Rare Earth Mining Company Secures Operational Network from Advanced Persistent Threats

Rare Earth Mining Company Secures Operational Network from Advanced Persistent Threats

Company Overview

Rare earth and rare metal mining and manufacturing company with facilities across 10 countries.

Case Summary:

Industry: Rare Earth Mining

Challenge: Repeated breach attempts by APT caused company to disconnect OT networks from any outside network connection.

Solution: OPDS data diodes deployed along with OPTS PI System replication application.

Benefits: Deterministic, one-way data flow secured OT network from outside influence or attack and enabled PI System replication to corporate end users.

Cybersecurity Challenge

The company suffered repeated attacks from advanced persistent threats (APT). In response, the company disconnected their operational technology (OT) network from all outside networks. While this prevented attack, it led to lack of visibility and business continuity with their operations facilities.


  • Store all operational data generated by Rockwell PLCs in OSIsoft® PI System historian
  • Replicate PI System data from OT network to business end users
  • Maintain a “disconnected” or segmented cybersecurity architecture, preventing any inbound data flow to OT network

Use Case | Before


Owl data diodes utilizing patented technology (OPDS-100) was selected to secure the OT network from APT. This Provided effective network segmentation, and deterministic, one-way data transfer out of OT network. PI System replication (OPTS) was added to enable transfer of mining operations data to the business unit.

Use Case | After



Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.

Interface Module:

Owl PI Transfer Service (OPTS)
Specialized software developed specifically for secure replication and transfer of OSIsoft® PI System historian data across network boundaries.


  1. Provided security through effective network segmentation of the OT network, helping to prevent breaches by APT
  2. Permitted deterministic outbound data flows from OT network to the corporate data stores for increased visibility and business continuity
  3. Rockwell operations data captured in local PI historian and replicated to corporate network
  4. Replicated PI System historians allowed full performance, alarm, and event data access by corporate end users