Owl Cyber Defense
Data Diode Specialist
banner-critical_infrastructure.jpg

Network Security Solutions

Data Network

& Digital Asset Protection

 
 

Network Security Solutions

SOLUTIONS: OPDS-5D | OPDS-100D | OPDS-100 | OPDS-1000 | EPDS | MPDS-RS232 | SSUS

Critical Infrastructure Brochure

Critical Infrastructure Brochure

The Owl Perimeter Defense Solution (OPDS) product line is designed to support the Critical Infrastructure markets.  These cybersecurity products are oriented around protecting the data networks and digital assets (SCADA, PLCs, DCS, databases, historians, etc.) located at various critical infrastructure facilities including plants, mines, power plants, banks, substations, credit unions, pump stations, oil rigs, etc.

OPDS Product Selection Guide

OPDS Product Selection Guide

The concept is to protect the control systems within the facility by creating a secure cyber perimeter around the plant so that plant operations are not interrupted, sabotaged or otherwise impacted by some kind of cyberattack. The concern is not only for threats against single facilities (i.e. a nuclear power plants, refineries) but also a coordinated, simultaneous attack that shuts down multiple power substations, freshwater delivery systems or bank branches for example; leading to significant stress, disorder, and in the minds of the attackers, chaos.

The OPDS products perform two missions:

       1. Absolutely prevent any network based cyberattack from infiltrating a facility

       2. Allow critical operational information/data to be transferred out of the plant

How is the first mission accomplished?  The OPDS products use a patented, hardware design that, based on the laws of physics, won’t allow anything to enter the network. This design is based on the principles of data diodes which only allow data to flow in one direction, so data can be distributed to users outside the plant for things like maintenance monitoring, support, backups and production planning but there is no way for a hacker to enter the plant through the OPDS product.

And the second mission? Using our proprietary DualDiode Technology, all of the OPDS products are able to transfer data out of the facility.  This includes files, alarms, logs, events, streaming video, database data, and historian information, all from a number of sources including both proprietary (i.e. GE, OSIsoft, Rockwell Automation, Schneider Electric) and standards based (SQL, OPC, MODBUS) sources.  This data can be single events, small files, extremely large files, streams of packets, a directory of files, the replication of a whole directory structure, a subset of a database or the replication of a whole database/historian.

Owl offers a range of products that support speeds from 10Mbps to 10Gbps, different form factors (card sets, 1U rackmount enclosures and DIN Rail models), along with a library of different software interfaces that support various interfaces.  Please see below for information of the different solutions we offer.


 

Owl Perimeter Defense Solution - 5D (OPDS-5D)

Overview:

The OPDS-5D was developed as an entry level data diode solution to address cybersecurity use cases with lower, fixed bandwidth requirements of 5 Mbps or less. Like all other Owl data diode products, the OPDS-5D provides deterministic, one-way transfer and effective network segmentation. The OPDS-5D features the same compact DIN Rail form factor as the higher bandwidth OPDS-100D, designed specifically for a range of industrial and commercial applications, from climate controlled IT centers to indoor/outdoor environments with extreme temperatures (-40oF to +140oF), dust or smoke. The fan less, sealed enclosure helps preserve an industry-leading MTBF of 12 years, far longer than any server based solution or normal IT refresh rates.

The OPDS-5D supports a wide range of data formats and transport layer protocols including: email (SMTP), FTP/SFTP, TCP and UDP (multicast, unicast, broadcast). The OPDS-5D also supports optional Owl software applications (connectors) for standards-based interfaces (Modbus, OPC, SNMP, etc.), connectors for industry-leading historians (OSIsoft, Wonderware, etc.) and support for industrial control vendor software (GE, Mitsubishi, Electric, Rockwell Automation, Schneider Electric, etc.).


 

Owl Perimeter Defense Solution - 100D (OPDS-100D)

Purpose:

Optimized for demanding industrial control applications, the OPDS-100D is a cybersecurity appliance that delivers the same deterministic one-way transfer capabilities as other OPDS products.  Designed specifically for industrial control deployments, the compact OPDS-100D DIN Rail form factor, is DIN rail mountable and ready for deployments in plants and other industrial facilities. It supports a wide range of data formats and transport layer protocols including: email (SMTP), FTP/SFTP, TCP and UDP (multicast, unicast, broadcast).  The OPDS-100D also supports optional Owl software interfaces (connectors) that enable integration to a broad range of applications including Modbus, OPC DA and OPC A&E and connectors for industry leading historians (OSIsoft, Rockwell Automation, Schneider Electric)

Function:

The OPDS-100D’s performance is scalable.  Customers can select from 10Mbps, 26Mbps, 52Mbps, and 104Mbps transfer rates.  And as a customer’s bandwidth requirements increase they can easily upgrade performance by purchasing and installing a new rate key license. Operational in harsh, industrial control environments, the OPDS-100D operates in an extended temperature range (-40°C to +60°C) and exceeds IEC 60255-21 standards for Shock and Vibration. The OPDS-100D, cybersecurity for the convergence of OT and IT networks.


 

Owl Perimeter Defense Solution - 100 (OPDS-100)

Purpose:

Owl’s standard, all in one, 1U rack-mountable DualDiode® cybersecurity platform. Offering the same network security capabilities as other Owl Perimeter Defense Solutions, it is designed to address applications requiring low to moderate data throughput. Integrated, EAL certified Owl DualDiode® communication cards form a deterministic one-way link with an absolute protocol break, ensuring the highest level of security available.

Function:

As with other Owl Perimeter Defense Solutions, it supports a broad range of capabilities: File transfer via Owl’s Remote File Transfer Service (RFTS), FTP, and SFTP; SMTP email transfer; TCP/IP packet transfer; and UDP datagram transfer. The OPDS-100 supports Owl’s variable bandwidth licensing mechanism, allowing users to upgrade the DualDiode® link rate from a base of 10 Mbps up to 26, 54, or 104 Mbps. As a customer’s bandwidth requirements increase, they can easily upgrade performance by purchasing and installing a new rate key license.


 

Owl Perimeter Defense Solution - 1000 (OPDS-1000)

Purpose:

A highly integrated, all in one, 1U rack-mountable cybersecurity platform. It supports the secure one-way data transfer of multiple data types & formats concurrently.  Optimized for more demanding industrial control applications, it supports link rates of 104Mbps, 155Mbps, 310Mbps 630Mbps and 1Gbps.  The integrated Owl DualDiode® EAL certified communication cards form a deterministic one way link with an absolute protocol break, ensuring the highest level of security available.

Function:

Supporting a broad range of applications (sensor data, data points from real-time database historians, etc.) it protects critical infrastructure from escalating external threats while enabling the transfer of business critical data from the industrial control network to the business network.


 

Enterprise Perimeter Defense Solution (EPDS)

* Owl Uses a Pair (2) of Dell PowerEdge Servers

Purpose:

The EPDS maintains process control network isolation while enabling critical information sharing with networks outside the electronic security perimeter.  As compared to the OPDS all-in-one solution, the EPDS integrates Owl DualDiode®Send-only and Receive-only communication cards into two commercial enterprise servers, providing the opportunity to utilize redundant power supplies and hard drives, and other commercially available redundancy options.  Owl also provides a hardened Linux operating system to ensure self-protection of the servers.

Function:

Operating on a pair of servers, EPDS simultaneously supports FTP and SFTP file transfer, SMTP email transfer, TCP/IP packet transfer and UDP datagram transfer (including streaming video & sensor). Highly scalable, the EPDS supports link speeds of 155Mbps, 1.25/2.5Gbps, and 10Gbps.


 

Miniaturized Perimeter Defense Solution (MPDS-RS232)

Purpose:

One of our miniaturized product offerings, enables secure one way communications between two computer platforms by utilizing Owl’s patented DualDiode Technology® in a simple to install module. The module securely isolates all RS-232 data and control signals with hardware enforced one way transfer circuit. From low-to-high, the one-way security policy absolutely assures the confidentiality of the destination high security domain. From high-to-low, the one-way only hardware design prevents penetration of the source high-security domain, assuring that data transfer can only be initiated from the high side.

Function:

The low power consumption MPDS-RS232 is available today with channel capacity of 9600 baud. It is easy to install and does not require any Owl source or destination applications, or device drivers, to transmit and receive data.


 

Secure Software Update Solution (SSUS)

Purpose:

Owl’s Secure Software Update Solution (SSUS) is designed to address the need to securely transfer software updates and other files into the control network.  SSUS provides a mechanism that takes previously vetted files and subjects them to a comprehensive set of security scans. Once approved, SSUS uses Owl’s DualDiode Technology to transfer the file(s) across the security boundary of the OT network and into the plant. SSUS eliminates the security risk resulting from “Walk-Netting” a file across the security boundary using portable media devices like flash drives.

Function:

Configured by a system administrator, the scanning aspect of SSUS supports a number of checks including: file extension check, ASCII scan check, malware scanning and validating the file against a manifest (or list) consisting of pre-configured hash numbers.  Files that pass the security scan are then transferred across the DualDiode while files that fail the scan are quarantined and are not transferred into the control network.  SSUS supports the ability to select and scan a single file or an entire directory of files. All transactions are logged in an Audit Table which is exportable to Microsoft Excel and other reporting software packages.