Owl Cyber Defense Data Diodes

Assurance

From the very beginning one of Owl’s primary objectives is to provide a cyber security solution that encompasses high assurance levels for use in the most secure of environments. With that in mind each and every solution has either undergone or is undergoing an assessment to ensure it meets the security requirements of our customers. Owl currently offers technology that has been evaluated under the internationally recognised Common Criteria (CC) Scheme [1] to EAL4 [2], demonstrating exceptional high assurance levels in order to meet our customers’ demands.

Why Common Criteria and EAL4?

When the first iteration of DualDiode™ card sets was launched a robust Security Target was defined that enabled the successful evaluation of the full range of Owl devices containing the DualDiode™ card set. At this time, all Owl devices were evaluated to EAL4.

Between 2012 and 2014 participants of the Common Criteria Recognition Arrangement (CCRA) set a vision [3] to transform [4] the future direction of CC, resulting in the introduction and recognition of Protection Profiles (PP) and emergence of international Technical Communities (iTC) charged with the creation of Collaborative Protection Profiles (cPPs). This transition continues, and whilst a number of PPs and cPPs have been formally published [5], we are yet to see the creation of a data diode PP or cPP therefore have been unable to submit the latest generation of hardware for formal evaluation.

Thankfully all of our latest generation of hardware uses the same patented technology as our EAL4 evaluated devices. The latest generation solutions offer the same level of security as expected from Owl computing and we’re working with various states to actively promote the creation of a data diode PP. As soon as a PP is formally published all the latest devices will be submitted for testing.

The CC reforms closely resemble the approach CESG have developed for their Commercial Product Assurance (CPA) schema [6] with the creation of Security Characteristics (Protection Profiles in CC, Security Characteristics in CPA). 4Secure are aware of, and actively involved in developments in this space, and will actively pursue formal CPA certification as soon as it becomes available.

In the meantime, and due to the unique way in which our technology works, customers and accreditors familiar with our products are actively deploying our newer EAL2 devices as part of their cross domain solutions. This is primarily down to the fact that they understand security is enforced at the hardware level, and are confident that the security of these devices is unrivalled.

References:

https://en.wikipedia.org/wiki/Evaluation_Assurance_Level

https://en.wikipedia.org/wiki/Security_Target

https://www.cesg.gov.uk/scheme/commercial-product-assurance-products-foundation-grade

Please speak to one of our advisors who will capture your project and security goals and advise on the most appropriate technology to meet all business and stakeholder requirements.

Are you listed on the NATO Information Assurance Product Catalogue?

Yes. 4Secure are a listed supplier of Owl diode technology NATO.  Our inclusion in the NATO Information Assurance Product Catalogue can be found here.  Please contact us for the latest information.

Patent

Owl computing technologies holds the exclusive patent [7] for DualDiode™ technology and no other vendor can facilitate a one-way transfer in the way DualDiode™ technology can [8].

Footnotes

[1] https://www.cesg.gov.uk/scheme/common-criteria-0

[2] https://www.commoncriteriaportal.org/files/epfiles/st_vid10208-st.pdf

[3] http://www.commoncriteriaportal.org/files/ccfiles/2012-09-001_Vision_statement_of_the_CC_and_the_CCRAv2.pdf

[4] http://www.commoncriteriaportal.org/files/CCRA%20-%20July%202,%202014%20-%20Ratified%20September%208%202014.pdf

[5] https://www.commoncriteriaportal.org/pps/

[6] https://www.cesg.gov.uk/scheme/commercial-product-assurance-products-foundation-grade

[7] http://www.google.com/patents/US5703562

[8] https://en.wikipedia.org/wiki/Unidirectional_network

OPDS 100

EAL2 Certification

As more and more organisations look to hardware based diode technology to replace their software based firewalls for a more robust cyber security strategy Owl has responded by providing a low-cost, high security and scalable range of data diode devices.

The OPDS-100 series is available in both a DIN rail form factor for critical infrastructure and space constrained applications as well a 1U rack mounted appliance for more traditional installations.

As with all appliances, both the 1U unit and DIN rail form factor house two locked down Linux servers using the Owl Secure Enhanced Linux operating system, our proprietary DualDiode™ EAL certified communication card which incorporates a true protocol break between the networks. With the OPDS-100 you also achieve the full bandwidth as our transfer protocol (ATM) ensures there’s no need to spoof handshakes or send data multiple times to ensure its received once.

The OPDS-100 is designed to grow with your infrastructure so if you are unsure of bandwidth requirements or your infrastructure has higher demands that when first specified the diode’s bandwidth can be increased with a rate key application from 5Mbps all the way to 104Mbps. Meaning no costly hardware replacement, downtime or over specifying the unit for a possible future requirement.

Whilst the OPDS-100 offers a low cost solution for low bandwidth applications the security has not been compromised, the OPDS-100 uses the patented DualDiode™ technology our other perimeter defence solutions rely upon.

In summary the OPDS-100 can expand to meet your network demands and grows with your business needs, is available in speeds of 5Mbps, 10Mbps, 26Mbps, 52Mbps and 104Mbps and can suit all manner of applications across critical infrastructure, government, defence and finance.

For more information or to arrange a demonstration please contact our technical sales team.

Features:

• EAL2 certification (certification ID: 383-4-389)
• Out of band management by administration ports
• Field upgradeable via rate key
• DualDiode™ technology
• Owl Secure Enhanced Linux operating system and self-contained servers
• No additional hardware or licences required
• 12 months hardware and software support
• DIN rail
• 1U 19” rack mountable
• Speeds of 5 Mbps, 10Mbps, 26Mbps, 52Mbps and 104Mbps
• Handles multiple concurrent connections of TCP, UDP, files, etc..
• No ITAR restriction

OPDS 1000

EAL4+ Certification

As organisations rely further on secure IT systems to transmit operational traffic it was important for Owl computing to respond with a Data Diode that is able to meet those bandwidth demands. The 1Gbps OPDS-1000, was launched in 2015 to offer a robust, reliable solution to organisations who needed to handle more network traffic.

Based around Owl’s proprietary and patented DualDiode™ EAL certified communication card set and the highly stable Owl Secure Enhanced Linux operating system, the OPDS-1000 is the new generation of Owl appliances with out of bound administration ports, faster components, but still within the 1U 19” rack mount form factor to optimise your data centre space.

Like it’s sibling the OPDS-100, OPDS-1000 is designed to grow with your operational needs and can be field upgraded by applying a rate key to take you from 104Mbps through to 1000Mbps and allows you to scale the device as your network demands increase. As with other perimeter defence systems in our range you achieve the full bandwidth, as our transfer protocol (ATM) ensures there’s no need to spoof handshakes or send data multiple times to ensure its received once.

Out of the box the OPDS-1000 can support multiple concurrent connections of TCP, UDP and file, meaning that our solution can meet the needs of varying projects across one link, as well as incorporating a protocol break between the networks for total separation and network anonymity without additional hardware procurement.

OPDS-1000 supports a broad range of applications not limited to, protecting critical infrastructure from external threat, maintaining the transfer of business critical data from the process control network to the corporate system and supporting mission critical cross-domain transfer for a range of demanding industries.

For more information or to arrange a demonstration please contact our technical sales team.

Features:

• EAL4+ certification (certification ID: CSEC2018006)
• Out of band management by administration ports
• Field upgradeable via rate key
• DualDiode™ technology
• Owl Secure Enhanced Linux operating system and self-contained servers
• No additional hardware or licences required
• 12 months hardware and software support
• 1U 19” rack mountable
• Speeds of 104Mbps, 155Mbps, 310Mbps, 630Mbps and 1Gbps
• Handles multiple concurrent connections of TCP, UDP, files, etc..
• No ITAR restriction

Miniaturised Perimeter Defence System

EAL2 Certification

As more organisations look to field devices for the capture of information the Owl MPDS offers a solution for the protection of data being transferred to the internal system whilst eliminating the risk of data leakage from that system. The MPDS can link any two computer platforms and enforce a one-way connection using Owl’s patented DualDiode™ technology.

Currently available with RS232 connectivity the module securely isolates all data and control signals with a hardware enforced one way transfer circuit. From a low domain to a high domain, the one-way enforcement ensures the integrity of the data stored on the high side.

When transferring data from a high security domain to a low security domain the Owl hardware works as a perimeter defence system to ensure no access to the source system can be made and only transfers initiated on the high side will occur.

The small form factor low power MPDS-RS232 is available with channel capacity of 9600 baud and is easy to install without requiring any Owl source or destination applications or device drivers to transmit and receive data. The USB version of this device is currently prototyped and will be available soon.

Features:

• EAL2 certification
• DualDiode™ technology
• No additional hardware or licences required
• 12 months hardware and software support
• RS232 connectivity
• USB connectivity
• Small form factor
• No ITAR restriction

Owl Communication Card Systems

The heart of all of the Owl solutions rely upon Owl’s patented hardware enforced DualDiode™ technology. The DualDiode™ hardware is comprised of a blue “send only” card (TX) and a red “receive only” card (RX). Each half of this patented card set design contains only the electronics necessary to either send or receive data and, as such, cannot be manipulated or subverted via software or electronic attack. Communication is established using a single piece of fibre using Asynchronous Transfer Mode (ATM) as the transfer protocol to provide unrivalled reliability and quality of transfer.

As well as being available in purpose built and ready-to-deploy appliances, these card sets can be procured in stand-alone form to enable customers to integrate Owl technology into their own own cyber security platforms according to their own needs.

The card set solution is available to fit most Commercial of-the-shelf (COTS) servers that can take a half height PCI card. This allows users to add their own redundancy, software applications, or allow users to add a diode capability to pre-installed technology to further enhance organisational or program specific cyber security.

Owl Version 7 Communications Cards

EAL4+ Certification

With over 20 years of expertise and experience in creating reliable, secure data diode solutions, the Owl Version 7 communication cards represent the pinnacle of highly performant cross-domain security technology and are able to meet the increasing demands for high bandwidth network traffic.

Supporting data transfer speeds up to 10Gbps these communication cards are ideal to stream large quantities of full HD video, large file transfers or handle multiple connections for different projects.

The Version 7 communication card set is supplied with Owl application-specific software modules and securely transfers data only one-way between source and destination networks. Using a Linux Operating System, the cards can be installed in PCIe expansion slots and have the ability to be configured with up to 32 discrete data transfer channels. Available in three variants, our standard, midrange and high capacity speeds meet a variety of project requirements:

Features:

• Bandwidths support 26Mbps, 52Mbps, 104Mbps, 155Mbps, 300Mbps, 600Mbps, 1Gbps, 5Gbps and 10Gbps.
• Field upgradeable via rate key update
• Installed via PCIe server expansion slots within COTs servers
• Available for Linux operating systems
• EAL4+ certification (certification ID: CSEC2018006)
• No ITAR restriction

4Secure Perimeter Defence Solution, 4SecPDS

Using 4Secure’s experience of perimeter defence, cross domain transfer and the Owl product range and its capabilities. 4Secure offer a range of bespoke solutions for customers wishing to deploy diode technology as part of their cyber security strategy.

Using the excellent range of Owl communication cards, we understand your exacting requirements and build a server to suit the project requirements and incorporate the diode technology to be able to fulfil a range of services that can include, but is not limited to, data transfer anti-virus scanning, XML scanning, AMQP messaging support etc.

This bespoke offering ensures we deliver the reliability and security we have come to expect from Owl whilst meeting your own project goals perfectly.

Please contact the technical sales team for more details.

The automation of factories, power plants, distribution centres and other production facilities rely on Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition (SCADA) systems to support process control activities 24×7.

Information gathered by DCS and SCADA systems needs to be securely transferred between the plant and the business networks without jeopardising security, safety and reliability of the plant.

Over the last 12 years Owl has worked with suppliers and customers to develop a set of cyber security products that protect networks and support a wide range of data applications and interfaces used in plants. These products are currently protecting hundreds of customer sites globally.

Typical Uses:

Typically our customers use our cyber security platform as a perimeter security device to protect the process control environment. Using a data diode allows information that is essential for effective day-to-day business operations to be transferred from process control environment with the insurance that any outsider threat cannot send data to the

Utilising Owl’s data diodes as the core, 4Secure can integrate a wide range of Owl applications that allow seamless integration of cyber security whilst natively supporting industry relied upon vendors and protocols:

• OSIsoft®
• GE Proficy® Historian
• Rockwell
• Schneider
• OPC foundation
• Modbus
• Scientech R*Time®
• Database replication

Owl also supports MODBUS and OPC certified connectors that interface directly to PLCs, RTUs or other SCADA devices to move real-time plant data across network security boundaries.  Owl also provides monitoring applications such as the Owl Virtual ScreenView which supports a nonintrusive monitoring of SCADA HMIs or other plant applications.  In addition, Owl supports the GE OSM system, securely transferring data from the OSM server to remote monitoring centres.

Click here to see more information