Owl Cyber Defense Data Diodes

History of Owl Cyber Defense and 4Secure:

4Secure are the European master distributor of Owl Cyber Defense Technologies. 4Secure started its relationship with Owl Cyber Defense following a customer asking us to assess the marketplace and evaluate current cross-domain data diode technology. It was from this thorough review of current technologies and Owl’s unparalleled performance that 4Secure partnered with Owl Cyber Defense over seven years ago and has continued to support their European development.

4Secure recommend Owl Cyber Defense solutions to customers across Europe and rely upon Owl as a superior tool in the tool box when organisations are looking to secure cross domain transfers or protect digital assets by way of perimeter defence.

Like 4Secure, Owl are a long established Cyber Security company whose focus is IT security. With over 2000 deployed solutions worldwide, Owl is relied upon to secure critical connections for defence, government, critical infrastructure and finance institutions alike.

Owl was founded over 17 years ago and their unique cyber security offering has stood the test of time against an ever evolving threat landscape. Owl’s solution was developed from the ground up as a one-way transfer device and not a reverse engineered two-way transfer product. Initially developed by Sandia National Laboratories to support the exacting security needs of the nuclear industry, Owl owns the exclusive rights and patent that was first granted in 1997.

This patent allows Owl to be incredibly flexible with the technology, offering solutions that can transfer terabytes of data, or devices small enough to fit in a pocket whilst enabling highly secure one-way communication. Owl’s patent adopts a simple methodology of having a send card containing only electronics to send data and a receive card containing only electronics to receive data; this hardware approach ensures that the cards cannot be compromised by way of software or electronic attack and has coined the phrase DualDiode™, meaning there are two hardware enforced security devices protecting your connection.

Beyond providing a one-way transfer, the Owl technology further enhances security by maintaining complete anonymity between the two networks and also introduces a protocol break between the connection. These additional layers of security ensure that the product is reliable, easy to deploy and importantly favoured by accreditors for its simplistic, but highly robust security, enforced through hardware.

The Owl range of diodes is not a new technology, it’s an incredibly mature offering that is relied upon across market sectors. As a result, there isn’t much we haven’t seen or done for our customers, including, but not limited to:

  • File Transfer
  • TCP Transfer (with a true handshake)
  • UDP Transfer (out of the box)
  • Packet Inspection,
  • AV Scanning
  • XML/Json Scanning
  • Full Diode Activity and Health Monitoring

All capabilities are tried and tested by companies using this technology in mission critical operations.

As well as providing various options for the transportation of data across the diode our continued involvement supporting Critical National Infrastructure (CNI), including rail, aerospace, oil and gas, water, nuclear and energy generation has led us to develop connectors that easily allow our diode technology to integrate with COTS systems within that sector including (but not limited to): OSI Pi, OPC, Yokogawa, Modbus, GE and Siemens.

Over and above the technology, 4Secure offers complete technical services, run from our approved secure facility centrally located in the UK. These services include, technical design, integration, bespoke development as well as security cleared personnel managing both on-site and telephone assistance to support technology in the most demanding of installations.

Not wishing to leave our international customers out, Owl has strived to provide a range of solutions that fall outside of any ITAR restrictions, as such all of the product range that 4Secure provide its customers throughout Europe will not require the lengthy paperwork exercise an ITAR restricted device would need. All of the European Owl range is not under ITAR and has no export limitation associated with it.

The technology is simple in its design but we would recommend speaking to one of our highly trained and technically aware staff to discuss your specific requirements, and make appropriate recommendations to support your project. Please contact us to arrange a no obligation conversation today.

EDF_Energy

Assurance:

From the very beginning one of Owl’s primary objectives is to provide a cyber security solution that encompasses high assurance levels for use in the most secure of environments. With that in mind each and every solution has either undergone or is undergoing an assessment to ensure it meets the security requirements of our customers. Owl currently offers technology that has been evaluated under the internationally recognised Common Criteria (CC) Scheme[1] to EAL2[2] and EAL4[3], demonstrating exceptional high assurance levels in order to meet our customers’ demands.

Why EAL2 and EAL4?

When the first iteration of DualDiode™ card sets was launched a robust Security Target was defined that enabled the successful evaluation of the full range of Owl devices containing the DualDiode™ card set. At this time, all Owl devices were evaluated to EAL4.

Between 2012 and 2014 participants of the Common Criteria Recognition Arrangement (CCRA) set a vision[4] to transform[5] the future direction of CC, resulting in the introduction and recognition of Protection Profiles (PP) and emergence of international Technical Communities (iTC) charged with the creation of Collaborative Protection Profiles (cPPs). This transition continues, and whilst a number of PPs and cPPs have been formally published[6], we are yet to see the creation of a data diode PP or cPP therefore have been unable to submit the latest generation of hardware for formal evaluation.

Thankfully all of our latest generation of hardware uses the same patented technology as our EAL4 evaluated devices. The latest generation solutions offer the same level of security as expected from Owl computing and we’re working with various states to actively promote the creation of a data diode PP. As soon as a PP is formally published all the latest devices will be submitted for testing.

The CC reforms closely resemble the approach CESG have developed for their Commercial Product Assurance (CPA) scheme[7] with the creation of Security Characteristics (Protection Profiles in CC, Security Characteristics in CPA). 4Secure are aware of, and actively involved in developments in this space, and will actively pursue formal CPA certification as soon as it becomes available.

In the meantime, and due to the unique way in which our technology works, customers and accreditors familiar with our products are actively deploying our newer EAL2 devices as part of their cross domain solutions. This is primarily down to the fact that they understand security is enforced at the hardware level, and are confident that the security of these devices is unrivalled.

References:

https://en.wikipedia.org/wiki/Evaluation_Assurance_Level

https://en.wikipedia.org/wiki/Security_Target

https://www.cesg.gov.uk/scheme/commercial-product-assurance-products-foundation-grade

Please speak to one of our advisors who will capture your project and security goals and advise on the most appropriate technology to meet all business and stakeholder requirements.

Are you listed on the NATO Information Assurance Product Catalogue?

Yes. 4Secure are a listed supplier of Owl diode technology NATO.  Our inclusion in the NATO Information Assurance Product Catalogue can be found here.  Please contact us for the latest information.

Patent;

Owl computing technologies holds the exclusive patent[8] for DualDiode™ technology and no other vendor can facilitate a one-way transfer in the way DualDiode™ technology can[9].

[1] https://www.cesg.gov.uk/scheme/common-criteria-0

[2] https://www.commoncriteriaportal.org/files/epfiles/383-4-273%20ST%20v01l.pdf

[3] https://www.commoncriteriaportal.org/files/epfiles/st_vid10208-st.pdf

[4] http://www.commoncriteriaportal.org/files/ccfiles/2012-09-001_Vision_statement_of_the_CC_and_the_CCRAv2.pdf

[5] http://www.commoncriteriaportal.org/files/CCRA%20-%20July%202,%202014%20-%20Ratified%20September%208%202014.pdf

[6] https://www.commoncriteriaportal.org/pps/

[7] https://www.cesg.gov.uk/scheme/commercial-product-assurance-products-foundation-grade

[8] http://www.google.com/patents/US5703562

[9] https://en.wikipedia.org/wiki/Unidirectional_network

commoncriteria_logo
DualDiode

OPDS 100 – EAL2

As more and more organisations look to hardware based diode technology to replace their software based firewalls for a more robust cyber security strategy Owl has responded by providing a low-cost, high security and scalable range of data diode devices.

The OPDS-100 series is available in both a DIN rail form factor for critical infrastructure and space constrained applications as well a 1U rack mounted appliance for more traditional installations.

As with all appliances, both the 1U unit and DIN rail house two locked down Linux servers using Owl Secure Enhanced Linux operating system, our proprietary DualDiode™ EAL certified communication card which incorporates a true protocol break between the networks. With the OPDS-100 you also achieve the full bandwidth as our transfer protocol (ATM) ensures there’s no need to spoof handshakes or send data multiple times to ensure its received once.

The OPDS-100 is designed to grow with your infrastructure so if you are unsure of bandwidth requirements or your infrastructure has higher demands that when first specified the diode’s bandwidth can be increased with a rate key application from 5Mbps all the way to 104Mbps. Meaning no costly hardware replacement, downtime or over specifying the unit for a possible future requirement.

Whilst the OPDS-100 offers a low cost solution for low bandwidth applications the security has not been compromised, the OPDS-100 uses the patented DualDiode™ technology our other perimeter defence solutions rely upon.

In summary the OPDS-100 can expand to meet your network demands and grows with your business needs, is available in speeds of 5Mbps, 10Mbps, 26Mbps, 52Mbps and 104Mbps and can suit all manner of applications across critical infrastructure, government, defence and finance.

For more information or to arrange a demonstration please contact our technical sales team.

Features:

  • EAL2 certification
  • Out of band management by administration ports
  • Field upgradeable via rate key
  • DualDiode™ technology
  • Owl Secure Enhanced Linux operating system and self-contained servers
  • No additional hardware or licences required
  • 12 months hardware and software support
  • DIN rail
  • 1U 19” rack mountable
  • Speeds of 5 Mbps, 10Mbps, 26Mbps, 52Mbps and 104Mbps
  • Handles multiple concurrent connections of TCP, UDP, files, etc..
  • No ITAR restriction

OPDS 1000 – EAL2 certification

As organisations rely further on secure IT systems to transmit operational traffic it was important for Owl computing to respond with a Data Diode that is able to meet those bandwidth demands. The 1Gbps OPDS-1000, was launched in 2015 to offer a robust, reliable solution to organisations who needed to handle more network traffic.

Based around Owl’s proprietary and patented DualDiode™ EAL certified communication card set and the highly stable Owl Secure Enhanced Linux operating system, the OPDS-1000 is the new generation of Owl appliances with out of bound administration ports, faster components, but still within the 1U 19” rack mount form factor to optimise your data centre space.

Like it’s sibling the OPDS-100, OPDS-1000 is designed to grow with your operational needs and can be field upgraded by applying a rate key to take you from 104Mbps through to 1000Mbps and allows you to scale the device as your network demands increase. As with other perimeter defence systems in our range you achieve the full bandwidth, as our transfer protocol (ATM) ensures there’s no need to spoof handshakes or send data multiple times to ensure its received once.

Out of the box the OPDS-1000 can support multiple concurrent connections of TCP, UDP and file, meaning that our solution can meet the needs of varying projects across one link, as well as incorporating a protocol break between the networks for total separation and network anonymity without additional hardware procurement.

OPDS-1000 supports a broad range of applications not limited to, protecting critical infrastructure from external threat, maintaining the transfer of business critical data from the process control network to the corporate system and supporting mission critical cross-domain transfer for a range of demanding industries.

For more information or to arrange a demonstration please contact our technical sales team.

Features:

  • EAL2 certification
  • Out of band management by administration ports
  • Field upgradeable via rate key
  • DualDiode™ technology
  • Owl Secure Enhanced Linux operating system and self-contained servers
  • No additional hardware or licences required
  • 12 months hardware and software support
  • 1U 19” rack mountable
  • Speeds of 104Mbps, 155Mbps, 310Mbps, 630Mbps and 1Gbps
  • Handles multiple concurrent connections of TCP, UDP, files, etc..
  • No ITAR restriction

OPDS MP – EAL4 Certification*

For our customers that need the higher assurance of EAL4* Owl maintains the OPDS-MP within its portfolio. The MP’s development has supported organisations facilitate one-way data transfer for over ten years and is relied upon by different sectors worldwide.

Owl understands the pressure involved in accrediting a system for use and as such, where possible, has never ended the life of a product. The MP was the first standalone, contained, cross domain solution that has stood the test of time in terms of reliability and performance.

Owl’s mid-range 1U rack mountable DualDiode® platform offers industry leading cyber security capability by segmenting and protecting systems from outside threats and simultaneously supporting multiple concurrent connections of varying data types and protocols.

Adopting Owl’s Secure Enhanced Linux operating system the MP is EAL4 assured and can be optioned to support 26Mbps, 54Mbps,104Mbps or 155Mbps transfer rates. Like other products in the OPDS family, the MP can be configured to simultaneously support a broad range of applications, including:  file transfer, FTP and SFTP transfer, SMTP email transfer; TCP/IP packet transfer and UDP transfer.

OPDS-MP supports all of the Owl designed software connectors making it an ideal solution for transferring: Syslog and SNMP Trap administrative traffic, Historian Replication (OSI Pi, Rockwell FactoryTalk, GE Proficy® Historian, Scientech R*Time®, etc.) and real time data such as OPC and video.

*Please visit Assurance to read more.

Features:

  • EAL4 certification
  • DualDiode™ technology
  • Owl Secure Enhanced Linux operating system and self-contained servers
  • No additional hardware or licences required
  • 12 months hardware and software support
  • 1U 19” rack mountable
  • Speeds of 26Mbps, 52Mbps, 104Mbps, and 155Mbps.
  • Handles multiple concurrent connections of TCP, UDP, files, etc..
  • No ITAR restriction

Miniaturised Perimeter Defence System – EAL2 Certification

As more organisations look to field devices for the capture of information the Owl MPDS offers a solution for the protection of data being transferred to the internal system whilst eliminating the risk of data leakage from that system. The MPDS can link any two computer platforms and enforce a one-way connection using Owl’s patented DualDiode™ technology.

Currently available with RS232 connectivity the module securely isolates all data and control signals with a hardware enforced one way transfer circuit. From a low domain to a high domain, the one-way enforcement ensures the integrity of the data stored on the high side.

When transferring data from a high security domain to a low security domain the Owl hardware works as a perimeter defence system to ensure no access to the source system can be made and only transfers initiated on the high side will occur.

The small form factor low power MPDS-RS232 is available with channel capacity of 9600 baud and is easy to install without requiring any Owl source or destination applications or device drivers to transmit and receive data. The USB version of this device is currently prototyped and will be available soon.

Features:

  • EAL2 certification
  • DualDiode™ technology
  • No additional hardware or licences required
  • 12 months hardware and software support
  • RS232 connectivity
  • USB connectivity
  • Small form factor
  • No ITAR restriction

Owl Communication Card Systems and 4SecurePDS – EAL2 and EAL4 Certification

 At its heart, all of the Owl solutions rely upon its patented hardware enforced DualDiode™ technology. This comprises of a blue send only card (TX) and a red receive only card (RX). This bespoke card set contains only the electronics to either send or receive data and as such cannot be manipulated via software or electronic attack. Communicating over a single piece of fibre using Asynchronous Transfer Mode (ATM) as the transfer protocol gives us unrivalled reliability and quality of transfer.

As well as being available in our purpose built and ready to deploy appliance solutions this card set technology can be procured in standalone form to allow you to build your own cyber security platform.

The card set solution is available to fit most Commercial of-the-shelf servers (COTS) that can take a half height PCI card. This allows users to add their own redundancy, software applications, or allow users to add a diode capability to pre-installed technology to further enhance organisational or program specific cyber security.

Owl Version 4 Cards

Click Here for Version 4 Cards

Owl Version 6 Cards

Click Here for Version 6 Cards

Owl Version 7 Cards

Click Here for Version 7 Cards

Owl Version 4 Communication Cards EAL4

A mature and staple product in the Owl armoury, the Owl 155 Version 4 communication card set has been relied upon throughout industry to provide the level of security necessary for the segregation of networks when protecting digital assets.

As well as being an EAL4 certified product to provide our customers with the level of assurance they have come to expect from Owl solutions the V4 card set is also listed on the UCDMO Baseline inventory 3.5.0.

The version 4 communication cards are provided with Owl application-specific software and can support the secure transfer of all types and formats of user traffic

Features:

  • Fixed rate bandwidths support 26Mbps, 52Mbps, 104Mbps and 155Mbps
  • Installed via PCIe server expansion slots within COTs servers
  • Available for Windows, Solaris or Linux operating systems
  • EAL4 certification
  • No ITAR restriction

Owl Version 6 2500 Communication Cards EAL4

Meeting the needs of customers who have high assurance and high bandwidth needs for their project the Owl 2500 DualDiode Communication Card set delivers EAL4 accreditation and rate speeds of 1.25Gbps and 2.48Gbps.

Configured to support clear-channel and multiple channel modes that allow very large transfers, such as large databases and high-resolution images, the Owl 2500 delivers high performance throughput.  Designed for a variety of applications across the same physical link, the channelized configuration can support up to 8 independent channels supporting user defined bandwidth per channel.

Features:

  • Fixed rate bandwidths support 1.25Gbps and 2.48Gbps.
  • Installed via PCIe server expansion slots within COTs servers
  • Available for Linux operating systems
  • EAL4 certification
  • No ITAR restriction

Owl Version 7 Communications Cards EAL2

Building on Owl’s expertise and experience creating reliable, secure data diode solutions the version 7 cards have been launched to meet the increasing demands of an organisations network traffic. Available with speeds up to 10Gbps these communication cards are ideal to stream large quantities of full HD video, large file transfers or handle multiple connections for different projects.

Version 7 communication card pair is supplied with Owl application specific software modules and securely transfers data only one-way between source and destination networks. Using a Linux OS the cards can be installed in PCIe expansion slots and have the ability to be configured with up to 32 discrete data transfer channels. Available in three variants, our standard, midrange and high capacity speeds meet a variety of project requirements:

Features:

  • Bandwidths support 26Mbps, 52Mbps, 104Mbps, 155Mbps, 300Mbps, 600Mbps, 1Gbps, 5Gbps and 10Gbps.
  • Field upgradeable via rate key update
  • Installed via PCIe server expansion slots within COTs servers
  • Available for Linux operating systems
  • EAL2 certification
  • No ITAR restriction

4Secure Perimeter Defence Solution, 4SecPDS

Using 4Secure’s experience of perimeter defence, cross domain transfer and the Owl product range and its capabilities. 4Secure offer a range of bespoke solutions for customers wishing to deploy diode technology as part of their cyber security strategy.

Using the excellent range of Owl communication cards, we understand your exacting requirements and build a server to suit the project requirements and incorporate the diode technology to be able to fulfil a range of services that can include, but is not limited to, data transfer anti-virus scanning, XML scanning, AMQP messaging support etc.

This bespoke offering ensures we deliver the reliability and security we have come to expect from Owl whilst meeting your own project goals perfectly.

Please contact the technical sales team for more details.

4SecPDS

The automation of factories, power plants, distribution centres and other production facilities rely on Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition (SCADA) systems to support process control activities 24×7.

Information gathered by DCS and SCADA systems needs to be securely transferred between the plant and the business networks without jeopardising security, safety and reliability of the plant.

Over the last 12 years Owl has worked with suppliers and customers to develop a set of cyber security products that protect networks and support a wide range of data applications and interfaces used in plants. These products are currently protecting hundreds of customer sites globally.

Typical Uses:

Typically our customers use our cyber security platform as a perimeter security device to protect the process control environment. Using a data diode allows information that is essential for effective day-to-day business operations to be transferred from process control environment with the insurance that any outsider threat cannot send data to the

Utilising Owl’s data diodes as the core, 4Secure can integrate a wide range of Owl applications that allow seamless integration of cyber security whilst natively supporting industry relied upon vendors and protocols:

  • OSIsoft®
  • GE Proficy® Historian
  • Rockwell
  • Schneider
  • OPC foundation
  • Modbus
  • Scientech R*Time®
  • Database replication

Owl also supports MODBUS and OPC certified connectors that interface directly to PLCs, RTUs or other SCADA devices to move real-time plant data across network security boundaries.  Owl also provides monitoring applications such as the Owl Virtual ScreenView which supports a nonintrusive monitoring of SCADA HMIs or other plant applications.  In addition, Owl supports the GE OSM system, securely transferring data from the OSM server to remote monitoring centres.

Click here to see more information

captcha