Securing Industrial Data Flow to AWS
Waterfall is proud to be recognized as the industry standard for connecting OT systems to the AWS Cloud.
As industries embrace the power of the Industrial Internet of Things (IIoT) and other cloud-based technologies to enhance operational efficiencies, a challenge has emerged in bridging the gap between the need for digitization and the importance of securing critical infrastructure systems. The conventional approach of directly connecting Industrial Control Systems (ICS) and Operational Technology (OT) to external networks poses significant cybersecurity risks. After extensive joint lab testing and data validation, Amazon Web Services (AWS) now recommends using Waterfall Unidirectional Gateways as the preferred solution for securely connecting industrial systems to the AWS cloud.
The delicate balance between digitization and security
Waterfall Security and Amazon Web Services both acknowledge the necessity for a balanced approach in advancing digitization, while safeguarding critical infrastructure systems. In line with AWS’s 10 security golden rules for IIoT solutions, AWS recommends deploying security appliances, particularly unidirectional gateways, to regulate the data flow and establish unbreachable one-way connections to external networks and cloud services. This way, data can securely flow to the AWS Cloud for access and function use within AWS’s IoT SiteWise and IoT Core, while any attempt to breach the industrial systems remains physically impossible.
“AWS recommends deploying security appliances, particularly unidirectional gateways, to regulate the data flow and establish unbreachable one-way connections to external networks and cloud services.”
The power of Unidirectional Gateways
Unidirectional gateways, which are a much more secure alternative to traditional firewalls, ensure a one-way data flow from the OT network to the IT network and the cloud while being physically unable to send traffic in the reverse direction. Unidirectional gateways are compliant with many industry standards such as NERC CIP and ISA/IEC 62443. While deployed behind-the-scenes, these unidirectional gateways play a crucial role in protecting critical infrastructure systems.
Waterfall Unidirectional Gateway to the AWS Cloud
Option 1 –> Sending OT/IIoT Data to AWS IoT SiteWise:
Waterfall Security’s Unidirectional Cloud Gateway facilitates the secure transmission of OT/IIoT data to AWS IoT SiteWise. The gateway replicates OPC UA data from an OPC UA server, hosting a replica OPC UA server for the IT network. The AWS IoT SiteWise Edge gateway running on AWS IoT Greengrass collects and sends this data to AWS IoT SiteWise in the cloud, enabling efficient visualization and analysis.
Option 2 –> Sending OT/IIoT Data to AWS IoT Core:
Waterfall’s Unidirectional Gateway, acting as an MQTT broker on the industrial network, facilitates the transmission of industrial data to AWS IoT Core using the MQTT protocol. This data can then be routed to various AWS services for processing, such as AWS IoT Events, AWS Lambda, Amazon Kinesis, Amazon Simple Storage Service (Amazon S3), and Amazon Timestream. The Waterfall Unidirectional Gateway ensures a secure and one-way transfer of data, physically removing the possibility of inbound cybersecurity risks.
Let the OT data flow to AWS Cloud-based services
In conclusion, Waterfall Security offers a robust solution for securely streaming OT/IIoT data to AWS IoT SiteWise and AWS IoT Core. By leveraging unidirectional gateways, industrial operations can harness the power of AWS cloud services without risks to their ICS/OT environments. This approach not only simplifies OT/IT integration, but also aligns with AWS’s multi-layered security approach outlined in the ten security golden rules for IIoT solutions. Waterfall Security remains committed to enhancing the security of critical infrastructure sectors, providing a foundation for secure, efficient, and digitized industrial operations.
Stay up to date
Subscribe to our blog and receive insights straight to your inbox