Last week, data diode-based cybersecurity supplier Owl Cyber Defense released its Owl ReCon solution. ReCon is different from Owl’s other data diode offerings in that it provides highly-secure bidirectional communications for remote monitoring, operations, and control. This secure bidirectional data transfer is a key part of the recent DHS guidance that specifies “one way into” and “one way out of” secure networks, as well as securing and highly restricting any remaining two-way communications.
Data Diodes for Bidirectional Communication
Building on an already comprehensive set of data diode solutions for a wide range of applications, including industrial and critical infrastructure, ReCon is a hardware-based cybersecurity solution utilizing two independent one-way paths. Housed within two 1U standard rack-mountable enclosures, each one-way path within ReCon is completely independent from the other, and utilizes its own data diode, built on Owl’s proprietary DualDiode Technology. The two data diodes each enable only one direction (send or receive) of the data transfer, together creating a complete bidirectional pathway.
ReCon can be used for secure remote command and control, remote monitoring, or SCADA replication, via TCP/IP or DNP3, with significantly less risk than a standard firewall. ReCon incorporates Owl’s proprietary “protocol break” technology to ensure that no routable IP information is passed between the source and destination network. The solution enables customers to reduce their attack surface area while providing higher security than traditional software-based firewalls.
Secure Remote Access Solutions Require Secure Communications Paths
The need for secure communications is increasing with the growth in the Industrial Internet of Things and the increasing connectedness of applications, computing and control platforms, and sensors/actuators in both the industrial, power generation and distribution, and critical infrastructure/smart cities space. The convergence of information technology and operational technology (IT/OT) domains is also highlighting the need for secure communications at the sensor and control layer.
The need for secure remote access to control systems and sensors is a primary driver behind this need for more secure communications. In the early days, most of this remote access was limited to performance management and monitoring of control systems and assets by suppliers. While demand for remote asset monitoring continues to increase, end users also increasingly looking for secure solutions that can do remote operations and even remote control, which requires an even higher level of security.
Data diodes are a key element of a good overall secure remote access strategy because they ensure one-way communication into and out of the OT environment and can be preferable to traditional software-based firewalls. As part of a defense-in-depth strategy, Owl has plans to layer in other key aspects of secure remote access to ReCon, such as authentication, role-based access capabilities, auditing, and recording.