Cyber security threats on the energy industry represent unacceptable risks to rotating equipment, reliable operations and sometimes even employee and public safety.
Unidirectional Security Gateway products and technologies are deployed routinely at generating sites to provide stronger-than-firewall solutions for reliability-critical equipment and control systems. Unidirectional Security Gateways provide safe IT/OT integration by replicating industrial servers and devices from generating networks to business networks through a system of hardware modules that physically prevents any attack from reaching back into the protected critical control system network.
Unidirectional Gateways replace firewalls, which have proven inadequate to the needs of reliability-critical and safety-critical networks. Every path through a firewall that permits data to leave a critical network for use by an enterprise, also allows attacks to pass back into that critical network. Unidirectional Security Gateways enable safe IT/OT integration, without the serious security risks that always accompany firewalls.
Routinely-deployed unidirectional use cases include:
- IT/OT integration
- Control system vendor and turbine vendor monitoring and diagnostics
- Generation dispatch center / ICCP communications
- Protecting protective relays
- Protecting safety systems
Waterfall Security Solutions is focused exclusively on the protection of industrial control system networks, and is the market leader for Unidirectional Security Gateway technology in power generation, world-wide. Waterfall products used routinely at generating sites include
- Secure historian database replication
- Secure OPC server replication
- Secure ICCP server replication
- Remote Screen View
The strong security of Unidirectional Security Gateways is recognized in:
- NERC CIP V5 and V6 standards
- French ANSSI control system security standards
Plus many other control system security standards, regulations and best practice guidelines world-wide. The North American NERC CIP V5 and V6 standards provide for significant reductions in CIP compliance costs and CIP compliance obligations at unidirectionally-protected sites, thus reflecting the reduced risk to electric system reliability from unidirectionally-protected sites.
Firewalls and IT-centric security provisions provide insufficient protection to generating units and generating control systems. Turbines and generators after all, cannot be “restored from backup” the way IT systems can. Generating units are not expendable. The time has come to deploy Unidirectional Security Gateways instead of firewalls to enable safe IT/OT integration throughout at generating sites.