Professional Documents
Culture Documents
Expanding Bandwidth
& Connectivity
2 | Co-confidential
Our Cyber World Cathay Pacific Data Breach Exposed
Personal Information of 9.4 Million
Passengers – 25 Oct 2018
Expanding Bandwidth
& Connectivity
“includes about 860,000 passport numbers, 403
expired credit card numbers, names, nationalities,
dates of birth, phone numbers, emails, addresses” – 26 Feb 2016
Cyber-Attacks
Hack of Saudi Petrochemical Plant Was
Coordinated From Russian Institute
– 23 Oct 2018
Expanding Bandwidth
& Connectivity
Cyber-Attacks
https://www.av-test.org/en/statistics/malware/
Expanding Bandwidth
& Connectivity
Cyber-Attacks
Network
Separation
To Connect or NOT to Connect?
5 | Co-confidential
Hardware-enforced
Unidirectional Communication
Secure Data Transfer
Prevent Data Leakage
6 | Co-confidential
Protecting Industrial Control System / SCADA
IT Network
OT Network
Internet
Workstations
Workstations
7 | Co-confidential
Protecting Industrial Control System / SCADA
Historian Replicated
OPC Application SCADA OPC
Database Historian
Servers Servers Servers Client
Servers Database
OT Network IT Network
HMI /
Engineering Smart Probe
Stations
SIEM /
NMS
PLCs
8 | Co-confidential (Actuators, Pumps, Engines, etc.)
Protecting Sensitive Information Systems
File Cleansing
Solution
Intranet
9 | Co-confidential
Air-Gap For High Assurance Solution
CXC
CXC
Internet Internet
Susceptible to Internet
Network-based Attacks
and Data Leakages Mitigate All Network-
Internet
Content Checker to
based Attacks mitigate Application- Protect the Integrity of
Level Attacks the Content Checker
10 | Co-confidential
Integrating Data Diode into Operational Environments
11 | Co-confidential
Example: TCP/IP
Client 1 TCP / IP
Client 2 Server
DigiSAFE DigiSAFE
Data Diode Data Diode
Client 1 TCP/IP Sender Receiver TCP/IP
Client 2 Server
One-Way Fiber Optic Connection
Support SSL
Network layer headers are not relayed over Data Diode
Data Diode Sender will alway return “OK” to Client
Can config to support multiple sending and receiving end-points
12 | Co-confidential
DigiSAFE DigiSAFE
Data Diode Data Diode
Sender Receiver
SSD
NAS
SSD
13 | Co-confidential
High Throughput & Robust Performance • What are you trying to protect?
Files lost detection capability; Location of Data Diode
Configurable for High Availability.