Food And Beverage Manufacturing

Protecting Operational Networks In The Food And Beverage Industry From Evolving Cyber Threats
Food And Beverage Manufacturing
Customer/ Partner:

A large, global food and beverage company.

Customer Requirement:

Enable secure, cloud-based operational equipment effectiveness (OEE) monitoring without introducing cyber risk to the OT network.

Waterfall’s Unidirectional Solution:

The Waterfall Unidirectional Cloud Gateway provides the benefits of connections to industrial cloud services, without the risk that cloud or Internet connectivity will “leak” attacks back into protected industrial control systems.

Food & Beverage Manufacturing – Today’s Cyber Threat Environment

Food & Beverage operators have suffered large scale ransomware attacks in recent years, triggering costly production shut-downs. Looking forward, manufacturers are concerned about even worse outcomes – cyber attackers could tamper with production processes to contaminate foodstuffs, with recipes to impair product quality and with batch records to render large volumes of product un-marketable. The threat is compounded when production lines are connected to Internet-based cloud services – a compromised cloud could compromise hundreds or thousands of connected industrial clients, simultaneously.

The Challenge icon
The challenge

Enable safe deployment of the RedZone platform for multi-site OEE monitoring, actionable insights and productivity improvements. In particular, enable safe Amazon AWS cloud connectivity for the RedZone platform, without introducing cyber risk to critical manufacturing networks. Do all this with minimal changes to existing Purdue-Model / ISA 62443 security measures

Waterfall solution - icon
Waterfall solution

The customer deployed Waterfall’s Unidirectional Cloud Gateways at multiple sites. The Gateways replicated OPC servers and their data through unidirectional hardware. RedZone equipment used the replica OPC servers normally, to connect to the RedZone AWS infrastructure. No change to existing control system designs or security systems were needed, beyond installation and configuration of RedZone and Waterfall equipment.

Results and benefits - icon
Results & benefits

Security: No attack from any external, cloud or Internet network can leak back into protected control systems through any Unidirectional Cloud Gateway.

Transparency: Unidirectional Cloud Gateways enable safe cloud connectivity without changes to existing firewalls, networks or security monitoring systems.

Performance: By securely enabling the OEE application, Waterfall’s Unidirectional Cloud Gateway helps the business realize an 8% increase in plant productivity.

vertical red line
Theory of Operation
Click to enlarge

Waterfall Unidirectional Cloud Gateway solutions replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external less-trusted networks. Waterfall Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. Unidirectional Cloud Gateway software makes copies of industrial servers. External IT and Internet users connect normally to the replica servers and access data there normally.

At this customer, the Unidirectional Cloud Gateway was deployed to copy a standard OPC-UA server from the industrial network to the IT network where a RedZone RZLogger was deployed. The logger connected to both the OPC-UA replica server and to RedZone services in the Amazon AWS cloud. The deployment was completely safe, because no attack is able to penetrate the Unidirectional Cloud Gateway hardware to reach into the Industrial Network to put physical operations or any data management systems in that network at risk.

vertical red line
Unidirectional Cloud Gateways Benefits:

arrow red right Physically prevents cloud/Internet-based attacks from infecting the protected industrial network.

arrow red right All the benefits of cloud-connected infrastructure to industrial operations, without the risks of cloud connectivity.

arrow red rightSupports 100+ industrial protocols & applications; from legacy systems to cloud-based platforms.

arrow red right  Safe cloud vendor supply chain integration, big data analysis, cross-site and cross-application analysis, and correlations.

arrow red right Enables secure deployment of IT and outsourced SIEM, SOC, NOC & security monitoring solutions.

vertical red line
Global Cybersecurity Standards Recommend Unidirectional Security Gateways

Waterfall Security is the market leader for Unidirectional Gateway technology with installations at critical infrastructure sites around the world. The level of protection provided by Waterfall’s Unidirectional Security Gateway technology is recognized as best practice by leading industry standards bodies and authorities such as NIST, ANSSI, NERC CIP, ISA / IEC 62443, the US DHS & CISA, ENISA, TS50701 and many others.


Stay up to date

Subscribe to our blog and receive insights straight to your inbox