Owl Cyber Defense
Data Diode Specialist
banner-cyber-lock.jpg

Network Security Solutions

Data Network

& Digital Asset Protection

 
 
 
Critical Infrastructure Brochure →

Critical Infrastructure Brochure →

OPDS Product Selection Guide →

OPDS Product Selection Guide →

The Owl Perimeter Defense Solution (OPDS) product line is designed to support the Critical Infrastructure markets.  These cybersecurity products are oriented around protecting the data networks and digital assets (SCADA, PLCs, DCS, databases, historians, etc.) located at various critical infrastructure facilities including plants, mines, power plants, banks, substations, credit unions, pump stations, oil rigs, etc.

The concept is to protect the control systems within the facility by creating a secure cyber perimeter around the plant so that plant operations are not interrupted, sabotaged or otherwise impacted by some kind of cyberattack. The concern is not only for threats against single facilities (i.e. a nuclear power plants, refineries) but also a coordinated, simultaneous attack that shuts down multiple power substations, freshwater delivery systems or bank branches for example; leading to significant stress, disorder, and in the minds of the attackers, chaos.

The OPDS products perform two missions:

       1. Absolutely prevent any network based cyberattack from infiltrating a facility

       2. Allow critical operational information/data to be transferred out of the plant

How is the first mission accomplished?  The OPDS products use a patented, hardware design that, based on the laws of physics, won’t allow anything to enter the network. This design is based on the principles of data diodes which only allow data to flow in one direction, so data can be distributed to users outside the plant for things like maintenance monitoring, support, backups and production planning but there is no way for a hacker to enter the plant through the OPDS product.

And the second mission? Using our proprietary DualDiode Technology, all of the OPDS products are able to transfer data out of the facility.  This includes files, alarms, logs, events, streaming video, database data, and historian information, all from a number of sources including both proprietary (i.e. GE, OSIsoft, Rockwell Automation, Schneider Electric) and standards based (SQL, OPC, MODBUS) sources.  This data can be single events, small files, extremely large files, streams of packets, a directory of files, the replication of a whole directory structure, a subset of a database or the replication of a whole database/historian.

Owl offers a range of products that support speeds from 10Mbps to 10Gbps, different form factors (card sets, 1U rackmount enclosures and DIN Rail models), along with a library of different software interfaces that support various interfaces.  Please see below for information of the different solutions we offer.


 

Owl Perimeter Defense Solution - 5D (OPDS-5D)

Overview:

The OPDS-5D was developed as an entry level data diode solution to address cybersecurity use cases with lower, fixed bandwidth requirements of 5 Mbps or less. Like all other Owl data diode products, the OPDS-5D provides deterministic, one-way transfer and effective network segmentation. The OPDS-5D features the same compact DIN Rail form factor as the higher bandwidth OPDS-100D, designed specifically for a range of industrial and commercial applications, from climate controlled IT centers to indoor/outdoor environments with extreme temperatures (-40oF to +140oF), dust or smoke. The fan less, sealed enclosure helps preserve an industry-leading MTBF of 12 years, far longer than any server based solution or normal IT refresh rates.

The OPDS-5D supports a wide range of data formats and transport layer protocols including: email (SMTP), FTP/SFTP, TCP and UDP (multicast, unicast, broadcast). The OPDS-5D also supports optional Owl software applications (connectors) for standards-based interfaces (Modbus, OPC, SNMP, etc.), connectors for industry-leading historians (OSIsoft, Wonderware, etc.) and support for industrial control vendor software (GE, Mitsubishi, Electric, Rockwell Automation, Schneider Electric, etc.).


 

Owl Perimeter Defense Solution - 100D (OPDS-100D)

Purpose:

Optimized for demanding industrial control applications, the OPDS-100D is a cybersecurity appliance that delivers the same deterministic one-way transfer capabilities as other OPDS products.  Designed specifically for industrial control deployments, the compact OPDS-100D DIN Rail form factor, is DIN rail mountable and ready for deployments in plants and other industrial facilities. It supports a wide range of data formats and transport layer protocols including: email (SMTP), FTP/SFTP, TCP and UDP (multicast, unicast, broadcast).  The OPDS-100D also supports optional Owl software interfaces (connectors) that enable integration to a broad range of applications including Modbus, OPC DA and OPC A&E and connectors for industry leading historians (OSIsoft, Rockwell Automation, Schneider Electric)

Function:

The OPDS-100D’s performance is scalable.  Customers can select from 10Mbps, 26Mbps, 52Mbps, and 104Mbps transfer rates.  And as a customer’s bandwidth requirements increase they can easily upgrade performance by purchasing and installing a new rate key license. Operational in harsh, industrial control environments, the OPDS-100D operates in an extended temperature range (-40°C to +60°C) and exceeds IEC 60255-21 standards for Shock and Vibration. The OPDS-100D, cybersecurity for the convergence of OT and IT networks.


 

Owl Perimeter Defense Solution - 100 (OPDS-100)

Purpose:

Owl’s standard, all in one, 1U rack-mountable DualDiode® cybersecurity platform. Offering the same network security capabilities as other Owl Perimeter Defense Solutions, it is designed to address applications requiring low to moderate data throughput. Integrated, EAL certified Owl DualDiode® communication cards form a deterministic one-way link with an absolute protocol break, ensuring the highest level of security available.

Function:

As with other Owl Perimeter Defense Solutions, it supports a broad range of capabilities: File transfer via Owl’s Remote File Transfer Service (RFTS), FTP, and SFTP; SMTP email transfer; TCP/IP packet transfer; and UDP datagram transfer. The OPDS-100 supports Owl’s variable bandwidth licensing mechanism, allowing users to upgrade the DualDiode® link rate from a base of 10 Mbps up to 26, 54, or 104 Mbps. As a customer’s bandwidth requirements increase, they can easily upgrade performance by purchasing and installing a new rate key license.


 

Owl Perimeter Defense Solution - 1000 (OPDS-1000)

Purpose:

A highly integrated, all in one, 1U rack-mountable cybersecurity platform. It supports the secure one-way data transfer of multiple data types & formats concurrently.  Optimized for more demanding industrial control applications, it supports link rates of 104Mbps, 155Mbps, 310Mbps 630Mbps and 1Gbps.  The integrated Owl DualDiode® EAL certified communication cards form a deterministic one way link with an absolute protocol break, ensuring the highest level of security available.

Function:

Supporting a broad range of applications (sensor data, data points from real-time database historians, etc.) it protects critical infrastructure from escalating external threats while enabling the transfer of business critical data from the industrial control network to the business network.


 

Owl Perimeter Defense Solution - Multi-Purpose (OPDS-MP)

Purpose:

The OPDS-MP is Owl’s mid-range 1U rack mountable DualDiode® platform.  Offering industry leading cybersecurity capabilities, the OPDS-MP is designed to segment and protect critical infrastructure systems from outside threat vectors while providing robust data transfer capabilities. Operating at a variety of speeds - 26, 52, 104 or 155Mbps, it supports multiple data types & formats concurrently across a single compact, rack mountable chassis.

Function:

The EAL certified OPDS-MP can be optioned to support 26, 54,104 or 155Mbps transfer rates. As with other products in the OPDS product line,  the OPDS-MP can be configured to simultaneously support a broad range of applications, including:  file transfer via Owl’s Remote File Transfer Service (RFTS), FTP and SFTP transfer, SMTP email transfer; TCP/IP packet transfer; and UDP datagram transfer.  OPDS-MP supports all of the Owl designed software connectors making it an ideal solution for transferring: Syslog and SNMP Trap administrative traffic, Historian Replication (OSI Pi, Rockwell FactoryTalk, GE Proficy® Historian, Scientech R*Time®, etc.)and real time data such as OPC and video.


 

Enterprise Perimeter Defense Solution (EPDS)

*Owl Uses a Pair (2) of Dell PowerEdge Servers

Purpose:

The EPDS maintains process control network isolation while enabling critical information sharing with networks outside the electronic security perimeter.  As compared to the OPDS all-in-one solution, the EPDS integrates Owl DualDiode®Send-only and Receive-only communication cards into two commercial enterprise servers, providing the opportunity to utilize redundant power supplies and hard drives, and other commercially available redundancy options.  Owl also provides a hardened Linux operating system to ensure self-protection of the servers.

Function:

Operating on a pair of servers, EPDS simultaneously supports FTP and SFTP file transfer, SMTP email transfer, TCP/IP packet transfer and UDP datagram transfer (including streaming video & sensor). Highly scalable, the EPDS supports link speeds of 155Mbps, 1.25/2.5Gbps, and 10Gbps.


 

Miniaturized Perimeter Defense Solution (MPDS-RS232)

Purpose:

One of our miniaturized product offerings, enables secure one way communications between two computer platforms by utilizing Owl’s patented DualDiode Technology® in a simple to install module. The module securely isolates all RS-232 data and control signals with hardware enforced one way transfer circuit. From low-to-high, the one-way security policy absolutely assures the confidentiality of the destination high security domain. From high-to-low, the one-way only hardware design prevents penetration of the source high-security domain, assuring that data transfer can only be initiated from the high side.

Function:

The low power consumption MPDS-RS232 is available today with channel capacity of 9600 baud. It is easy to install and does not require any Owl source or destination applications, or device drivers, to transmit and receive data.