NERC Recognizes Security of Unidirectional Communications
TEL AVIV, Israel, December 22, 2011 /PRNewswire/ –
The North American Electric Reliability Corporation (NERC) has recognized
hardware-enforced unidirectional communication connections as providing strong
“non-routable” security. NERC is responsible for the Critical Infrastructure Protection
(CIP) standards which secure the North American Bulk Electric System (BES) from cyber
attacks. The NERC action provides guidance to NERC auditors who increasingly encounter
unidirectional communications technologies at sites in the North American electric system.
NERC’s updated guidelines come in the form of the December 15 Compliance Application
Notice CAN-0024, entitled “CIP-002 R3 Routable Protocols and Data Diode Devices.” The CAN
describes “data diodes” as network equipment which provides a hardware-enforced “one-way”
or unidirectional path for data to flow out of critical networks, while allowing nothing
back in to those networks. Unidirectional hardware lets information leave critical
networks without any risk of hackers, viruses, worms, or any other attacker reaching back
into the critical network over that same communications path and disrupting or sabotaging
components essential to the power grid. The CAN provides guidance as to when
unidirectional communications should be interpreted as strong “non-routable”
communications, that is: communications which do not use the Internet Protocol or any
comparable Wide Area Networking protocol.
Lior Frenkel, CEO and Co-Founder of Waterfall Security Solutions – the leading
supplier of Unidirectional Security Gateways – comments: “The NERC action is very welcome.
The practices that NERC outlines recognize that strong security, in the form of
Unidirectional Gateways, has an evolving role in the protection of the Bulk Electric
System. The new guidelines also help NERC entities understand where and how strong
unidirectional security is most effectively deployed.”
Unidirectional Security Gateways represent a newer and stronger approach to network
security than do conventional firewalls. Waterfall’s Unidirectional Gateways are currently
deployed in many NERC-regulated conventional power plants, the majority of North America’s
nuclear generation utilities, and a number of oil & gas facilities and water utilities.
Interest in Waterfall’s Unidirectional Gateways is increasing quickly in several other
industries within North America as well.
With a number of civilian and government agencies citing the vulnerability of the
North American power grid to cyber attack, the NERC recognition of hardware-enforced
unidirectional communications technologies is very timely. Where Unidirectional Gateways
are used to successfully isolate control system networks, those networks become immune to
Remote Administration Tools and other Internet-based cyber attacks. These are the attacks
preferred by the vast majority of nation-state-sponsored “Advanced Persistent Threat”
actors. Strong cyber security protections for power plants and for other critical elements
of the Bulk Electric System should help us all sleep a little easier.
Waterfall Security Solutions’ patented cyber security solutions enable sites in many
industries to securely connect their critical industrial networks to external networks.
Unidirectional Security Gateways move data securely, meeting business needs without
exposing industrial networks to risks and threats of cyber-attacks, cyber terror, and
hacking from external, less secure networks. Waterfall’s cyber security solutions assist
offshore platforms, refineries, utilities and other critical infrastructures to achieve
compliance with NERC-CIP, NRC, CFATS and other regulations and standards, as well as
cyber-security policies and best practices. Additional business needs secured by way of
the Waterfall Gateways include production monitoring, real-time royalty and taxation
tracking, and equipment monitoring and maintenance function automation.
SOURCE Waterfall Solutions Ltd