ReCon: A New Chapter | Embrace the Value of Secure Two-way Communication

ReCon: A New Chapter | Embrace the Value of Secure Two-way Communication


I recently attended the DistribuTECH and OSIsoft PI World, as an exhibitor and a speaker, and I had a number of great conversations with attendees about cybersecurity in the industrial, commercial, and critical infrastructure verticals. These conversations ranged from the theoretical down to the specific technologies, such as Owl data diode solutions, and hit upon the varied requirements and challenges these particular industries face every day.

I have often found it helpful to refer people to the Department of Homeland Security’s (DHS) recommendations for securing industrial control systems. The recommendations are outlined in a fantastic and highly informative white paper titled “Seven Strategies to Defend Industrial Control Systems”. (If you haven’t read it yet, I definitely recommend taking the time to get familiar the DHS recommendations.)

The basic concept of the DHS strategies can be summarized as:

  • If any external connections are for monitoring purposes only, convert them to one-way out
  • If data transfers into the OT network are required (software updates, patches, etc.), convert as many as possible to one-way in
  • And lock down any remaining two-way connections with a single open port over a restricted network path

In general, these folks understand and to a certain degree have embraced to value of employing data diodes as a secure way to move data one-way, typically from the ICS/OT network to their IT/business network, or moving software updates one-way into a secured network. However, until now, there has been no practical way to leverage the benefits of hardware-based data diode security for communications that have to be two-way. So as the conversation progresses, people inevitably come out with some version of:

“I understand the value of using data diodes to move data one-way, but I have this one application that just cannot be one-way. How can you address that two-way requirement with data diodes?”

These two-way data streams frequently involve scenarios where the customer needs the ability to conduct remote command and control, remote monitoring, remote help desk, or even SCADA system replication. Think of an employee charged with monitoring a remote asset like a dam, substation, or a pump station. On a Saturday afternoon they receive an alarm on their mobile phone saying that a PLC setting requires attention. In the real world, remediating the alarm condition may involve a 50-mile drive to a remote asset, on a weekend, for a 5-minute PLC setting change. To make matters worse, the remote asset could be unmanned, and security also needs to be brought in to allow the employee onsite access.

Recently we’ve opened a new chapter in Owl’s network security solutions. After gathering feedback from conversations such as those at our recent trade shows and from our many diverse customers, we’ve taken the requests and requirements from the field and used them to develop a brand new product – ReCon.

ReCon was designed to address the two-way communication capability gap, combining the same proven security benefits of a hardware-based cybersecurity solution with the ability to provide secure round trip, bidirectional communication. It utilizes two independent one-way paths, each completely independent from the other and using its own hardware-enforced data diode, built on Owl’s proven DualDiode Technology. The two data diodes each enable only one direction (send or receive) of data transfer, together creating a complete bidirectional pathway with a much higher security profile than software-based tools, such as firewalls.

For more information on ReCon, check out the data sheet or contact your Owl Account Executive, and check out the Solutions page of our website for more info on Owl’s other award-winning cybersecurity solutions.

Time Bomb
Charlie Schick Healthcare Consultant

VxWorks URGENT/11 – When Your Reliable System is Actually a Time Bomb

What You Need to Know Eleven critical vulnerabilities were found in a leading real-time operating system (RTOS) used in many industries, by leading vendors - VxWorks. The nature and scal...
April 29, 2020
Sharada Prahladrao ARC Advisory Group

ARC Advisory Group – Owl Cyber Defense Workshop on Sustainable OT Cybersecurity Strategy

Cybersecurity is now at the forefront of all deliberations in a digitally connected world.  Once again an entire day at the ARC Industry Forum in Orlando featured cybersecurity worksho...
April 16, 2020
Safe Social Distancing
Aileen Casmano Marketing Communications Manager

Staying Cyber-Aware While Social Distancing

Due to the COVID-19 (AKA "Coronavirus") pandemic, many organizations are implementing telework or work-from-home policies to maintain business continuity while “flattening the curve” ...
March 18, 2020