OSIsoft & Owl
For over 9 years, Owl has partnered with OSIsoft® to protect and replicate PI System historians, with hundreds of implementations around the world, spanning a number of industries. This proven solution, used in conjunction with OSIsoft operational intelligence technology, allows users to meet stricter security requirements for their business practices, through hardware-enforced network segmentation and one-way, deterministic data transfer.
As an OSIsoft technology partner, Owl data diode cybersecurity solutions are available with validated interface software designed specifically to replicate OSIsoft PI System historian databases and transfer them one-way, across network boundaries.
This document outlines 8 use cases for the implementation of Owl data diode cybersecurity to defend a variety of industrial and critical infrastructure systems which feature the use of OSIsoft® technology – the global leader in enabling operational intelligence.
These cases also include examples of Owl data diodes interoperating with a wide array of other leading operational technologies, including, but not limited to: Rockwell Automation FactoryTalk, Modbus, OPC, and existing software firewalls.
We hope these use cases provide a good introduction into the capabilities of Owl data diodes and how they can be used in conjunction with OSIsoft historians to help achieve both strong cybersecurity and robust operational intelligence within industrial and critical infrastructure organizations.
Key Benefits of the Owl & OSIsoft Solution:
Replicate OSIsoft PI System historians one-way, across network boundaries
- Includes PI database records, snapshot data, historical archive data and schema definition
- Automatic historic backfill
- Fully supports Add/Modify/Delete of points across the diode to the replicated historian
Mitigate all external network threats to operational systems with a segmented network architecture
- Historian stays protected inside OT network security boundary
Retain business continuity with external data access and remote monitoring without remote access
- Protected PI historian data is shared outside the protected perimeter with business operations
Easily scale up for increased transfer bandwidth requirements or additional data types
- A single Owl platform can replicate a PI historian and other data (SNMP, files, streaming, etc.) simultaneously
Prevent malware proliferation from infected networks
- Even if a plant network is infected, historian data can still be securely and safely transferred due to Owl’s unique “payload-only” transfer technique and filter for “rogue“ or injected packets
Simplify compliance with industry regulations, including NERC CIP or NRC guidelines
- Historian data is quickly, easily and reliably transferred to external entities for reporting
Minimal to no modifications to existing systems required
- The historian database can be rebuilt from scratch, no need to shut down the database and manually synchronize the source with the replicated historian
Failover, redundancy, load-balancing, and bi-directional capabilities
- Redundant historians are supported using the OSIsoft High Availability (HA) solution
- Multi-historian redundancy is supported using the OSIsoft Collective configuration
- Hardware redundancy can be achieved using Owl’s high availability data diode solution
Use Cases:
- Global Oil & Gas Company Enables Secure, One-Way Production Data Transfer to HQ
- Natural Gas Company Enables Secure Transfer of Production Data to HQ for Remote Monitoring
- Petrochemical Company Enables Secure, One-Way Production Data Flow to Business IT
- Rare Earth Mining Company Secures Operational Network from Advanced Persistent Threats
- Nuclear Power Facility Meets US Nuclear Regulatory Commission Cybersecurity Regulations
- Coal Power Facility Meets NERC CIP Version 5 Cybersecurity Regulations
- Public Power Authority Meets NRC, NERC CIP Cybersecurity Regulations Across 10 Plants
- Power Transmission and Distribution Substations Meet NERC CIP Version 5 Cybersecurity Regulations