Data diodes are the key between IT and OT

Data diodes are the key between IT and OT

“Tomorrow will be a lot safer than today.” With this, Maurice Snoeren starts his keynote at the Industrial Cyber Security Event of FHI. One of the OT security officers from RWE Generation tells us everything about linking information technology (IT) and operational technology (OT). Because is such a link safe? And how do you do that? We take you into his story. 

“Maurice's lecture had depth. We heard a lot of new information that we can incorporate into our own processes.” – Visitors 

Not a perfect match 

IT and OT: according to Maurice, they are two separate domains. “One of my nightmares is that we think these two belong together,” he says. Cybersecurity has always been taken into account when developing IT: patching and updating ensure that security is quickly restored. That's a different story with OT. The machines are often twenty years old. At the time, cybersecurity was not yet considered – now a vulnerable part of business processes.  

An attack is lurking 

Maurice explains the risks for both domains: “If we look at an IT system, we can write down more than four hundred attack factors. This concerns human factors, vulnerabilities and physical access. There are fewer than ten attack factors that can be identified for OT.” That's not too bad, you would think. But nothing is less true. “Nowadays companies link the systems together. I don't want to scare you, but if you do this linking incorrectly, there are as many as four thousand attack factors possible on the industrial network.” 

Data diodes are essential

Maurice explains in detail how to install an interface between IT and OT, a so-called data diode. This means that information flows from A to B, but not from B to A. This makes it possible to supply data to external parties; this doesn't work the other way around. “The interesting thing is that the data diode can also be used the other way around, for example to receive controlled information to the OT. Because the data diode achieves network isolation, it prevents an attacker from moving through the network to the OT domain.” The audience is impressed and takes many photos of the slides. This clearly shows how the data diodes work. It is not a simple process, but it makes both domains safe and cannot be circumvented. 

Tomorrow will be safer than today 

“In my view, data diodes are necessary for the protection of our industrial processes,” Maurice concludes his keynote. “Data diodes ensure that you can only send information in one direction. This means that the two domains are isolated at network level.” The audience has been made to think, the wheels are turning. And so tomorrow we will be a bit safer than today. 

Also be inspired and informed during our events: view the agenda.