Take Industrial Cybersecurity to the Next Level
Just like defense and intelligence organizations, critical infrastructure operations must transfer highly sensitive data between networks and systems at different security levels. Using technology equivalent to that used in military and intelligence applications provides a comprehensive approach to defending against known and unknown threats at the boundaries of sensitive networks. IXD, a cross domain solution developed specifically for critical infrastructure, takes industrial cybersecurity to the next level, supporting simultaneous one-way and bidirectional communications, while controlling, restricting, and/or filtering data transfers both to and from trusted and untrusted domains– all in a 1U, rack-mountable device.
Industrial Cross Domain Solution
Cross domain solutions (CDS), traditionally only sold and used by the U.S. Government, are truly in a class of their own regarding their sophistication and level of security. One could approximate a CDS as a fusion of the content-filtering in software guards, the data flow restriction in next-generation firewalls, and the hardware-enforced separation in data diodes, in one hardened solution. CDSs are designed to control, restrict, and/or filter the flow of information both to and from trusted and untrusted domains. IXD brings cross domain security to critical infrastructure organizations who need to secure multiple one-way and bidirectional communications simultaneously, as well as create policies to control what can be passed through the device.
Control What Data Can Be Passed Through
IXD is a high availability, integrated hardware and software solution that supports simultaneous one-way and bidirectional data transfers, as well as multiple protocol adapters, on single appliance, ensuring fast, effective, and secure data transfers between systems of differing security levels. As a high availability solution, IXD eliminates single points of failure with redundancy and failover capabilities. To address threat vectors inside the data, IXD examines and filters data to only allow specific, defined data types to pass through the device to prevent all unwanted or unknown data types from compromising secure networks.
Support for One-Way & Bidirectional Use Cases
In their efforts to improve their NERC CIP security posture, an energy provider needed to securely transfer files (SFTP) and OSIsoft PI System data, one-way, from eight production high availability clusters to two geographically separated data centers. In addition, they needed to secure several bidirectional database and HTTPS communications that could not be converted to one-way. Their previous approach, firewalls, did not provide hardware-enforced separation, exposing the network to unwanted threats. Threats inside the data were also a major concern. IXD enabled the energy provider to securely transfer multiple protocols and data types simultaneously on a single, 1U appliance in a high availability architecture.
- Oracle TNS
- File Transfer
- Database Synchronization
(may require additional customization)
- High Availability
Additional Protocol Adapters
- OSIsoft PI System
- Linux API
- PI Web API
- Asset Framework
CHASSIS SIZE & WEIGHT
18.875” x 26” x 1.75”
47.9cm x 66cm x 4.45cm
132W @ idle, 220W maximum
120 VAC @60Hz, 115 VAC @400Hz, 48 VDC
750 BTU MAX and 450 BTU typical
10/100/1000 Ethernet (data transfer), Separate Ethernet management, ST Fiber (1 transmit, 1 receive), DataKey (active on boot only), USB 2.0 (keyboard), VGA (video), Tubular pin lock (key load lock)
-10° C to 50° C
14° F to 122° F
-40° C to 70° C
-40° F to 158° F
4,600m (15,000 ft)
Maximum 90% non-condensing relative humidity
Mid capacity – maximum of 1G
High capacity – maximum of 10G