Data Diode cyber-diode: High-Security Industrial Monitoring of Plants, Machinery, and Critical Infrastructure

Plants and machinery are increasingly connected to the Internet due to the compelling advantages: operational and sensor data from machines and plants is constantly available and can be centrally monitored.

This allows you to, e.g., perform predictive maintenance: you can respond to small changes and carry out the necessary maintenance before damages or even breakdowns occur. In order to be able to benefit from these advantages, however, a high level of cyber security must be ensured. The data diode solution cyber-diode from genua was developed according to the Security by Design principle and enables unidirectional data transfers with highly effective protection of the monitored systems.

Top Highlights

  • Highest product resilience: The only industrial software data diode based on an approved solution

  • Flexible application scenarios thanks to OPC UA support

  • Secure data transfer through VPN encryption from the secret protection area

  • Ensuring the receipt status through delivery confirmation for end-to-end connections

All benefits of cyber-diode at a glance

  • More reliable than fiber optic diodes, more convenient than air gaps and more secure than firewalls
  • Data transmission with confirmation bit – minimalistic feedback about the delivery status of the data packets allows reliable conclusions to be drawn on the completeness of the transfer
  • One-way function cannot be preconfigured; security by design eliminates the possibility of incorrect configuration and backdoors
  • Secure Boot protects against software manipulation
  • Support of OPC UA, FTP, FTPS, SMTP, TCP, UDP and Syslog

  • Complete package of hardware and adapters (protocol converters); no hidden costs

  • Multiple benefits of the Central Management Station genucenter when used with other products from the genua ecosystem

  • Online configuration possible

  • Space-saving DIN-rail mounting (rack mounting with additional kit)

Protect Networked Control Systems

All plants and machinery that send data over the Internet are, in principle, vulnerable as a result. This means that digitally networked systems have to be protected from infection by malicious software and other forms of unauthorized access. Subject to a particularly high protection requirement are, of course, systems that control critical infrastructure or other plants where incorrect functioning could lead to extensive damage or loss of life, e.g., power station turbines, chemical production plants and industrial robots on production lines. cyber-diode offers operators of these systems the highest level of industrial monitoring security.

One-Way Data Transfer with cyber-diode

The risks associated with the digital networking of highly critical control systems can be minimized with cyber-diode. This solution monitors network connections and only allows one-way data transfer – information flow in the opposite direction is completely blocked. Once protected by our data diode, plants, machinery and IT systems can send data over public networks without risking their integrity.

Absolutely Reliable Data Transfer

Our cyber-diode stands apart from the diode solutions from other manufacturers in one important aspect: we can guarantee 100% reliable data transfer. How do we achieve this?

cyber-diode has a minimal feedback channel for status messages. This allows a signal to be sent back to the sender at the end of each transmission to confirm that all data has been completely and correctly received. The feedback is minimal: it consists only of a single status bit (OK/not OK) per connection. 

Conventional glass fiber data diodes without a physical feedback channel are unable to transport this feedback. This means that the sender never knows whether the transfer was successful or if it needs to be repeated again. With this type of data diode, one can never be sure that all data has been transfered – data loss must always be considered a possibility. Using the feedback, the cyber-diode can also always transfer data at the optimal speed: it detects the maximum transfer rate that the receiver can process. cyber-diode supports protocols TCP and UDP, e.g., for Syslog, and FTP for file transfers and SMTP for e-mail via built-in adapters.

High Security Through Low Complexity

With the feedback channel, it must, of course, be ensured that only status messages flow back and not any other data. This aspect is regulated by the diode function that uses state-of-the-art technology: its programming has been kept to a minimum – it only has a few hundred lines of program code – and runs on a microkernel operating system that has also been reduced to an absolute minimum. Due to the low complexity, the central filter process is easy to analize; the code can be examined line by line to exclude errors.

This compact construction of cyber-diode guarantees absolutely reliable one-way data transfer. The degree of security this solution provides can be seen with vs-diode from genua, which uses the same technology and is approved for use up to the SECRET security level by the German Federal Office for Information Security (BSI).

Security by Design Means Guaranteed Error-Free Functioning

We supply cyber-diode as a complete solution that is preconfigured and easy to integrate into your network. The solution’s security by design guarantees the correct functioning of the diode – this cannot be disabled, even through incorrect administration. We will be happy to assist you with the installation – service is provided directly from the manufacturer genua.

Flexible Use Cases through OPC UA Support

cyber-diode fully supports the OPC Unified Architecture (OPC UA), an open standard for exchanging machine data. In plants in the manufacturing and process industry, for example, this is intended to ensure secure, reliable and manufacturer- and platform-independent communication.

The advantages of cyber-diode with OPC UA are apparent in two aspects in particular. First, the standard makes every type of information available at all times and at all locations for every authorized application and every authorized person. Second, the data is now unidirectional and, thus, cannot be tampered with and transmitted across security-critical network boundaries. With OPC UA, cyber-diode further strengthens its security functions: the machine data that it collects, such as control variables, measurement values or parameters, is passed on to client applications in encrypted form.

IOMMU & VPN-ready

In addition to the OPC UA integration, cyber-diode is especially secure through the use of an I/O Memory Management Unit (IOMMU) for compartment separation (black side / red side).

On the red, outgoing side, the data diode is VPN ready. The hardware is suitable for space-saving DIN rails or 19" rack housing and offers UEFI and Secure Boot support. Neither additional hardware nor extra rack space is necessary. Moreover, cyber-diode can be expanded for connection via mobile telephony (LTE) and WLAN.

Knowledge Base

As a collaborative learning company, it is our mission to continuously improve and share our knowledge of IT Security with you. In our Knowledge Base we offer you articles, white papers, analyst reports, research results, videos and more in the field of IT security.
 

Case Study

Satisfied Customers from Remote Maintenance Service – KASTO Maschinenbau

KASTO, a manufacturer of metal saws and storage systems provides rapid service via the Internet with their high security remote maintenance solution genubox.

Read Article

Our sales team will be glad to answer your questions. We are looking forward to get in touch with you.
 

CONTACT US