ATCA global conference & expo

Data Diode Enabled Cybersecurity – An Ounce of Prevention…

Visibility into the operation of critical aviation systems is key to resilience.  These systems include not only the communication, navigation, surveillance, and air traffic management systems that support air traffic control, but also infrastructure systems such as chillers, power, and telecommunications systems which could shut down an airport or other facility if attacked.   Until recently, this visibility came at a cost: the threat of cyberattack on the control systems that make modern transportation possible. However, there’s a class of technology that has received increased attention since high profile attacks like that on the Colonial Pipeline. On September 21st, the Cybersecurity & Infrastructure Security Agency (CISA) recommended the use of one-way communication diodes to:

  • - Protect control system boundaries
  • - Limit and control the flow of data between systems

Data diodes enable physically enforced, one-way communication between devices and their operators, providing situational awareness of their status without any back-channel paths penetrating through the diode to the protected system.  This class of cybersecurity hardware is used to physically protect industrial control systems and other infrastructure by only allowing data to flow in one direction. Hackers cannot penetrate the network connection remotely.  Thanks to advancements in the technology, data diodes are now affordable, scalable, and adaptable to bring levels of security once reserved for nuclear power plants and other national security infrastructure to the National Airspace System and the aviation community.

Hackers have access to rentable botnets, unlimited cloud computing, and artificial intelligence. Eventually malicious code is going to get through traditional defenses, like software and firewalls, before patches and updates are issued.  Use of one-way communication diodes enable IOT-level communications between devices/facilities and the systems that monitor them, while physically eliminating the cyber risk which would otherwise be mitigated through expensive software, which requires constant upgrade against evolving threats. Data diodes are used today to protect water facilities, energy production facilities, intelligence community operations, and military systems.  Protecting our aviation infrastructure is equally important.

Figure 1: Next-generation industrial data diodes can extract data from industrial control systems and send to another network without the need for additional servers or proprietary software.

Incorporating this new class of hardware into network architectures can protect air traffic and airport systems from attack. The FAA and airport operators can implement data diodes to better communicate with their systems, sensors, and other facilities, while preventing malicious code entering through their infrastructure. Secure online monitoring, combined with predictive analytics, allows managers to know when their system show signs of failure, reducing downtime, improving efficiency, and increasing productivity.  Maintenance staff can address systems that are evidencing signs of degradation based on real-time data instead of RMA timelines.  Field operations teams can dispatch the necessary staff only when needed.

Most modern devices will provide this type of information; however, it frequently goes unused due to cybersecurity concerns that the data diode renders moot.  Industrial data diodes allow critical infrastructure systems to be connected safely, securely, and affordably for improved situational awareness over Ethernet or cellular transmission, via cloud or dedicated circuits.  Data diodes make nefarious communication back into these facilities physically impossible.  Why spend valuable resources trying to perpetually cure a problem that can easily be prevented?

For more information contact info@fend.tech or mhawthorne@objectivearea.com

Source: Objective Area Solutions