Computer and network security at water utilities and at other critical infrastructures has been the topic of much press over the last several years. Little of that news was good news. There have been wide spread reports that operations networks and control systems at critical infrastructures are poorly secured, and that not enough is being done to correct the problem.

 The popular press, though, generally does not appreciate is how hard cyber-security is for water utilities. Control system vendors often constrain the degree to which their systems, especially older systems, can be secured without invalidating support agreements, or causing outright malfunction of the control system components.

The “Old school” security approach was to completely isolate control networks from any other network. The problem with isolation, though, is that isolation frustrates the added efficiencies and significant cost savings which can be derived from access to real-time operations information.

Waterfall Security Solutions’ Unidirectional Security Gateways offer a solution which increases confidence in protection of safety, integrity and availability of the operations network. The gateways are a hardware-based solution which permits information to flow out of the operations network, without allowing any attacks, messages or information back in.

The hardware of the gateways consists of two gateway appliances: a “TX appliance” sits in the operations network, an “RX appliance” is connected to the business network, and the two boxes are connected by a fiber-optic cable. The TX gateway hardware contains a laser but no optical receiver, and the RX gateway contains a receiver, but no laser. What this means is that the TX gateway can send to the RX, but the RX is physically incapable of sending anything back to the TX, and the TX is physically incapable of receiving any optical message, even if it was sent.

Since the gateways are the only connection between the operations and business networks, no attacks of any sort from the internet or from the business network can threaten the operations network.

Related Products:

Unidirectional Security Gateways


Secure Bypass

Unidirectional CloudConnect