NERC Recognizes Security of Unidirectional Communications.
NERC's updated guidelines come in the form of the December 15 Compliance Application Notice CAN-0024, entitled "CIP-002 R3 Routable Protocols and Data Diode Devices." The CAN describes "data diodes" as network equipment which provides a hardware-enforced "one-way" or unidirectional path for data to flow out of critical networks, while allowing nothing back in to those networks. Unidirectional hardware lets information leave critical networks without any risk of hackers, viruses, worms, or any other attacker reaching back into the critical network over that same communications path and disrupting or sabotaging components essential to the power grid. The CAN provides guidance as to when unidirectional communications should be interpreted as strong "non-routable" communications, that is: communications which do not use the Internet Protocol or any comparable Wide Area Networking protocol.
Lior Frenkel, CEO and Co-Founder of Waterfall Security Solutions - the leading supplier of Unidirectional Security Gateways - comments: "The NERC action is very welcome. The practices that NERC outlines recognize that strong security, in the form of Unidirectional Gateways, has an evolving role in the protection of the Bulk Electric System. The new guidelines also help NERC entities understand where and how strong unidirectional security is most effectively deployed."
Unidirectional Security Gateways represent a newer and stronger approach to network security than do conventional firewalls. Waterfall's Unidirectional Gateways are currently deployed in many NERC-regulated conventional power plants, the majority of North America's nuclear generation utilities, and a number of oil & gas facilities and water utilities. Interest in Waterfall's Unidirectional Gateways is increasing quickly in several other industries within North America as well.
With a number of civilian and government agencies citing the vulnerability of the North American power grid to cyber attack, the NERC recognition of hardware-enforced unidirectional communications technologies is very timely. Where Unidirectional Gateways are used to successfully isolate control system networks, those networks become immune to Remote Administration Tools and other Internet-based cyber attacks. These are the attacks preferred by the vast majority of nation-state-sponsored "Advanced Persistent Threat" actors. Strong cyber security protections for power plants and for other critical elements of the Bulk Electric System should help us all sleep a little easier.
Waterfall Security Solutions' patented cyber security solutions enable sites in many industries to securely connect their critical industrial networks to external networks. Unidirectional Security Gateways move data securely, meeting business needs without exposing industrial networks to risks and threats of cyber-attacks, cyber terror, and hacking from external, less secure networks. Waterfall's cyber security solutions assist offshore platforms, refineries, utilities and other critical infrastructures to achieve compliance with NERC-CIP, NRC, CFATS and other regulations and standards, as well as cyber-security policies and best practices. Additional business needs secured by way of the Waterfall Gateways include production monitoring, real-time royalty and taxation tracking, and equipment monitoring and maintenance function automation.
For information, visit http://www.waterfall-solutions.com or call 646/727-7276.