Network Security Solutions
The Owl Perimeter Defense Solution (OPDS) product line is designed to support the Critical Infrastructure markets. These cybersecurity products are oriented around protecting the data networks and digital assets (SCADA, PLCs, DCS, databases, historians, etc.) located at various critical infrastructure facilities including plants, mines, power plants, banks, substations, credit unions, pump stations, oil rigs, etc.
The concept is to protect the control systems within the facility by creating a secure cyber perimeter around the plant so that plant operations are not interrupted, sabotaged or otherwise impacted by some kind of cyberattack. The concern is not only for threats against single facilities (i.e. a nuclear power plants, refineries) but also a coordinated, simultaneous attack that shuts down multiple power substations, freshwater delivery systems or bank branches for example; leading to significant stress, disorder, and in the minds of the attackers, chaos.
The OPDS products perform two missions:
Absolutely prevent any network based cyberattack from infiltrating a facility
Allow critical operational information/data to be transferred out of the plant
How is the first mission accomplished? OPDS products use a patented, hardware design that, based on the laws of physics, won’t allow anything to enter the network. This design is based on the principles of data diodes which only allow data to flow in one direction, so data can be distributed to users outside the plant for things like maintenance monitoring, support, backups and production planning but there is no way for a hacker to enter the plant through the OPDS product.
And the second mission? Using Owl's proprietary DualDiode Technology™, all of the OPDS products are able to transfer data out of the facility. This includes files, alarms, logs, events, streaming video, database data, and historian information, all from a number of sources including both proprietary (i.e. GE, OSIsoft, Rockwell Automation, Schneider Electric) and standards based (SQL, OPC, MODBUS) sources. This data can be single events, small files, extremely large files, streams of packets, a directory of files, the replication of a whole directory structure, a subset of a database or the replication of a whole database/historian.
Owl offers a range of products that support speeds from 10 Mbps to 10 Gbps, different form factors (card sets, 1U rackmount enclosures and DIN Rail models), along with a library of different software interfaces that support various interfaces. Please see below for information of the different solutions we offer.
Owl’s DiOTa product is a single-purpose and compact data diode cybersecurity device for hardware-enforced one-way transfer. Designed specifically to secure the edge of networks and digital assets in the IIoT, IoT, and Operational Technology.
DiOTa possess the same security advantages that come with all of Owl’s hardware-based cybersecurity products and is razor focused to only perform the critical functions needed to support one data flow or protocol at a time. Its economical price and robust design make it a smart and affordable solution for multiple deployments and securing IIoT environments. The device has built-in support for both file transfer and packet streaming such as TCP, UDP (multicast and unicast), Syslog, and SNMP traps.
Owl Perimeter Defense Solution - 5D (OPDS-5D)
The OPDS-5D was developed as an entry level data diode solution to address cybersecurity use cases with lower, fixed bandwidth requirements of 5 Mbps or less. Like all other Owl data diode products, the OPDS-5D provides deterministic, one-way transfer and effective network segmentation. The OPDS-5D features the same compact DIN Rail form factor as the higher bandwidth OPDS-100D, designed specifically for a range of industrial and commercial applications, from climate controlled IT centers to indoor/outdoor environments with extreme temperatures (-40°F to +140°F), dust or smoke. The fan less, sealed enclosure helps preserve an industry-leading MTBF of 12 years, far longer than any server based solution or normal IT refresh rates.
The OPDS-5D supports a wide range of data formats and transport layer protocols including: email (SMTP), FTP/SFTP, TCP and UDP (multicast, unicast, broadcast). The OPDS-5D also supports optional Owl software applications (connectors) for standards-based interfaces (Modbus, OPC, SNMP, etc.), and industrial control vendor software (GE, Mitsubishi, Electric, Rockwell Automation, Schneider Electric, etc.).
Owl Perimeter Defense Solution - 100D (OPDS-100D)
Optimized for demanding industrial control applications, the OPDS-100D is a cybersecurity appliance that delivers the same deterministic one-way transfer capabilities as other OPDS products. Designed specifically for industrial control deployments, the compact OPDS-100D form factor is DIN rail mountable and ready for deployments in plants and other industrial facilities. It supports a wide range of data formats and transport layer protocols including: email (SMTP), FTP/SFTP, TCP and UDP (multicast, unicast, broadcast). The OPDS-100D also supports optional Owl software interfaces (connectors) that enable integration to a broad range of applications including Modbus, OPC DA and OPC A&E.
The OPDS-100D’s performance is scalable. Customers can select from 10 Mbps, 26 Mbps, 52 Mbps, and 104 Mbps transfer rates. And as a customer’s bandwidth requirements increase they can easily upgrade performance by purchasing and installing a new rate key license. Operational in harsh, industrial control environments, the OPDS-100D operates in an extended temperature range (-40°C to +60°C) and exceeds IEC 60255-21 standards for Shock and Vibration. The OPDS-100D, cybersecurity for the convergence of OT and IT networks.
Owl Perimeter Defense Solution - 100 (OPDS-100)
Owl’s standard, all in one, 1U rack-mountable DualDiode cybersecurity platform. Offering the same network security capabilities as other Owl Perimeter Defense Solutions, it is designed to address applications requiring low to moderate data throughput. Integrated, EAL certified Owl DualDiode communication cards form a deterministic one-way link with an absolute protocol break, ensuring the highest level of security available.
As with other Owl Perimeter Defense Solutions, it supports a broad range of capabilities: File transfer via Owl’s Remote File Transfer Service (RFTS), FTP, and SFTP; SMTP email transfer; TCP/IP packet transfer; and UDP datagram transfer. The OPDS-100 supports Owl’s variable bandwidth licensing mechanism, allowing users to upgrade the DualDiode link rate from a base of 10 Mbps up to 26, 54, or 104 Mbps. As a customer’s bandwidth requirements increase, they can easily upgrade performance by purchasing and installing a new rate key license.
Owl Perimeter Defense Solution - 1000 (OPDS-1000)
A highly integrated, all in one, 1U rack-mountable cybersecurity platform. It supports the secure one-way data transfer of multiple data types & formats concurrently. Optimized for more demanding industrial control applications, it supports link rates of 104 Mbps, 155 Mbps, 310 Mbps, 630 Mbps, or 1 Gbps. The integrated, EAL certified Owl DualDiode communication cards form a deterministic one way link with an absolute protocol break, ensuring the highest level of security available.
Supporting a broad range of applications (sensor data, data points from real-time database historians, etc.) it protects critical infrastructure from escalating external threats while enabling the transfer of business critical data from the industrial control network to the business network.
Owl Perimeter Defense Solution - Multi-Purpose (OPDS-MP)
Those tasked with operating and protecting control networks have two challenges: Make operational data available to end users and Prevent cyber attacks against the network operational information is continuously being generated by digital control systems within plants and historians provide an optimal, centralized location to store a whole range of data. From operating parameters and production values to alarms and environmental conditions, practically anything happening in the plant can be recorded. To be truly useful this data must be shared with end-users inside and outside of the plant without jeopardizing the security of the network. A number of rigorous security standards from federal standards bodies like NERC, NIST and the NRC have been put in place for this purpose. The Owl Perimeter Defense Solution - Multi-Purpose (OPDS-MP) brings these together, supporting both the security standards and the historian interfaces so that networks remain protected while delivering data to those that need it.
The OPDS-MP is one of Owl’s patented one-way only data transfer solutions, supporting multiple data types & formats concurrently across a single compact, rack-mountable chassis. The OPDS-MP was developed to interface with different Historians, using vendor specific interfaces (i.e., OSIsoft PI System, Wonderware, Rockwell Automation Factorytalk®) and standards-based interfaces like OPC and MODBUS. It offers a full suite of file transfer options -- from batch formats through secure, encrypted TCP/IP.
Enterprise Perimeter Defense Solution (EPDS)
* Owl Uses a Pair (2) of Dell PowerEdge Servers
The EPDS maintains process control network isolation while enabling critical information sharing with networks outside the electronic security perimeter. As compared to the OPDS all-in-one solution, the EPDS integrates Owl DualDiode Send-only and Receive-only communication cards into two commercial enterprise servers, providing the opportunity to utilize redundant power supplies and hard drives, and other commercially available redundancy options. Owl also provides a hardened Linux operating system to ensure self-protection of the servers.
Operating on a pair of servers, EPDS simultaneously supports FTP and SFTP file transfer, SMTP email transfer, TCP/IP packet transfer and UDP datagram transfer (including streaming video & sensor). Highly scalable, the EPDS supports link speeds of 155 Mbps, 1.25/2.5 Gbps, and 10 Gbps.
Miniaturized Perimeter Defense Solution (MPDS-RS232)
One of our miniaturized product offerings, enables secure one way communications between two computer platforms by utilizing Owl’s patented DualDiode Technology™ in a simple to install module. The module securely isolates all RS-232 data and control signals with hardware enforced one way transfer circuit. From low-to-high, the one-way security policy absolutely assures the confidentiality of the destination high security domain. From high-to-low, the one-way only hardware design prevents penetration of the source high-security domain, assuring that data transfer can only be initiated from the high side.
The low power consumption MPDS-RS232 is available today with channel capacity of 9600 baud. It is easy to install and does not require any Owl source or destination applications, or device drivers, to transmit and receive data.
Digital transformation creates both opportunity and risk for today’s data-driven organizations. They are challenged with navigating the convergence of OT and IT systems, the emergence of the IoT and IIoT, and limiting or reducing the attack surfaces of their networks. As the evolution of this digital transformation unfolds and more networks and devices are connected, security concerns will only continue to grow. To address this pressing need for security, hardware-enforced data diodes have been proven time and again to protect the OT.
The ReCon solution was designed to combine the same proven security benefits of a hardware-enforced data diode cybersecurity solution with the ability to provide secure round trip, bidirectional communication. ReCon enables organizations to maintain secure two-way connections between networks, while reducing their attack surface with much higher security assurance than traditional firewalls.
ReCon is a hardware-based cybersecurity solution utilizing two independent one-way paths. Housed within one, 1U standard rack-mountable enclosures, each one-way path within ReCon is completely independent from the other, and utilizes its own data diode, built on Owl’s proprietary technology. The two data diodes each enable only one direction (send or receive) of the data transfer, together creating a complete bidirectional pathway.
By fully supporting process control protocols such as DNP3, ReCon1U enables secure absolute network segmentation, remote command and control, remote monitoring and SCADA data replication, via TCP/IP with significantly less risk than a standard software firewall.
Secure Software Update Solution (SSUS)
Owl’s Secure Software Update Solution (SSUS) is designed to address the need to securely transfer software updates and other files into the control network. SSUS provides a mechanism that takes previously vetted files and subjects them to a comprehensive set of security scans. Once approved, SSUS uses Owl’s DualDiode Technology to transfer the file(s) across the security boundary of the OT network and into the plant. SSUS eliminates the security risk resulting from “Walk-Netting” a file across the security boundary using portable media devices like flash drives.
Configured by a system administrator, the scanning aspect of SSUS supports a number of checks including: file extension check, ASCII scan check, malware scanning and validating the file against a manifest (or list) consisting of pre-configured hash numbers. Files that pass the security scan are then transferred across the DualDiode while files that fail the scan are quarantined and are not transferred into the control network. SSUS supports the ability to select and scan a single file or an entire directory of files. All transactions are logged in an Audit Table which is exportable to Microsoft Excel and other reporting software packages.