Network segregation (also called “air-gapping”) is considered a foolproof method for protecting networks from external attacks or from data theft/leakage. Unfortunately, employing this method mandates users to forego all benefits of connectivity; hence this method is not acceptable today as a viable security means.
Unidirectional connectivity, hardware enforced over all layers of communications, is an interesting compromise between full connectivity and full segregation. Unidirectional Security Gateways are now becoming a viable option for securing SCADA and other industrial and critical networks.
This session will review the existing security postures evident in SCADA networks and then introduce the concept of unidirectional connectivity. A detailed analysis of the advantages and limitations of unidirectional connectivity-based security solutions will be presented, containing resulting SCADA network architectures created when employing unidirectional connectivity security means. Additional analysis will be provided regarding the effects and requirements that unidirectional connectivity imposes on the methodology and use of SCADA applications employed on such networks. In addition, This session will discuss compliance concerns with specific reference to NERC and NRC regulations.