation
To Connect or NOT to Connect?

5 | Co-confidential
 Hardware-enforced
Unidirectional Communication
Secure Data Transfer
Prevent Data Leakage

Unifying User’s Convenience and Cyber Security

6 | Co-confidential
 Protecting Industrial Control System / SCADA

To: Other Enterprise

Management Systems

IT Network
OT Network
Internet

Workstations
Workstations
7 | Co-confidential
 Protecting Industrial Control System / SCADA
Historian Replicated
OPC Application SCADA OPC
Database Historian
Servers Servers Servers Client
Servers Database

OT Network IT Network

HMI /
Engineering Smart Probe
Stations
SIEM /
NMS

Industrial Network Threat Detection

PLCs
8 | Co-confidential (Actuators, Pumps, Engines, etc.)
 Protecting Sensitive Information Systems

File Cleansing
Solution

Intranet

Classified Network / Secure Vault

9 | Co-confidential
 Air-Gap For High Assurance Solution

Intranet Intranet Intranet Intranet

CXC
CXC
Internet Internet
Susceptible to Internet
Network-based Attacks
and Data Leakages Mitigate All Network-
Internet
Content Checker to
based Attacks mitigate Application- Protect the Integrity of
Level Attacks the Content Checker

10 | Co-confidential
 Integrating Data Diode into Operational Environments

11 | Co-confidential
 Example: TCP/IP
Client 1 TCP / IP

Client 2 Server

DigiSAFE DigiSAFE
Data Diode Data Diode
Client 1 TCP/IP Sender Receiver TCP/IP

Client 2 Server
One-Way Fiber Optic Connection

 Support SSL
 Network layer headers are not relayed over Data Diode
 Data Diode Sender will alway return “OK” to Client
 Can config to support multiple sending and receiving end-points
12 | Co-confidential

NOT FOR DISTRIBUTION!

 Example: SFTP
NAS

SFTP Client SFTP Server

DigiSAFE DigiSAFE
Data Diode Data Diode
Sender Receiver
SSD
NAS
SSD

SFTP Client SFTP Server SFTP Client SFTP Server

(Sending Network) (Receiving Network)
One-Way
Fiber Optic Connection

13 | Co-confidential

NOT FOR DISTRIBUTION!

 Protecting the Confidentiality, Integrity and
Availability of Critical Systems
Information Assurance by Design
Ensures no data leakage due to hardware-enforced one-
way communication.

High Throughput & Robust Performance • What are you trying to protect?
Files lost detection capability;  Location of Data Diode
Configurable for High Availability.

Ease of System Integration & Customisation

• What are the data that needs
Supports an array of IT and SCADA/ICS networking to be transferred?
protocols for system integration and interoperability.  Direction & Protocols
Compact Design
Allows all functionalities to be encapsulated within a
compact footprint.
14 | Co-confidential