Remote access to industrial control systems is high risk: stolen passwords and two-factor devices introduce vulnerabilities to control systems. In addition, when a firewall is hacked, attackers gain direct access to critical systems, while third-party personnel threaten reliable operations when remote changes are made outside of a site’s change control procedures. The Waterfall Secure Bypass Module provides physical protection for emergency and other remote support mechanisms, and gives the industrial site physical control over enabling the frequency and duration of remote access.
Remote access to industrial control systems is high risk: stolen passwords and two-factor devices introduce vulnerabilities to control systems. In addition, when a firewall is hacked, attackers gain direct access to critical systems, while third-party personnel threaten reliable operations when remote changes are made outside of a site’s change control procedures. The Waterfall Secure Bypass Module provides physical protection for emergency and other remote support mechanisms, and gives the industrial site physical control over enabling the frequency and duration of remote access.
Safe port mirroring from OT to IT, without introducing
internet-based cyber threats to monitored networks
Over the frequency and duration of remote access
From vulnerabilities inherent software-based
VPN and other remote access technologies
For protected sites where there are physical
consequences of cyber compromise
Hardware is modular, flexible, and user-serviceble
1Gbps standard throughput, multi-Gbps with several TX/RX pairs
Front panel cabinet connections for clear system visibility
Waterfall’s Secure Bypass Module is deployed in parallel with Unidirectional Security Gateways. While the module is not engaged, the Gateways provide 100% protection from external online attacks. When activated, the Secure Bypass Module enables time-limited bi-directional connectivity to a unidirectionally-protected network for plant emergencies and scheduled changes as well as vendor, IT, internal support and other remote access needs.
When remote connectivity is enabled, the Secure Bypass Module electrically connects remote-access equipment to an external network. The SBP Module can be activated with a physical button or key, on a timer, or by a signal from the protected network. A timer in the Module automatically disconnects the remote-access equipment again after a preset interval. While the Secure Bypass Module is engaged, the Unidirectional Gateway continues to operate without interruption.
Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore, Korean KC Certification and Israel NISA
Idaho National Labs, Digital Bond Labs
Global ICS Standards & Regulations, NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, and many more
English
Français
Español
עברית
Deutsch
日本語
한국어
中文
اَلْعَرَبِيَّةُ
