Plants and machinery are increasingly connected to the Internet due to the compelling advantages: operational and sensor data from machines and plants is constantly available and can be centrally monitored.
This allows you to, e.g., perform predictive maintenance: you can respond to small changes and carry out the necessary maintenance before damages or even breakdowns occur. In order to be able to benefit from these advantages, however, a high level of cyber security must be ensured. The data diode solution cyber-diode from genua was developed according to the Security by Design principle and enables unidirectional data transfers with highly effective protection of the monitored systems.
Highest product resilience: The only industrial software data diode based on an approved solution
Flexible application scenarios thanks to OPC UA support
Secure data transfer through VPN encryption from the secret protection area
Ensuring the receipt status through delivery confirmation for end-to-end connections
- More reliable than fiber optic diodes, more convenient than air gaps and more secure than firewalls
- Data transmission with confirmation bit – minimalistic feedback about the delivery status of the data packets allows reliable conclusions to be drawn on the completeness of the transfer
- One-way function cannot be preconfigured; security by design eliminates the possibility of incorrect configuration and backdoors
- Secure Boot protects against software manipulation
Support of OPC UA, FTP, FTPS, SMTP, TCP, UDP and Syslog
Complete package of hardware and adapters (protocol converters); no hidden costs
Multiple benefits of the Central Management Station genucenter when used with other products from the genua ecosystem
Online configuration possible
Space-saving DIN-rail mounting (rack mounting with additional kit)
All plants and machinery that send data over the Internet are, in principle, vulnerable as a result. This means that digitally networked systems have to be protected from infection by malicious software and other forms of unauthorized access. Subject to a particularly high protection requirement are, of course, systems that control critical infrastructure or other plants where incorrect functioning could lead to extensive damage or loss of life, e.g., power station turbines, chemical production plants and industrial robots on production lines. cyber-diode offers operators of these systems the highest level of industrial monitoring security.
The risks associated with the digital networking of highly critical control systems can be minimized with cyber-diode. This solution monitors network connections and only allows one-way data transfer – information flow in the opposite direction is completely blocked. Once protected by our data diode, plants, machinery and IT systems can send data over public networks without risking their integrity.
cyber-diode has a minimal feedback channel for status messages. This allows a signal to be sent back to the sender at the end of each transmission to confirm that all data has been completely and correctly received. The feedback is minimal: it consists only of a single status bit (OK/not OK) per connection.
Conventional glass fiber data diodes without a physical feedback channel are unable to transport this feedback. This means that the sender never knows whether the transfer was successful or if it needs to be repeated again. With this type of data diode, one can never be sure that all data has been transfered – data loss must always be considered a possibility. Using the feedback, the cyber-diode can also always transfer data at the optimal speed: it detects the maximum transfer rate that the receiver can process. cyber-diode supports protocols TCP and UDP, e.g., for Syslog, and FTP for file transfers and SMTP for e-mail via built-in adapters.
With the feedback channel, it must, of course, be ensured that only status messages flow back and not any other data. This aspect is regulated by the diode function that uses state-of-the-art technology: its programming has been kept to a minimum – it only has a few hundred lines of program code – and runs on a microkernel operating system that has also been reduced to an absolute minimum. Due to the low complexity, the central filter process is easy to analize; the code can be examined line by line to exclude errors.
This compact construction of cyber-diode guarantees absolutely reliable one-way data transfer. The degree of security this solution provides can be seen with vs-diode from genua, which uses the same technology and is approved for use up to the SECRET security level by the German Federal Office for Information Security (BSI).
We supply cyber-diode as a complete solution that is preconfigured and easy to integrate into your network. The solution’s security by design guarantees the correct functioning of the diode – this cannot be disabled, even through incorrect administration. We will be happy to assist you with the installation – service is provided directly from the manufacturer genua.
As a collaborative learning company, it is our mission to continuously improve and share our knowledge of IT Security with you. In our Knowledge Base we offer you articles, white papers, analyst reports, research results, videos and more in the field of IT security.
The advantages of cyber-diode with OPC UA are apparent in two aspects in particular. First, the standard makes every type of information available at all times and at all locations for every authorized application and every authorized person. Second, the data is now unidirectional and, thus, cannot be tampered with and transmitted across security-critical network boundaries. With OPC UA, cyber-diode further strengthens its security functions: the machine data that it collects, such as control variables, measurement values or parameters, is passed on to client applications in encrypted form.
On the red, outgoing side, the data diode is VPN ready. The hardware is suitable for space-saving DIN rails or 19" rack housing and offers UEFI and Secure Boot support. Neither additional hardware nor extra rack space is necessary. Moreover, cyber-diode can be expanded for connection via mobile telephony (LTE) and WLAN.