eu – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Fri, 31 Jan 2025 17:08:48 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png eu – Waterfall Security Solutions https://waterfall-security.com 32 32 Securing Industrial Data Flow to AWS  https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/securing-industrial-data-flow-to-aws/ Tue, 09 Jan 2024 08:45:31 +0000 https://waterfall-security.com/?p=17326 Waterfall is proud to be recognized by Amazon as a validated industry standard for connecting OT systems to the AWS Cloud.

The post Securing Industrial Data Flow to AWS  appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsSecuring Industrial Data Flow to AWS 

Securing Industrial Data Flow to AWS 

Waterfall is proud to be recognized as the industry standard for connecting OT systems to the AWS Cloud.
Picture of Waterfall team

Waterfall team

Connected OT to the Cloud with Waterfall and AWS

As industries embrace the power of the Industrial Internet of Things (IIoT) and other cloud-based technologies to enhance operational efficiencies, a challenge has emerged in bridging the gap between the need for digitization and the importance of securing critical infrastructure systems. The conventional approach of directly connecting Industrial Control Systems (ICS) and Operational Technology (OT) to external networks poses significant cybersecurity risks. After extensive joint lab testing and data validation, Amazon Web Services (AWS) now recommends using Waterfall Unidirectional Gateways as the preferred solution for securely connecting industrial systems to the AWS cloud. 

The delicate balance between digitization and security ​

Waterfall Security and Amazon Web Services both acknowledge the necessity for a balanced approach in advancing digitization, while safeguarding critical infrastructure systems. In line with AWS’s 10 security golden rules for IIoT solutions, AWS recommends deploying security appliances, particularly unidirectional gateways, to regulate the data flow and establish unbreachable one-way connections to external networks and cloud services. This way, data can securely flow to the AWS Cloud for access and function use within AWS’s IoT SiteWise and IoT Core, while any attempt to breach the industrial systems remains physically impossible. 

“AWS recommends deploying security appliances, particularly unidirectional gateways, to regulate the data flow and establish unbreachable one-way connections to external networks and cloud services.”

The power of Unidirectional Gateways

Unidirectional gateways, which are a much more secure alternative to traditional firewalls, ensure a one-way data flow from the OT network to the IT network and the cloud while being physically unable to send traffic in the reverse direction. Unidirectional gateways are compliant with many industry standards such as NERC CIP and ISA/IEC 62443. While deployed behind-the-scenes, these unidirectional gateways play a crucial role in protecting critical infrastructure systems. 

Waterfall Unidirectional Gateway to the AWS Cloud

Option 1 –> Sending OT/IIoT Data to AWS IoT SiteWise: 

Waterfall Security’s Unidirectional Cloud Gateway facilitates the secure transmission of OT/IIoT data to AWS IoT SiteWise. The gateway replicates OPC UA data from an OPC UA server, hosting a replica OPC UA server for the IT network. The AWS IoT SiteWise Edge gateway running on AWS IoT Greengrass collects and sends this data to AWS IoT SiteWise in the cloud, enabling efficient visualization and analysis

OT IIot Data to AWS using SiteWise
Click to enlarge

Option 2 –> Sending OT/IIoT Data to AWS IoT Core: 

Waterfall’s Unidirectional Gateway, acting as an MQTT broker on the industrial network, facilitates the transmission of industrial data to AWS IoT Core using the MQTT protocol. This data can then be routed to various AWS services for processing, such as AWS IoT Events, AWS Lambda, Amazon Kinesis, Amazon Simple Storage Service (Amazon S3), and Amazon Timestream. The Waterfall Unidirectional Gateway ensures a secure and one-way transfer of data, physically removing the possibility of inbound cybersecurity risks. 

Sending IIot data to AWS IoT Core
Click to enlarge

Let the OT data flow to AWS Cloud-based services

In conclusion, Waterfall Security offers a robust solution for securely streaming OT/IIoT data to AWS IoT SiteWise and AWS IoT Core. By leveraging unidirectional gateways, industrial operations can harness the power of AWS cloud services without risks to their ICS/OT environments. This approach not only simplifies OT/IT integration, but also aligns with AWS’s multi-layered security approach outlined in the ten security golden rules for IIoT solutions. Waterfall Security remains committed to enhancing the security of critical infrastructure sectors, providing a foundation for secure, efficient, and digitized industrial operations. 

Talk to an OT security expert
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Securing Industrial Data Flow to AWS  appeared first on Waterfall Security Solutions.

]]> NIS2 Compliance for ICS https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/nis2-compliance-for-ics/ Tue, 17 Oct 2023 11:57:28 +0000 https://waterfall-security.com/?p=12889 The NIS2 Directive is a directive by the European Parliament on the measures that need to be taken for a high common level of cybersecurity across the European Union.

The post NIS2 Compliance for ICS appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsNIS2 Compliance for ICS

NIS2 Compliance for ICS

What are the main takeaways from the new NIS2 Directive and what are the main requirements for compliance?
Picture of Waterfall team

Waterfall team

NIS2 compliance cheat sheet

The NIS2 Directive is a directive by the European Parliament on the measures that need to be taken for a high common level of cybersecurity across the European Union. The NIS2 Directive replaces the previous NIS Directive (EU Directive 2016/1148) and aims to improve the security of crucial services by protecting the networks and information systems of critical and important entities across the EU.

The NIS2 Directive applies to a wide range of organizations, including:

  • Essential entities: These are organizations that provide essential services, such as energy, water, transport, and financial services.

  • Important entities: These are organizations that are not essential entities, but that could have a significant impact on the economy or society if they were to be disrupted by a cyberattack.

  • 3rd parties: Providers and suppliers that want to work with entities that provide essential or important services such as the above two.

The NIS2 Directive applies to “Essential” entities, “Important” entities, and 3rd party providers/suppliers that want to work with those “essential” and “important” entities.

Cybersecurity Measures Required by the NIS2 Directive

The NIS2 Directive is a complex piece of legislation, and there are several different ways that organizations can comply with it. However, the key principles of the directive are risk management, incident response, vulnerability management, security awareness training, and supply chain security.

  • Risk management: Organizations must identify and assess the risks to their networks and information systems. This also includes a person or team that is responsible for handling the decisions that need to be made regarding risk, with the blame falling on them if something goes wrong.

  • Incident response: Organizations must have a plan in place to respond to cybersecurity incidents within 24-hours of the incident. NIS2 also requires organizations to report certain types of cybersecurity incidents to their national authorities.

  • Vulnerability management: Organizations must identify and patch vulnerabilities in their systems in a way that is appropriate for their devices and networks. This use of the term “appropriate” is somewhat ambiguous and it is probably best to err on the side of caution and provide more protection instead of less protection whenever there is any doubt.

  • Security awareness training: Organizations must train their employees on cybersecurity best practices. Sometimes the most secure networks can be compromised by an employee clicking on some phishing link or using a weak password. Avoiding these issues can be greatly mitigated if everyone with access has a good understanding of the type of threats that exist and how to avoid them.

  • Supply chain security: Organizations must also ensure that their 3rd party vendors are taking appropriate cybersecurity measures. This means that not only does the entire internal operation need to comply with NIS2, but also any 3rd party vendors that provide products or services need to comply too.

Overall, the NIS2 Directive represents a significant step forward in the fight against Europe’s cyber threats. By requiring organizations, and their supply chains, to implement stronger cybersecurity measures, the directive will help in protecting critical infrastructure and other important assets from cyberattacks throughout the European Union.

 

Get the NIS2 Compliance Guide for OT Systems
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post NIS2 Compliance for ICS appeared first on Waterfall Security Solutions.

]]>