NERC Recognizes Security of Unidirectional Communications

Jan. 12, 2012
The North American Electric Reliability Corp. has recognized hardware-enforced unidirectional communication connections as providing strong "non-routable" security.

The North American Electric Reliability Corp. has recognized hardware-enforced unidirectional communication connections as providing strong "non-routable" security. NERC is responsible for the Critical Infrastructure Protection standards that secure the North American Bulk Electric System from cyber attacks. The NERC action provides guidance to NERC auditors who increasingly encounter unidirectional communications technologies at sites in the North American electric system.

NERC's updated guidelines come in the form of the Dec. 15 Compliance Application Notice CAN-0024, entitled "CIP-002 R3 Routable Protocols and Data Diode Devices." The CAN describes "data diodes" as network equipment that provides a hardware-enforced "one-way" or unidirectional path for data to flow out of critical networks, while allowing nothing back in to those networks. Unidirectional hardware lets information leave critical networks without any risk of hackers, viruses, worms, or any other attacker reaching back into the critical network over that same communications path and disrupting or sabotaging components essential to the power grid. The CAN provides guidance as to when unidirectional communications should be interpreted as strong "non-routable" communications, that is: communications which do not use the Internet Protocol or any comparable Wide Area Networking protocol.

Unidirectional Security Gateways represent a newer and stronger approach to network security than do conventional firewalls. Waterfall Security Solutions' Unidirectional Gateways are currently deployed in many NERC-regulated conventional power plants, the majority of North America's nuclear generation utilities, and a number of oil & gas facilities and water utilities. Interest in Waterfall's Unidirectional Gateways is increasing quickly in several other industries within North America as well.

With a number of civilian and government agencies citing the vulnerability of the North American power grid to cyber attack, the NERC recognition of hardware-enforced unidirectional communications technologies is timely. Where Unidirectional Gateways are used to successfully isolate control system networks, those networks become immune to remote administration tools and other Internet-based cyber attacks. These are the attacks preferred by the vast majority of nation-state-sponsored "Advanced Persistent Threat" actors. Strong cyber security protections for power plants and for other critical elements of the bulk electric system should help us all sleep a little easier.

Waterfall Security Solutions' patented cyber security solutions enable sites in many industries to securely connect their critical industrial networks to external networks. Unidirectional Security Gateways move data securely, meeting business needs without exposing industrial networks to risks and threats of cyber-attacks, cyber terror, and hacking from external, less secure networks. Waterfall's cyber security solutions assist offshore platforms, refineries, utilities and other critical infrastructures to achieve compliance with NERC-CIP, NRC, CFATS and other regulations and standards, as well as cyber-security policies and best practices. Additional business needs secured by way of the Waterfall Gateways include production monitoring, real-time royalty and taxation tracking, and equipment monitoring and maintenance function automation.

Voice your opinion!

To join the conversation, and become an exclusive member of T&D World, create an account today!