OT Insights CenterGovernment and DefenseeBook: Unidirectional Security Gateways for Government Networks

eBook: Unidirectional Security Gateways for Government Networks

The cyber threat environment is getting worse, and our adversaries are developing more powerful attack tools. Government agencies need to increase automation and network connectivity to maintain strategic military, governance, and economic advantages. This increases both the number of targets for cyber assaults and the number of opportunities for such assaults. The solution is robust, hardware-based, physical protection, such as Waterfall’s Unidirectional Security Gateways and hardware-enforced security solutions, which protect from even the most sophisticated nation-state adversaries.

Fill out the form and get your copy today.

In this eBook

  Unique benefits of Unidirectional Security Gateways.

  The hardware behind Unidirectional Security Gateways.

  Connector software for Unidirectional Security Gateways.

  Waterfall’s Blackbox – tamperproof logs.

  How it all comes together  for protecting government networks.

Download your copy today and learn how to fully secure government networks against all remote cyber threats including nation-state adversaries.

About the author

Andrew Ginter, VP Industrial Security at Waterfall Security Solutions

At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.

Share

Fill out the form and get it by email​

The post eBook: Unidirectional Security Gateways for Government Networks appeared first on Waterfall Security Solutions.

OT Insights CenterOil and GasKeeping the Flow:  Cyber-Proofing Oil & Gas Production

Need to “cyber proof” Oil & Gas production operations? Imagine safely keeping production running, even during an ongoing cyberattack. This article explains how.

Keeping the Flow:  Cyber-Proofing Oil & Gas Production

Kevin J. Rittie

• January 25, 2024

In our everything-goes-digital era, the upstream Oil & Gas industry finds itself at the crossroads of innovation and vulnerability. Securing upstream Oil & Gas operations goes beyond the frameworks commonly addressed in IT security. This blog post begins to peel back the layers of OT security in Oil & Gas, unveiling the approach needed to maintain production, even during an ongoing cyberattack on the IT network. 

Something, Something, Cyber Kill Chain

While Lockheed Martin’s Cyber Kill Chain is commonly (over) used to understand the anatomy of an IT cyberattack, it is important to note that the goals of such attacks differ greatly when compared to OT cyberattacks. While generic IT attacks involve tactics such as data exfiltration or ransomware, attacks on OT and industrial operations generally target the functionality of the operation itself, with the goal of causing a disruption that makes headlines, as well as having a noticeable impact as it ripples through society. Unfortunately, the attacker’s objectives are becoming more dangerous, as some attacks are designed to cause bodily harm to workers at the site, negating the elaborate safety protocols designed to prevent such incidents, or to cause harm at a community level such as seen in recent water system attacks. 

The stakes of the game are much higher when dealing with OT security, thus, preventing cyberattacks from successfully traversing the cyber kill chain becomes a matter of life and death. We are no longer just protecting information; we are protecting physical assets and human lives. 

Get the Checklist: 9 Best Practices for Safeguarding Upstream

“The stakes of the game are much higher when dealing with OT security, thus, preventing cyberattacks from successfully traversing the cyber kill chain becomes a matter of life and death.”

The Shutdown Showdown

Within the context of cyber resilience, Unidirectional Gateways have proven to be an instrumental component. Unidirectional Gateways inherent unbreachability allows for continued operation even during an ongoing IT cyberattack.  This ensures that production continues as IT responds to identify and contain the attack and how to best respond.  

Now, realistically, production may still need to be stopped since commercial support systems, for example, billing, typically reside within the IT networks.  The unavailability of these support systems might negate the ideal situation of keeping operations up and running.  Fortunately, Unidirectional Gateways remove the urgency to abruptly shut down operations, providing time to calmly consider the next steps in incident response versus a crisis system shutdown.  Following the proper triage of the incident, if no system shutdown is warranted, operations can securely remain running, or an operationally sound shutdown and restart process can be executed, reducing safety and commercial risks. 

Compliance throughout other industry sectors

Before the infamous Colonial pipeline shutdown, the Midstream sector was fundamentally self-regulated with regard to cybersecurity, with little to no regulations from authorities. Once the Colonial incident happened, the regulations and compliances began rolling out, with many in the industry frustrated that IT concepts were being improperly applied to OT. 

Unidirectional Gateways offer such a high level of OT security, that when regulations start rolling out, many of the compliance points are already met. In some cases, some of the details for compliance with the regulation are explicitly not required when there is an Unidirectional Gateway.

Cloud and IT connectivity.

An expanding desire for O&G companies is the ability to leverage their industrial data in order to perform complex analysis as they seek to find new values, reduce costs, or achieve operational efficiencies.  These analysis tools are often cloud-based, meaning that information from the isolated/segmented OT environment must be made available to these tools, therefore, a secure means of transferring information across network boundaries is a must, keeping OT networks isolated from the internet as a means of reducing the risk of cyber attacks.  Firewalls mitigate but do not remove these risks, thus, the deployment of a UDG for these operations can ensure safe exchanges of data to corporate and the cloud.   

Unidirectional Gateways are the safest way to connect industrial systems to The Cloud and the internet, facilitating the flow of data from OT to the desired analytics environments, without letting any information flow back into the industrial system. This allows OT to be “connected” to The Cloud with a secure intermediary that reduces the attack surface while expanding functionality. 

The journey to cyber-proofing O&G production operations requires a multifaceted approach. By prioritizing OT security, leveraging Unidirectional Security Gateways, and staying ahead of regulatory developments, the industry can navigate the challenges posed by cyber threats while embracing the opportunities presented by digital innovation. In doing so, Oil & Gas companies can not only safeguard their operations but also pave the way for a resilient and connected future. 

Get the Checklist: 9 Best Practices for Safeguarding Upstream

About the author

Kevin J. Rittie

With over 30 years in the control system market, Kevin Rittie is a seasoned software and cybersecurity professional who has led diverse development groups with budgets up to $10M. He has a comprehensive background, starting as a project engineer and software developer, and has excelled in roles such as Product Management, Cybersecurity, Sales, and Marketing. Kevin's innovative contributions include leading the design of a patented control visualization architecture and driving the development of energy management solutions, culminating in the establishment of his own business, RevelationSCS, focused on change management, software practices, and securing critical infrastructure.

Share

Trending posts

8 (and a Half) Questions for Your OT “Secure” Remote Access Vendors

April 1, 2026

Webinar: 13 Ways To Break “Secure” OT Remote Access Systems

March 29, 2026

Webinar: 2026 OT Cyber Threat Report

March 25, 2026

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Keeping the Flow:  Cyber-Proofing Oil & Gas Production appeared first on Waterfall Security Solutions.

Despite their growing significance in protecting industrial automation systems, unidirectional architectures are often not well understood, particularly by professionals with IT-centric backgrounds. Unidirectional architectures represent a true revolution in OT network cybersecurity.

Today, we not only have one-way perimeter solutions, but we also have one-way architectures – the adoption of which is undoubtedly increasing. This is especially true with the introduction of strict physical segmentation requirements in pipelines and rail systems, the rise of ransomware attacks, and the emergence of the industrial cloud. I see opportunities for this class of architecture even in many IT-centric verticals, such as banks and financial institutions.

In this article, I will strive to provide a clear explanation of unidirectional architectures and why they are becoming increasingly important in industrial systems.

Traffic flow in OT networks

Before diving into the specifics of unidirectional architectures, we must first understand the basic principles of data flows in industrial systems. In these systems, data is generated and collected by various devices and sensors. It is then processed, analyzed, and potentially sent back to control the industrial processes, modifying interactions with the physical world.

Note: Unidirectional Gateways are generally not deployed within the industrial network – bi-directional traffic between control system HMIs and PLCs are not amenable to this class of protection. The gateways are deployed almost exclusively at connections between industrial networks and external networks such as enterprise networks or the Internet.

As discussed in my previous articles, most OT networks, when connecting with enterprise IT networks, exhibit asymmetric traffic: A significant amount of data is sent outbound for use in the enterprise network or beyond, and some data may be sent back into the industrial network from external sources. In most cases, we can exploit these asymmetric data flows to our advantage, replacing one or more firewalls with unidirectional architectures. Going forward, when I refer to outbound traffic, I am referring to traffic flowing from an OT network, whose worst-case consequences of compromise are unacceptable physical consequences, to an IT network, whose worst-case consequences are lawsuits or other business losses for which we can more easily buy insurance. Inbound traffic refers to data sent in the reverse direction.

In IT architectures, where there is no such clear division, the primary objective is to transfer and process data. Due to this, network segmentation in IT networks historically focuses on preventing applications and specific network addresses from traversing between networks using firewalls. Firewalls have evolved over the years, but the core concept remains the same – filtering packets using software.

Inbound and Outbound traffic: Role in security

Inbound data sent to OT networks is responsible for directing and controlling the behavior of various elements in the system. This includes tasks such as firmware updates, communicating new production orders and quality requirements to the production system, and so on. Outbound data, on the other hand, typically consists of quality readings, raw materials and finished goods inventory levels, equipment usage readings and other information sent from the various sensors and devices in the system, as well as from databases and historians. This data is used to monitor the status of the system, detect and diagnose problems, and so on.

The security objectives for these two traffic patterns differ, particularly regarding the criticality of inbound information. Compromising the integrity of outbound data, for example, such as altering quality readings, has business consequences, such as delaying and resampling of a batch of product that is reported as sub-standard. Such compromise generally impacts the business less than tampering with inbound data, such as data determining what the quality requirements for the product are, which might lead to a large batch of unsaleable product actually being produced.

To enhance security and reduce the opportunity for cyber attacks causing serious consequences, our objective should be to decouple inbound and outbound data flows. Unidirectional technologies very naturally and unavoidably separate inbound and outbound traffic. This task is typically performed at the IT-OT interface but could be implemented in other locations within the network.

However, this separation can be challenging, since current applications often use the same protocol and applications to both transmit and receive information on the same connection. This is due to OT networks employing IT products and protocols. For instance, the TCP/IP protocol is the workhorse of modern networking and almost all application layer protocols that use TCP/IP are query/response. Clients send queries into servers that are data sources requesting specific data, and the servers reply on the same connection. This creates a potential attack vector, as the queries could be altered in an attack to manipulate the industrial server, and through the server the rest of the industrial control system. By re-engineering the networks and utilizing replication, this issue can be resolved in almost all cases. Let’s examine the following figure:

In the figure, the Unidirectional Gateway is a client of an industrial data source, such as a historian server. The gateway sends queries to the server asking for all new or changed data. On the enterprise network, the gateway logs into the enterprise historian server and inserts the data into that server. Any enterprise users or software applications that need the industrial data can now query the enterprise historian. All of the data that is permitted to be shared with the enterprise is available in the enterprise historian. No queries need be sent back into the industrial network through the gateway any more.

Unidirectional architectures are widely understood as “permitting information to flow in only one direction.” However, this example is just one use case – the most common use case – where we completely cancel inbound traffic. In the following sections, we will explore this and other architectures currently in use.

Unidirectional Architectures

There are five unidirectional architectures in widespread use today:

Pure Unidirectional: Information is replicated in one direction only. Only outbound traffic is allowed, and inbound traffic is physically blocked. This is what most people think of when they hear “unidirectional gateway,” and it is a common implementation for many OT use cases.

Typical use cases include monitoring production levels and equipment usage in refining and power generation. Unidirectional gateways for these use cases are often deployed at the OT-IT interface, where it is easier to differentiate between inbound and outbound traffic. These use cases may include unidirectional Remote Screen View connections, that enable remote support for vendors.

Time-based Unidirectional: Information is replicated outbound-only most of the time, but periodically the unidirectional device reverses orientation. Information and servers can be replicated outbound, or inbound, but never both simultaneously (the direction “flips”). In other words, outbound traffic is active for a certain percentage of the time, while inbound traffic is active for a different percentage.

A typical use case involves sending patches and production orders to the control system on a weekly basis. This is allowed only at specific times and solely in a unidirectional manner by transferring files from IT to OT. After the updates are transferred, the device physically reverses data flow direction again

Time-based Unidirectional and Bidirectional: Information is continuously replicated unidirectionally outbound, but occasional bidirectional exchanges can be enabled at specific times or on demand. In this implementation, a temporary bidirectional data paths exists in parallel with the Unidirectional Gateway, usually terminating in a jump host.

A typical use case involves remote intervention by a vendor according to Service Level Agreements (SLAs). The vendor may require bi-directional remote connectivity for a short period of time. To enable that connectivity, personnel at the site turn a physical key to activate the bi-directional bypass unit for a pre-programmed period of time.

• Two Unidirectional Gateways: This approach decouples inbound and outbound traffic using two unidirectional gateways. Information and servers are replicated unidirectionally in both directions. It is important to note that this is different from having bidirectional traffic because the traffic does not generate a loop – application queries do not pass through one device with responses returning on the other – such a design would be no stronger than a firewall. The inbound and outbound Unidirectional Gateways each replicate servers – often different kinds of servers, in each direction.

A typical use case involves load balancing in power generation, where two separate Transmission System Operators (TSOs) want to exchange information about load while minimizing the risk of cascading a cyberattack across networks.

• Unidirectional ”Shortcut”: In this design, information from deep in a defense-in-depth industrial network must reach an external consumer, and it is impractical to send that information through normal layers of communications to the external consumer.

Use Cases: Industrial mirror ports may need to be replicated to IT-resident OT intrusion detection sensors. Mirror ports typically produce a lot of information and it may not be practical to send that volume of information from many mirror ports deep in an industrial network out through layers of networks to the IT network where the OT IDS sensors are.  A second case – sending substation sensor information directly to the cloud without passing through the control center. This use case is currently being evaluated by the IEC committees overseeing the IEC62443 standard for transmitting data from Layer 2 to the cloud. The control center may still feature a firewall, but it is now less burdened, as most of the heavy data traffic is handled through the unidirectional gateway.

Conclusion

Unidirectional architectures offer significant benefits for the segmentation of OT networks and industrial systems, particularly in terms of security and reduced complexity. By replacing firewalls with unidirectional architectures, organizations can better protect their critical infrastructure from cyber threats. The various unidirectional architectures discussed, such as Pure Unidirectional, Time-based Unidirectional, Time-based unidirectional and bidirectional, two Unidirectional Gateways, and Unidirectional Shortcuts, provide different levels of security and flexibility based on specific use cases and requirements. These architectures allow for better isolation and control of data flows, which ultimately leads to improved security and reduced risk of cyberattacks in OT networks.

Moreover, unidirectional architectures can also help reduce the workload in higher-level networks in a defense-in-depth architecture, allowing them to focus on processing critical and time-sensitive traffic. This not only enhances the overall performance of the network but also simplifies network management by minimizing the number of data flows that must be supported through each network. As industrial systems continue to evolve and face increasingly sophisticated cyber threats, adopting unidirectional architectures will play a crucial role in maintaining the security and resilience of critical infrastructure.

For more details, see Waterfall’s guide: Unidirectional Gateways vs. Firewalls.

The post Segmentation 202: Unidirectional Architectures appeared first on Waterfall Security Solutions.

Table 1: Unidirectional Gateways vs. Firewalls

Your Brakes?

Forget about ports and protocols for a moment. Imagine only data flows: sending and receiving information. Now imagine the wheels of your car. Will you be okay with sensors sending information to the cloud about braking patterns and brake-pad wear? You might object on grounds of confidentiality, but would you object on the grounds of safety? Looking at this another way, would you be okay with the brakes being controlled, enabled or disabled by the cloud? All software – from clouds to firewalls – have inevitable defects. None of us wants known defects and vulnerabilities or the possibility of a zero-day attack hanging over us while driving a car.

When it comes to safety, we generally demand deterministic protection: no matter how sophisticated the external attacks, your brakes should never activate or fail to activate at the appropriate moment while driving due to a problem in the cloud, or a cyber attack from the cloud or through a firewall. The most reliable – deterministic – way to enable cloud-based monitoring without cloud-based controls is to physically prevent any data at all, no matter how benign that data seems, from flowing from the cloud back to your brakes.

Unidirectional technologies in cybersecurity are based on hardware. They can send data but not receive. As such two main factors will make them an optimal solution over firewalls:

• If the network is safety or reliability critical, then unidirectional technologies may be a good solution, because firewalls can be confused or defeated, and unidirectional gateways cannot – unidirectional protection is based on physics, not software.
• The second parameter is data flows. Many devices or computers send tons of data but may not need to be updated regularly. When asymmetric data flows are at work, then unidirectional technologies may be a better fit than a firewall.

Cloud vs. Gateways vs. Firewalls

Cloud computing has become pervasive in enterprise networks and industrial cloud computing is becoming increasingly pervasive in manufacturing and even critical infrastructures. When devices or control systems send information to the cloud autonomously to report their state, these systems most often do not require immediate action. They often send terabytes of data for predictive maintenance purposes. The information is analyzed promptly but may not produce conclusions for months, and when those conclusions are produced, they generally need to be acted upon within the following few weeks. In this case, is a firewall the right choice? Inspecting each packet? Using AI? Hoping nothing nasty comes back inside the encrypted connection to the cloud, through the Internet?

The right solution in this case is to send the data physically unidirectionally by replicating the data, creating a “data twin.” These twins are important from both functionality and security perspectives. For example, in the upcoming S4x23, Ryan Dsouza will provide IEC62443 current standards to address the use of cloud.

Similar use cases appear throughout in critical infrastructures. Trains need to send status information to passenger cell phone apps, but rail switching systems can not afford to be compromised because of firewalled connectivity with the Internet. Refineries need to send information to Security Operation Centers automatically, but again cannot afford compromise from a central or out-sourced, Internet-based SOC. In any case where the risk of external attack is high and the information flow is asymmetric, unidirectional gateways are the preferred option – the technology is mature enough so that information can be sent easily, transparently, and regardless of the protocol, provided that flow is mostly unidirectional.

Conclusion

When choosing an unidirectional gateways vs. firewalls as an OT segmentation solution, consider:

• Is the network segment critical?
• Is the information flow asymmetric out of this segment?

If the answer is yes to both, then unidirectional technologies are most often a better choice than firewalls.

All that said, there is always the follow-up question: even if data flows are asymmetric, I still need to send some data in. It turns out that today’s unidirectional architectures do resolve these issues – I will discuss them in a follow-up blog. The right segmentation choice reduces operational expenses and improves cybersecurity.

For more details, see Waterfall’s guide: Unidirectional Gateways vs. Firewalls.

The post Segmentation 201: Unidirectional Gateways vs. Firewalls appeared first on Waterfall Security Solutions.

OT Insights CenterManufacturingSecuring Pharmaceutical Manufacturing Systems and Intellectual Property

Securing Pharmaceutical Manufacturing Systems and Intellectual Property

Building Pharmaceutical’s Immunity Against Intellectual Property Theft

Customer/ Partner:

European pharmaceutical manufacturer.

Customer Requirement:

To provide enterprise-wide access to real-time data while protecting manufacturing operations and product recipes from cyber attacks.

Waterfall’s Unidirectional Solution:

Deploy Unidirectional Security Gateways as safe network integration between manufacturing systems and IT systems, enabling real-time, enterprise-wide monitoring of operations while preventing remote access to product recipes in manufacturing control systems

Cyber Risks To Pharmaceutical Manufacturing

Manufacturing network digitization is either underway or in the planning phase at most pharmaceutical manufacturing facilities. The benefits of enterprise-wide access to real-time data from industrial control systems are undeniable, but the risks are considerable as well. Modern cyber attacks can breach firewalls and other software security systems to steal product recipes and other vital intellectual property and threaten to interfere with industrial control operations as well.

The challenge

To secure the production network from intellectual property (IP) theft and cyber-sabotage from threats emanating from less trusted external networks, yet still provide safe, real-time access to live operations data for the corporate network. Modern industrial attacks routinely defeat firewalls, encryption, anti-virus systems, security updates, intrusion detection systems and other software protections. Protecting pharmaceutical critical assets with firewalls and other software security measures is not enough.

Waterfall solution

A Waterfall Unidirectional Gateway was installed to replicate the control system historian database to an enterprise historian. Unidirectional Gateway hardware makes online attacks on ICS networks from external networks physically impossible. To protect product recipes and other trade secrets, the Unidirectional Gateway was configured to replicate only those historian tags that are safe to share with the enterprise network. Tags containing recipes, formulas and other intellectual property were left untouched in the control system historian.

Results & benefits

• 100% Security: Production processes and intellectual property are now physically protected from any attacks originating on external networks.
• 100% Visibility: Enterprise users and applications have access to all permitted real-time data via the enterprise historian.
• 100% Compliance: Unidirectional Gateways simplify compliance with global regulations, standards and best practice guidance for industrial cybersecurity.

Theory of Operation

Waterfall Unidirectional Security Gateways replace firewalls in pharmaceutical manufacturing network environments, providing absolute protection to manufacturing control systems from attacks emanating from external networks. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from the manufacturing network to the external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected network. The Gateways enable vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and manufacturers. Unidirectional Gateways replicate entire servers or selected subsets, emulate industrial devices and translate manufacturing data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments.

Unidirectional Security Gateways Benefits

Ultimate protection from remote attack consequences, including IP theft, damage to devices and manufacturing process disruption.

Smart devices and control systems are securely integrated with external networks.

Simplifies audits, change reviews, and security system documentation.

Prevents all remote access to production recipes stored in manufacturing control systems.

Replaces at least one layer of firewalls in a defense-in-depth architecture, breaking the chain of infection and pivoting attacks.

Security And Compliance

• Certification: Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore, CCC China

• Assessments: US DHS SCADA Security Test Bed & Japanese Control Systems Security Center Bed, Idaho National Labs, Digital
Bond Labs, GE Bently Nevada Systems Labs, and NISA Israel

• Complies with: Global ICS Standards & Regulations, including NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF,
ANSSI, and many more

Share

Trending posts

80K Stryker Devices Wiped Following Iran-Attributed Attack

March 24, 2026

Cyber-Informed Engineering Recognized with Cyber Policy Award for Research Impact

March 18, 2026

Waterfall Security Solutions recognized by Gartner®

March 9, 2026

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Securing Pharmaceutical Manufacturing Systems and Intellectual Property appeared first on Waterfall Security Solutions.