Owl PaciT is a two-server, enterprise solution, using a dedicated send-only server and a dedicated destination-only server for raw Ethernet packet transfer at full line rate. The servers are connected by Owl’s proprietary data diode hardware to create a deterministic one-way only data transfer path.
Analyze Network Traffic in Real-Time
In critical infrastructure plant operations, the collection of network data usually requires secure transfer to an analysis center for review and long-term storage.
In these cases, a reliable and accredited cybersecurity solution must be utilized to ensure a secure one-way data transfer across network boundaries.
Owl PaciT is a two-server, enterprise solution, using a dedicated send-only server and a dedicated destination-only server. The servers are connected by Owl’s proprietary data diode hardware to create a deterministic one-way only data transfer path.
A nuclear power generation company needed to perform real-time analysis on all OT network traffic on an isolated forensic network. Given the regulatory requirements and associated network isolation restrictions, a secure one-way solution was required to provide compliance, as well as access to critical network traffic.
Owl PaciT enabled secure one-way transfer of 100% of network traffic, at line rate, across the security boundary to an isolated network for analysis. Using Owl’s deterministic one-way only data transfer pathway, Owl PaciT would meet all compliance requirements for transfer of network traffic across the security boundary.
Operating System and System Administration
The security imposed by Owl PaciT is only as rigorous as the environment in which the solution operates, and the controls placed on those administrators given privileged access to the solution’s operation. The architecture of Owl PaciT enables secure defense-in-depth, and provides the customer a component of an overall IT/OT defense-in-depth strategy.
Owl PaciT performs its functions in a hardened Linux OS — Owl Security Enhanced Linux (OSEL). The OSEL profile applies explicit constraints and limits on what tasks the operating system can perform, and on what functions software applications (including Owl proxy applications) can deliver. Activities in violation of these constraints/limits are prohibited. Applications attempting to act outside defined, specific, functions are disabled. Network security is maintained. Access levels to Owl PaciT administration are explicitly defined, as well. Owl and the customer operator define privileged administrator profiles and their levels (or roles) of permitted functional activity. Owl PaciT enforces user-case defined Owl Role-based Access Controls (RBAC).
OWL DATA DIODE TECHNOLOGY
Server-mounted custom-designed communication cards – one source-only, one destination-only
OWL V7 COMMUNICATION CARDS
Owl Version 7 Communication Card hardware and drivers enable one-way-only data transfer
OWL COMMUNICATION CARD SOFTWARE
Secure Transfer System source/destination drivers & source/destination install software
High-end COTS servers