Large ships and vessels used for national defense require large scale, on-board industrial control systems to manage power generation, propulsion, steering, HVAC and other large systems similar to those used in land-based power plants and other critical infrastructure facilities.
Industry: U.S. Navy
Challenge: Transfer operations data from the secure ship network to 3rd party vendors port-side.
Solution: A single OPDS data diode was deployed to receive data from ship-board systems and transfer to end-users.
Benefits: Ship remains secure while operations data is transferred in near real-time to the end-users. Removes the need for portable media.
The challenge is in providing operational data generated by the on-board systems, to 3rd parties (vendors, support and maintenance teams, etc.) that are external to the ship without opening up the ship to cyber threats. Typically when a ship comes into port, all of the industrial control data collected during the mission is offloaded to 3rd parties for analysis. To ensure the security and integrity of the ship’s systems, many times this is a manual “sneaker net” process with the data being loaded onto a portable CD and hand carried dock-side; taking up to several days to complete the paper work and authorization process.
- Prevent any network based attacks against the ship
- Support transfer of multiple data types (files, historians, databases, alarms, syslog, etc.)
- Support fast, high bandwidth transfer of stored data to port side facilities
- Support data originating from a variety of systems
- Support simultaneous protocols and data flows
Use Case | Before
The OPDS product line consists of simple to use, easy to configure cybersecurity products capable of simultaneous support of multiple data types, protocols and data flows. The ship network is configured as the “source” and all data needing to be transferred to port-side end-users is sent to the source side of the data diode. The end-users are configured as destinations and as data is transferred across the data diode it is directed to the appropriate end-users.
Use Case | After
Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.
Owl Perimeter Defense Solution – 100D (OPDS-100D)
DIN rail compatible data diode, purpose built for network segmentation and deterministic, one-way data transfer. Features all-in-one, compact form factor, designed to tolerate extreme environments.
- The OPDS data diode replaced the use of the portable CD to transfer data
- Data is transferred at near real-time, eliminating a delay of multiple days to retrieve the data
- The ship network remains secure from outside threats
- The potential for contaminated portable media is eliminated
- Allows the information to be shared for analytics without access to ship network