OT Insights CenterPowerWhy I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards

Why I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards

Power generation OT security is critical for ensuring operational resilience in the face of growing cyber threats.However, as I researched, it became clear that no document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities. In response, I decided to write this ebook.

Dr. Jesus Molina

• November 19, 2024

As a teacher in the Master’s program on Rail Cybersecurity, I’ve had the opportunity to guide rail professionals through the complexities of securing critical infrastructure. In my course, I frequently rely on the European Technical Specification TS-50701, which provides tailored cybersecurity guidance specifically for the rail industry. TS-50701 serves as an essential resource, helping rail professionals interpret and apply broader standards like ISA/IEC 62443 to the unique challenges of rail systems. Of course, the goal of TS-50701 (currently in the process of becoming a standard under PT 63452) goes beyond teaching; it aims to improve cybersecurity in rail networks by building directly from the foundation of the 62443 standards.

But this reliance on TS-50701 led me to ask a simple question: Where is the equivalent guide for power generation?

“…I decided to write this ebook as a resource for power generation professionals. It aims to simplify and clarify the application of ISA/IEC 62443 for this sector.”

Download the eBook Here >>

The Gap

Power generation, like rail, is a critical sector facing unique cybersecurity challenges. However, as I researched, it became clear that no similar document existed to bridge the gap between the general, industry-agnostic ISA/IEC 62443 standards and the specific needs of power generation facilities.

In response, I decided to write this ebook as a resource for power generation professionals. It aims to simplify and clarify the application of ISA/IEC 62443 for this sector. While the standards are essential for Operational Technology (OT) security across industries, applying them effectively in power generation presents unique challenges that require tailored guidance.

Here’s what you’ll find inside the ebook:

• A Consequence-Driven Approach: Learn how focusing on unacceptable outcomes and using a consequence-driven approach can enhance your risk assessments.
• Zoning and Conduits for Power Generation: Practical guidance on structuring zones and conduits to address power generation’s specific needs.
• Engineering-Grade Controls: Explore engineering-based controls that reduce reliance on vulnerable software solutions, helping to simplify security while maintaining robustness.
• Introducing New Technologies: A practical approach to managing cloud computing and remote access within the standard.

Looking Ahead: The Need for Power Generation-Specific Guidance

This ebook is a starting point. My hope is that it will spark further work towards creating a comprehensive guide, similar to TS-50701, but specifically for power generation. Such a document would bridge the gap between the broad 62443 standards and the specialized needs of this critical sector, providing engineers with a clear path for implementing cybersecurity measures.

I’ll be presenting my position on the importance of tailored training materials at the upcoming Sx25 conference. My focus will be on my experience teaching rail professionals, and the urgent need for OT cybersecurity training that prepares engineers to understand and apply cybersecurity principles in their unique operational environments. Right now, power generation lacks both a specialized approach to training and the specific guidance to make ISA/IEC 62443 actionable for its unique needs.

Download the eBook and Join the Effort

If you’re involved in power generation or OT cybersecurity, I invite you to Click here to  download the ebook and join me in pushing for the development of industry-specific resources for power generation.

About the author

Dr. Jesus Molina

Jesus Molina is Waterfall’s Director of Industrial Security. He is a security expert in both OT and IT security. A former hacker, his research on offensive security in industrial systems has been echoed by many publications and media, including Wired and NPR. Mr. Molina has acted as chair of several security organizations, including the Trusted Computing Group and the IoT Internet Consortium. He is the co-writer of the Industrial Internet Security Framework and the author of several security-related patents and academic research papers. Mr. Molina holds a M.S. and a Ph.D from the University of Maryland.

Share

Trending posts

I don’t sign s**t – Episode 143

September 10, 2025

Secure Industrial Remote Access Solutions

August 28, 2025

Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

August 28, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Why I Wrote Power Generation OT Security: Applying and Interpreting ISA/IEC 62443 Standards appeared first on Waterfall Security Solutions.

OT Insights CenterFacilitiesThe Art of AI-Generated OT Payloads: From Mischief to Existential Threat

The Art of AI-Generated OT Payloads: From Mischief to Existential Threat

Nearly 10 years ago, I managed to take control of every appliance in a 200-room hotel. In the years since, to my surprise, the number one question I was asked wasn't "How did you do it?" but rather "With the control you had, what's the worst thing you could have done?" Since the spread of AI, the answer to that question has grown significantly.

Dr. Jesus Molina

• August 20, 2024

Almost 10 years ago, I managed to take control of every appliance in a 200-room hotel. I could raise the blinds in each room, change the TV channels, adjust the outside lighting, modify the temperature settings, and more. I had complete control. I did this by sending commands utilizing the KNX protocol through an unprotected wireless network at the hotel.

In the years since, to my surprise, the number one question I was asked wasn’t “How did you do it?” but rather “With the control you had, what’s the worst thing you could have done?” For those curious about the  “how”, I documented the process in a white paper presented at the BlackHat conference in 2014, which you can access here. Let’s revisit and expand on the second question, that “what,” with and without the help of generative AI.

Almost 10 years ago, I managed to take control of every appliance in a 200-room hotel….In the years since, to my surprise, the number one question I was asked was…”With the control you had, what’s the worst thing you could have done?”

Mischief

Before the advent of modern generative AI, my response to the question “what’s the worst you could have done?” was fairly typical: I could have disabled the controllers and then demanded payment to reverse the damage. This is akin to encrypting files, denying access to them, and demanding  a ransom. In fact, a similar tactic was recently employed by KNXlock, which exploited the KNX protocol’s cryptographic key insecurities to brick the KNX devices and demand ransom from the victims, as discussed in this article by Limes Security. By the way, I raised my voice almost 10 years ago on KNX insecurities in hopes the disclosure would prompt security improvements, and unfortunately it seems little has changed since then, with the Cybersecurity and Infrastructure Security Agency CISA releasing a new security advisory including a new CVE.

As reporters keep bringing up the “What’s the worst that could happen?” question, my imagination took flight. In the realm of mischief, I imagined myself dressed as Magneto, theatrically raising all the blinds simultaneously with a dramatic hand gesture. I suggested that I could have programmed the TVs to turn on every morning at 9 AM. I even suggested the idea of crafting a ghost story and bringing it to life by orchestrating eerie patterns with the exterior lights. One thing is clear: today’s cyberattacks lack creativity. Viruses of the past showcased more ingenuity. Take, for example, the 90’s Cascade virus that made letters fall down to the bottom of the screen, a spectacle that mesmerized many, including a 15-year-old version of myself. Back then, the primary objective of these attacks was attention, and not monetary gain. And garnering attention demands creativity.

Now enter the realm of generative AI, exemplified by platforms like ChatGPT, Bard and Stable Diffusion. I decided to revisit my previous attack. I still have the Wireshark traces from back then, as well as the Python program I coded to control the hotel. I tasked ChatGPT with creating a KNX client after feeding it the same scenario and input data, and the results were unsurprising: it accomplished in a mere 2 minutes what had taken me several hours years ago. And when I asked it  about the worst that could happen? ChatGPT’s responses closely mirrored my own, and even offered some additional possibilities:

Talk to an OT security expert

Existential Threat

Today, the majority of cyberattacks employ two primary payloads: data exfiltration and data encryption. These tactics prove effective as attackers can extort money either by threatening to release the compromised data or demanding payment for its decryption. These attacks display malice, but only to a degree. Their goal is not to cause significant harm to people, but there are instances where attackers went further.

Truly novel and inventive payloads are a rarity in modern cyber warfare. A notable example is the Stuxnet malware, an autonomous worm that discreetly sabotaged machines in Iran used for uranium processing. Others include BlackEnergy and Industroyer malware deployed in the2015 and 2016 cyberattacks that targeted Ukrainian substations, causing blackouts. More recently, the Khuzestan steel mill in Iran reportedly caught fire due to a cyberattack, suggesting the payload’s objective was to ignite a blaze. Such developments underscore the evolving nature of cyber threats. Where some attacks are starting to show physical consequences in the real world Most recently, there has been a shortage of Clorox product due to a cyberattack.

And there is another data point: We’re witnessing a significant uptick in cyberattacks with physical consequences to industry and critical infrastructure. The frequency of such attacks has doubled every year since 2020, a stark contrast to the mere 15 instances in the previous decade. However, these physical repercussions often arise not from innovative payloads but from generic encryption techniques that incapacitate machines integral to physical processes.

 

Offensive AI

In cinematic fiction, we often witness AI performing a myriad of impressive actions, from manipulating traffic lights to accelerating train speeds. Most of this is created by humans for humans, in the context of fictional entertainment and not reality. So, we know what we are capable of dreaming up when cybersecurity breaks down. If AI had complete cyber control over an environment, such as a Building Management System, what could it achieve? To explore this, I engaged in a conversation with a generative AI model on possible attack scenarios on a hypothetical water treatment plant equipped with Siemens controls, and a common deployment. While many of its responses were anticipated, some were very precise, such a falsa data injection. The problem is that once an attacker has a basic idea of what impact they wish to achieve they can develop it further, in a very efficient way, using generative AI as a research assistant.

Robert M. Lee, a renowned cybersecurity expert, meticulously detailed the phases of an OT (Operational Technology) cyberattack in his seminal paper, “The ICS Cyber Kill Chain.” Within, he categorizes attacks on Industrial Control Systems (ICS) into two distinct stages. The first stage aligns closely with familiar IT attack methodologies and culminates in the more specialized Stage 2, which is specific to OT intrusions.

Generative AI has notably transformed the initial compromise phase, which predominantly targets human vulnerabilities. This includes tactics ranging from voice cloning to the crafting of persuasive phishing emails. However, the true untapped potential of offensive AI emerges in Stage 2.

In these OT scenarios, attackers frequently stumble with the challenge of designing payloads suited to distinct operational contexts, especially those that necessitate the coordination of Programmable Logic Controllers and other servers tailored to specific physical processes. While many attackers can navigate past conventional defenses, they often fall short when confronted with specialized domains such as water management or manufacturing.

Generative AI promises to reshape this dynamic, equipping the attacker with the capability to produce complex, adaptive payloads. These can encompass code sequences potentially capable of damaging machinery or endangering human lives. Actions in Lee’s papers such as “Low confidence equipment effect” will transition from being difficult to execute to relatively straightforward. In essence, the entire landscape of the Stage 2 attack scale is radically transformed due to generative AI.

Is Security Engineering Our New Safety Net Against AI?

Defenders have utilized AI for years, but the democratization of AI will complicate the defense against system misconfigurations and stolen credentials. In OT, the stakes are even higher in Phase II. Encrypting a file is vastly different from destroying machinery. Traditional defense systems, vulnerable to bypassing, might prove inadequate against these emerging threats. However, there’s a silver lining.

The engineering profession boasts robust tools to counteract OT cyber risks posed by AI. Mechanical over-pressure valves, for instance, safeguard against pressure vessel explosions. As these systems do not have a CPUs, they’re immune to hacking. Similarly, torque-limiting clutches protect turbines from damage, and unidirectional gateways prevent the passage of attack information in one direction utilizing optical systems. These tools, often overlooked due to their lack of IT security counterparts, might soon become indispensable. As AI continues to evolve, the fusion of information with OT systems, combined with the creation of imaginative payloads that could jeopardize human safety or critical infrastructure, demands foolproof defenses. These defenses, grounded in physical elements, remain impervious even to the most advanced AI, ensuring our safety in an increasingly digital world. And maybe, they could deter even the most advanced AI systems for years to come.

Want to learn how to best protect industrial systems against cyberthreats? Get a complimentary copy of Andrew Ginter’s latest book –> Engineering-Grade OT Security: A manager’s guide discusses these tools in detail.

Talk to an OT security expert

About the author

Dr. Jesus Molina

Jesus Molina is Waterfall’s Director of Industrial Security. He is a security expert in both OT and IT security. A former hacker, his research on offensive security in industrial systems has been echoed by many publications and media, including Wired and NPR. Mr. Molina has acted as chair of several security organizations, including the Trusted Computing Group and the IoT Internet Consortium. He is the co-writer of the Industrial Internet Security Framework and the author of several security-related patents and academic research papers. Mr. Molina holds a M.S. and a Ph.D from the University of Maryland.

Share

Trending posts

NIS2 and the Cyber Resilience Act (CRA) – Episode 142

August 18, 2025

SCADA Security Fundamentals

August 14, 2025

What is OT Network Monitoring?

August 14, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post The Art of AI-Generated OT Payloads: From Mischief to Existential Threat appeared first on Waterfall Security Solutions.

Despite their growing significance in protecting industrial automation systems, unidirectional architectures are often not well understood, particularly by professionals with IT-centric backgrounds. Unidirectional architectures represent a true revolution in OT network cybersecurity.

Today, we not only have one-way perimeter solutions, but we also have one-way architectures – the adoption of which is undoubtedly increasing. This is especially true with the introduction of strict physical segmentation requirements in pipelines and rail systems, the rise of ransomware attacks, and the emergence of the industrial cloud. I see opportunities for this class of architecture even in many IT-centric verticals, such as banks and financial institutions.

In this article, I will strive to provide a clear explanation of unidirectional architectures and why they are becoming increasingly important in industrial systems.

Traffic flow in OT networks

Before diving into the specifics of unidirectional architectures, we must first understand the basic principles of data flows in industrial systems. In these systems, data is generated and collected by various devices and sensors. It is then processed, analyzed, and potentially sent back to control the industrial processes, modifying interactions with the physical world.

Note: Unidirectional Gateways are generally not deployed within the industrial network – bi-directional traffic between control system HMIs and PLCs are not amenable to this class of protection. The gateways are deployed almost exclusively at connections between industrial networks and external networks such as enterprise networks or the Internet.

As discussed in my previous articles, most OT networks, when connecting with enterprise IT networks, exhibit asymmetric traffic: A significant amount of data is sent outbound for use in the enterprise network or beyond, and some data may be sent back into the industrial network from external sources. In most cases, we can exploit these asymmetric data flows to our advantage, replacing one or more firewalls with unidirectional architectures. Going forward, when I refer to outbound traffic, I am referring to traffic flowing from an OT network, whose worst-case consequences of compromise are unacceptable physical consequences, to an IT network, whose worst-case consequences are lawsuits or other business losses for which we can more easily buy insurance. Inbound traffic refers to data sent in the reverse direction.

In IT architectures, where there is no such clear division, the primary objective is to transfer and process data. Due to this, network segmentation in IT networks historically focuses on preventing applications and specific network addresses from traversing between networks using firewalls. Firewalls have evolved over the years, but the core concept remains the same – filtering packets using software.

Inbound and Outbound traffic: Role in security

Inbound data sent to OT networks is responsible for directing and controlling the behavior of various elements in the system. This includes tasks such as firmware updates, communicating new production orders and quality requirements to the production system, and so on. Outbound data, on the other hand, typically consists of quality readings, raw materials and finished goods inventory levels, equipment usage readings and other information sent from the various sensors and devices in the system, as well as from databases and historians. This data is used to monitor the status of the system, detect and diagnose problems, and so on.

The security objectives for these two traffic patterns differ, particularly regarding the criticality of inbound information. Compromising the integrity of outbound data, for example, such as altering quality readings, has business consequences, such as delaying and resampling of a batch of product that is reported as sub-standard. Such compromise generally impacts the business less than tampering with inbound data, such as data determining what the quality requirements for the product are, which might lead to a large batch of unsaleable product actually being produced.

To enhance security and reduce the opportunity for cyber attacks causing serious consequences, our objective should be to decouple inbound and outbound data flows. Unidirectional technologies very naturally and unavoidably separate inbound and outbound traffic. This task is typically performed at the IT-OT interface but could be implemented in other locations within the network.

However, this separation can be challenging, since current applications often use the same protocol and applications to both transmit and receive information on the same connection. This is due to OT networks employing IT products and protocols. For instance, the TCP/IP protocol is the workhorse of modern networking and almost all application layer protocols that use TCP/IP are query/response. Clients send queries into servers that are data sources requesting specific data, and the servers reply on the same connection. This creates a potential attack vector, as the queries could be altered in an attack to manipulate the industrial server, and through the server the rest of the industrial control system. By re-engineering the networks and utilizing replication, this issue can be resolved in almost all cases. Let’s examine the following figure:

In the figure, the Unidirectional Gateway is a client of an industrial data source, such as a historian server. The gateway sends queries to the server asking for all new or changed data. On the enterprise network, the gateway logs into the enterprise historian server and inserts the data into that server. Any enterprise users or software applications that need the industrial data can now query the enterprise historian. All of the data that is permitted to be shared with the enterprise is available in the enterprise historian. No queries need be sent back into the industrial network through the gateway any more.

Unidirectional architectures are widely understood as “permitting information to flow in only one direction.” However, this example is just one use case – the most common use case – where we completely cancel inbound traffic. In the following sections, we will explore this and other architectures currently in use.

Unidirectional Architectures

There are five unidirectional architectures in widespread use today:

Pure Unidirectional: Information is replicated in one direction only. Only outbound traffic is allowed, and inbound traffic is physically blocked. This is what most people think of when they hear “unidirectional gateway,” and it is a common implementation for many OT use cases.

Typical use cases include monitoring production levels and equipment usage in refining and power generation. Unidirectional gateways for these use cases are often deployed at the OT-IT interface, where it is easier to differentiate between inbound and outbound traffic. These use cases may include unidirectional Remote Screen View connections, that enable remote support for vendors.

Time-based Unidirectional: Information is replicated outbound-only most of the time, but periodically the unidirectional device reverses orientation. Information and servers can be replicated outbound, or inbound, but never both simultaneously (the direction “flips”). In other words, outbound traffic is active for a certain percentage of the time, while inbound traffic is active for a different percentage.

A typical use case involves sending patches and production orders to the control system on a weekly basis. This is allowed only at specific times and solely in a unidirectional manner by transferring files from IT to OT. After the updates are transferred, the device physically reverses data flow direction again

Time-based Unidirectional and Bidirectional: Information is continuously replicated unidirectionally outbound, but occasional bidirectional exchanges can be enabled at specific times or on demand. In this implementation, a temporary bidirectional data paths exists in parallel with the Unidirectional Gateway, usually terminating in a jump host.

A typical use case involves remote intervention by a vendor according to Service Level Agreements (SLAs). The vendor may require bi-directional remote connectivity for a short period of time. To enable that connectivity, personnel at the site turn a physical key to activate the bi-directional bypass unit for a pre-programmed period of time.

• Two Unidirectional Gateways: This approach decouples inbound and outbound traffic using two unidirectional gateways. Information and servers are replicated unidirectionally in both directions. It is important to note that this is different from having bidirectional traffic because the traffic does not generate a loop – application queries do not pass through one device with responses returning on the other – such a design would be no stronger than a firewall. The inbound and outbound Unidirectional Gateways each replicate servers – often different kinds of servers, in each direction.

A typical use case involves load balancing in power generation, where two separate Transmission System Operators (TSOs) want to exchange information about load while minimizing the risk of cascading a cyberattack across networks.

• Unidirectional ”Shortcut”: In this design, information from deep in a defense-in-depth industrial network must reach an external consumer, and it is impractical to send that information through normal layers of communications to the external consumer.

Use Cases: Industrial mirror ports may need to be replicated to IT-resident OT intrusion detection sensors. Mirror ports typically produce a lot of information and it may not be practical to send that volume of information from many mirror ports deep in an industrial network out through layers of networks to the IT network where the OT IDS sensors are.  A second case – sending substation sensor information directly to the cloud without passing through the control center. This use case is currently being evaluated by the IEC committees overseeing the IEC62443 standard for transmitting data from Layer 2 to the cloud. The control center may still feature a firewall, but it is now less burdened, as most of the heavy data traffic is handled through the unidirectional gateway.

Conclusion

Unidirectional architectures offer significant benefits for the segmentation of OT networks and industrial systems, particularly in terms of security and reduced complexity. By replacing firewalls with unidirectional architectures, organizations can better protect their critical infrastructure from cyber threats. The various unidirectional architectures discussed, such as Pure Unidirectional, Time-based Unidirectional, Time-based unidirectional and bidirectional, two Unidirectional Gateways, and Unidirectional Shortcuts, provide different levels of security and flexibility based on specific use cases and requirements. These architectures allow for better isolation and control of data flows, which ultimately leads to improved security and reduced risk of cyberattacks in OT networks.

Moreover, unidirectional architectures can also help reduce the workload in higher-level networks in a defense-in-depth architecture, allowing them to focus on processing critical and time-sensitive traffic. This not only enhances the overall performance of the network but also simplifies network management by minimizing the number of data flows that must be supported through each network. As industrial systems continue to evolve and face increasingly sophisticated cyber threats, adopting unidirectional architectures will play a crucial role in maintaining the security and resilience of critical infrastructure.

For more details, see Waterfall’s guide: Unidirectional Gateways vs. Firewalls.

The post Segmentation 202: Unidirectional Architectures appeared first on Waterfall Security Solutions.

Table 1: Unidirectional Gateways vs. Firewalls

Your Brakes?

Forget about ports and protocols for a moment. Imagine only data flows: sending and receiving information. Now imagine the wheels of your car. Will you be okay with sensors sending information to the cloud about braking patterns and brake-pad wear? You might object on grounds of confidentiality, but would you object on the grounds of safety? Looking at this another way, would you be okay with the brakes being controlled, enabled or disabled by the cloud? All software – from clouds to firewalls – have inevitable defects. None of us wants known defects and vulnerabilities or the possibility of a zero-day attack hanging over us while driving a car.

When it comes to safety, we generally demand deterministic protection: no matter how sophisticated the external attacks, your brakes should never activate or fail to activate at the appropriate moment while driving due to a problem in the cloud, or a cyber attack from the cloud or through a firewall. The most reliable – deterministic – way to enable cloud-based monitoring without cloud-based controls is to physically prevent any data at all, no matter how benign that data seems, from flowing from the cloud back to your brakes.

Unidirectional technologies in cybersecurity are based on hardware. They can send data but not receive. As such two main factors will make them an optimal solution over firewalls:

• If the network is safety or reliability critical, then unidirectional technologies may be a good solution, because firewalls can be confused or defeated, and unidirectional gateways cannot – unidirectional protection is based on physics, not software.
• The second parameter is data flows. Many devices or computers send tons of data but may not need to be updated regularly. When asymmetric data flows are at work, then unidirectional technologies may be a better fit than a firewall.

Cloud vs. Gateways vs. Firewalls

Cloud computing has become pervasive in enterprise networks and industrial cloud computing is becoming increasingly pervasive in manufacturing and even critical infrastructures. When devices or control systems send information to the cloud autonomously to report their state, these systems most often do not require immediate action. They often send terabytes of data for predictive maintenance purposes. The information is analyzed promptly but may not produce conclusions for months, and when those conclusions are produced, they generally need to be acted upon within the following few weeks. In this case, is a firewall the right choice? Inspecting each packet? Using AI? Hoping nothing nasty comes back inside the encrypted connection to the cloud, through the Internet?

The right solution in this case is to send the data physically unidirectionally by replicating the data, creating a “data twin.” These twins are important from both functionality and security perspectives. For example, in the upcoming S4x23, Ryan Dsouza will provide IEC62443 current standards to address the use of cloud.

Similar use cases appear throughout in critical infrastructures. Trains need to send status information to passenger cell phone apps, but rail switching systems can not afford to be compromised because of firewalled connectivity with the Internet. Refineries need to send information to Security Operation Centers automatically, but again cannot afford compromise from a central or out-sourced, Internet-based SOC. In any case where the risk of external attack is high and the information flow is asymmetric, unidirectional gateways are the preferred option – the technology is mature enough so that information can be sent easily, transparently, and regardless of the protocol, provided that flow is mostly unidirectional.

Conclusion

When choosing an unidirectional gateways vs. firewalls as an OT segmentation solution, consider:

• Is the network segment critical?
• Is the information flow asymmetric out of this segment?

If the answer is yes to both, then unidirectional technologies are most often a better choice than firewalls.

All that said, there is always the follow-up question: even if data flows are asymmetric, I still need to send some data in. It turns out that today’s unidirectional architectures do resolve these issues – I will discuss them in a follow-up blog. The right segmentation choice reduces operational expenses and improves cybersecurity.

For more details, see Waterfall’s guide: Unidirectional Gateways vs. Firewalls.

The post Segmentation 201: Unidirectional Gateways vs. Firewalls appeared first on Waterfall Security Solutions.