How can we harden networks without hardware?

How can we harden networks without hardware?


Hoping to head off cyber threats that aren’t constrained by geographical or national boundaries, President Biden issued a statement urging the continued hardening of domestic cybersecurity and national resilience – with an emphasis on “deter” and “defend”.

“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely.”

With persistent threats at every door, the administration continues to encourage adoption of better cybersecurity, proclaiming that “critical infrastructure owners and operators must accelerate efforts to lock their digital doors.” A document, written by the DHS, FBI and NSA, U.S. DHS – Seven Steps to Effectively Defend Industrial Control Systems offers seven strategies to counter common exploitable weaknesses. It outlines definitive strategies, including ones that incorporate hardware to harden networks, to achieve better security for critical infrastructure.

Most cybersecurity products and services offered today focus on using software configurations and rules (i.e., firewalls) to slow attackers down or identify breaches in progress and aid in recovering from them.

Why not stop attackers ahead of the breach instead of just slowing them down? The U.S. Government guidance for the DOD, Intelligence Community, and Critical Infrastructure is clear:

  • Harden your networks
  • Prevent attacks using hardware
  • Firewalls offer little more than a speed bump to Nation-state attackers

Cross domain solutions, a class of cybersecurity solutions used extensively across the U.S. DOD and Intelligence Community and now being adopted by critical infrastructure operators, are required to include embedded hardware-enforced defensive measures. It is apparent that with breaches occurring continuously, software-only solutions cannot defend networks and that more rigorous defenses are needed.

The most secure networks are those that use hardware-enforced cybersecurity. This is illustrated in the requirement of the use of cross domain solutions for U.S. Federal programs and the adoption of another hardware-enforced defense called data diodes that have been in use by forward-thinking critical infrastructure operators for the last decade.

Cross domain solutions and data diodes use a form of hardware technology far less well-known than firewalls but far more secure, forming a defensive barrier that cannot be crossed and used as an attack vector into a network. This barrier allows data to flow out of a secure environment (like a flashlight sending light through a pane of glass) without providing any kind of way for an outsider to gain entry through the glass wall. In fact, this type of defense is so secure that in 20-plus years of deploying thousands of solutions, Owl cross domain solutions and data diodes have NEVER been breached.

The bottom line is that more widespread adoption of hardware defenses is what will truly allow operators to harden networks and prevent attacks, rather than scrambling to recover.

Insights to your Inbox

Stay informed with the latest cybersecurity news and resources.

Defending Against the Unknown: Hardware-Enforced Security and Zero-Day Vulnerabilities

Until something even worse comes along, the Log4j remote code execution vulnerability will be the biggest story (and biggest headache) in cybersecurity. But even as security teams around ...
January 6, 2022

After Two Years, DoDIIS Returns to an Environment of Changing Priorities

The Department of Defense Intelligence Information Systems (DoDIIS) conference took place in mid-December in Phoenix, AZ. It was great to reconvene with many colleagues we hadn’t seen i...
December 22, 2021

Owl’s Hardware-Enforced Security Provides Reliable Protection Against Log4j Vulnerabilities

Like thousands of other organizations, Owl Cyber Defense began reviewing the potential impact of the Log4j remote code execution vulnerability as soon as the vulnerability was announced. ...
December 17, 2021