Owl Cyber Defense
Secure by Design
banner-gradient.png

Owl Blog

Cybersecurity, Technology News and Insights

 
 
2018-Welcome.png

After months of planning, we are thrilled to launch our new blog! Here you’ll find the hottest cybersecurity tech trends, latest industry news and helpful tips and tricks in mitigating cyber threats. As we continue to learn more about what our readers are interested in, we will work hard to create valuable content to help cyber security professionals with product innovations, news and insights on laws and regulations in #InfoSec.

We wanted a new way to collaborate and communicate with our community, share multimedia such as videos, use cases and other helpful resources. Visit often we have lots to share!

We look forward to growing with you as we embark on this new journey. Don’t forget to subscribe above and follow us on social media! Thanks for coming by!

- TEAM OWL


 
 

ReCon: A New Chapter | Embrace the Value of Secure Two-way Communication

 
By Mark Toussaint | Product Manager
2018-6_8-article.jpg

June 8, 2018

I recently attended the DistribuTECH and OSIsoft PI World, as an exhibitor and a speaker, and I had a number of great conversations with attendees about cybersecurity in the industrial, commercial, and critical infrastructure verticals. These conversations ranged from the theoretical down to the specific technologies, such as Owl data diode solutions, and hit upon the varied requirements and challenges these particular industries face every day.

I have often found it helpful to refer people to the Department of Homeland Security’s (DHS) recommendations for securing industrial control systems. The recommendations are outlined in a fantastic and highly informative white paper titled “Seven Strategies to Defend Industrial Control Systems”. (If you haven’t read it yet, I definitely recommend taking the time to get familiar the DHS recommendations.)

The basic concept of the DHS strategies can be summarized as:

  • If any external connections are for monitoring purposes only, convert them to one-way out
  • If data transfers into the OT network are required (software updates, patches, etc.), convert as many as possible to one-way in
  • And lock down any remaining two-way connections with a single open port over a restricted network path

In general, these folks understand and to a certain degree have embraced to value of employing data diodes as a secure way to move data one-way, typically from the ICS/OT network to their IT/business network, or moving software updates one-way into a secured network. However, until now, there has been no practical way to leverage the benefits of hardware-based data diode security for communications that have to be two-way. So as the conversation progresses, people inevitably come out with some version of:

“I understand the value of using data diodes to move data one-way, but I have this one application that just cannot be one-way. How can you address that two-way requirement with data diodes?”

These two-way data streams frequently involve scenarios where the customer needs the ability to conduct remote command and control, remote monitoring, remote help desk, or even SCADA system replication. Think of an employee charged with monitoring a remote asset like a dam, substation, or a pump station. On a Saturday afternoon they receive an alarm on their mobile phone saying that a PLC setting requires attention. In the real world, remediating the alarm condition may involve a 50-mile drive to a remote asset, on a weekend, for a 5-minute PLC setting change. To make matters worse, the remote asset could be unmanned, and security also needs to be brought in to allow the employee onsite access.

Recently we’ve opened a new chapter in Owl’s network security solutions. After gathering feedback from conversations such as those at our recent trade shows and from our many diverse customers, we’ve taken the requests and requirements from the field and used them to develop a brand new product – ReCon.

ReCon was designed to address the two-way communication capability gap, combining the same proven security benefits of a hardware-based cybersecurity solution with the ability to provide secure round trip, bidirectional communication. It utilizes two independent one-way paths, each completely independent from the other and using its own hardware-enforced data diode, built on Owl’s proven DualDiode Technology. The two data diodes each enable only one direction (send or receive) of data transfer, together creating a complete bidirectional pathway with a much higher security profile than software-based tools, such as firewalls.

For more information on ReCon, check out the data sheet or contact your Owl Account Executive, and check out the Solutions page of our website for more info on Owl’s other award-winning cybersecurity solutions.