Owl Cyber Defense
Secure by Design
banner-gradient.png

Owl Blog

Cybersecurity, Technology News and Insights

 
 
2018-Welcome.png

After months of planning, we are thrilled to launch our new blog! Here you’ll find the hottest cybersecurity tech trends, latest industry news and helpful tips and tricks in mitigating cyber threats. As we continue to learn more about what our readers are interested in, we will work hard to create valuable content to help cyber security professionals with product innovations, news and insights on laws and regulations in #InfoSec.

We wanted a new way to collaborate and communicate with our community, share multimedia such as videos, use cases and other helpful resources. Visit often we have lots to share!

We look forward to growing with you as we embark on this new journey. Don’t forget to subscribe above and follow us on social media! Thanks for coming by!

- TEAM OWL


 
 

How Data Diode Cybersecurity is Being Used to Protect Critical Infrastructure in the Middle East

 
By Dennis Lanahan
Director of International Sales
maid-milinkic-611951-unsplash.jpg

October 11, 2018

How Data Diode Cybersecurity is Being Used to Protect Critical Infrastructure in the Middle East

In late 2012, there was a severe, targeted malware cyber-attack on a number of oil & gas facilities using what became known as the Shamoon virus. This Windows-based malware differed from other types of attacks, which typically involved attempting to steal money or information, in that it was designed to aggressively seek paths across networks, seizing any hard disks it might find, wiping out all information, and rendering the hardware useless.

This attack was known for years as the “biggest hack in history,” although of course that dubious honor was bound to be overshadowed at some point. In addition to forcing the oil & gas companies to buy thousands of new hard drives for all of the corrupted machines, they also disconnected all of their operational systems from external connections in an attempt to limit the damage.

However, once they managed to get up and running again, they quickly realized that they needed a way to safely and securely restore business continuity (data flow) between their plant operations and their corporate networks.

The affected organizations had three primary requirements for resuming business continuity:

  1. Implement a method for secure remote monitoring – data sent outside the plant network, so external business users can access the data for analytics and maintenance.

  2. Ensure that only “known and trusted” monitoring data would be allowed out of the plants into the central corporate network.

  3. Segment and isolate the plant network from all external access – no network connection or data transfer allowed into the plant.

Software firewalls were not sufficiently secure to meet the absolute segmentation requirements to isolate the plant network as they are inherently two-way communication devices. Even if they are configured to be one-way, they can be hacked and/or reconfigured again to operate in a two-way manner. In fact, there were already firewalls in place when the first attacks occurred.

However, data diodes are physically enforced with a hardware-based security mechanism: light travelling one-way from an LED to a photo receiver. Authorized data travels one way – for remote monitoring – but not in the other. Neither changes to the security policy nor software reconfiguration nor hacking/malware can cause a non-existent hardware component to appear. This is why they made for the ideal solution to this cybersecurity problem.

In addition Owl’s data diode solutions implement a non-routable protocol break between the networks.  All data moving across the diode solution has no source or destination IP addresses within the packet header.  Thus removing threats caused within some Zero Day attacks as self-propagating virus attacks cannot traverse the Owl diodes.  This security feature ensures that the source and destination network IP addresses are not know to each other.  This provides for 100% confidentiality between the networks.

Data diodes could allow the plant operators to transfer a variety of data types out of the secured plant network, including files, Syslog and Modbus, SNMP trap data and emails, HMI screen replication, OPC data, and historian database replication, such has OSIsoft, GE, Yokogawa, Honeywell and others. The company could then use this data in their corporate network for business continuity, including any number of analytics, performance monitoring, alarms/alerts, physical security/video, and other uses.

Today in the Middle East region, data diodes are now deployed not only in oil and gas, but in desalination water facilities, power generation sites, petrochemical operations, and various government agencies. Since the Shamoon virus attacks in 2012 (and again in 2016 and 2017), data diodes have been trusted and deployed by many asset owners at hundreds of sites in the region.

With the continuing threats of malware and cyber-attacks, Owl continues to work with asset owners to secure their critical infrastructure and help to prevent such a devastating attack from ever happening again in any organization.

Thank you for reading the post, as part of the DHS Cybersecurity Awareness Month campaign, we are opening the conversation and would like to hear about what challenges that you are having in your efforts to become more cybersecurity ready. Get in touch or chat us up on twitter via #SecureTogether

About The Author

Dennis Lanahan is the Director of International Sales at Owl Cyber Defense. Dennis brings an extensive and rich experience in cybersecurity in Europe and the Middle East regions. His deep understanding of the geo-political situations and threat landscape provides an unmatched benefit to customers in assessing cybersecurity risks in their organizations.