I come from the field of and I am interested in
genuscreen
Strong protection on external and internal interfaces and reliably encrypted data transfers
genugate
The High Resistance Firewall genugate satisfies the highest requirements: two different firewall systems – an application level gateway and a packet filter, each on separate hardware – are combined to form a compact solution
genuwall
Strong Protection for Production Networks
genucrypt
Confidential Communication via the Internet
genubox
Secure remote service access to industrial plants and IT systems
Data Diode cyber-diode
High-Security Industrial Monitoring of Plants, Machinery and Critical Infrastructure
Data diode vs-diode
High-Speed One-Way Data Transfer in SECRET Classified Networks
genucenter
Keep a Grip on Your IT Security with genucenter

Data Diode cyber-diode

[Translate to English:]

Data Diode cyber-diode: High-Security Industrial Monitoring of Plants, Machinery, and Critical Infrastructure

Plants and machinery are increasingly connected to the Internet due to the compelling advantages: operational and sensor data from machines and plants is constantly available and can be centrally monitored.

This allows you to, e.g., perform predictive maintenance: you can respond to small changes and carry out the necessary maintenance before damages or even breakdowns occur. In order to be able to benefit from these advantages, however, a high level of cyber security must be ensured. The data diode solution cyber-diode from genua was developed according to the Security by Design principle and enables unidirectional data transfers with highly effective protection of the monitored systems.

Request advice

Top Highlights

Highest product resilience: The only industrial software data diode based on an approved solution

Flexible application scenarios thanks to OPC UA support

Secure data transfer due to OPC UA-native encryption and FTPS

Ensuring the receipt status through delivery confirmation for end-to-end connections

Your Benefits at a Glance

  • More reliable than fiber optic diodes, more convenient than air gaps and more secure than firewalls
  • Data transmission with confirmation bit – minimalistic feedback about the delivery status of the data packets allows reliable conclusions to be drawn on the completeness of the transfer
  • One-way function cannot be modified; security by design eliminates the possibility of incorrect configuration and backdoors
  • Secure Boot protects against software manipulation
  • Support of OPC UA, FTP, FTPS, SMTP, TCP, UDP and Syslog
  • Complete package of hardware and adapters (protocol converters); no hidden costs
  • Efficient administration of numerous instances at different locations with Central Management Station genucenter
  • Optional stand-alone online configuration
  • Space-saving DIN-rail mounting (rack mounting with additional kit)

Protected Production

Protect Networked Control Systems

Monitoring networked production systems significantly supports the prevention or solution of problems within production.

All plants and machinery that send data over the Internet are, in principle, vulnerable as a result. This means that digitally networked systems have to be protected from infection by malicious software and other forms of unauthorized access. Subject to a particularly high protection requirement are, of course, systems that control critical infrastructure or other plants where incorrect functioning could lead to extensive damage or loss of life, e.g., power station turbines, chemical production plants and industrial robots on production lines. cyber-diode offers operators of these systems the highest level of industrial monitoring security.

Industrial monitoring: Secure one-way data transfer from plants or machinery via the Internet to a central control panel or external service provider

One-Way Data Transfer

One-Way Data Transfer with cyber-diode

The risks associated with the digital networking of highly critical control systems can be minimized with cyber-diode. This solution monitors network connections and only allows one-way data transfer – information flow in the opposite direction is completely blocked. Once protected by our data diode, plants, machinery and IT systems can send data over public networks without risking their integrity.

One-way data transfer between different security zones within a production network
One-way data transfer between different security zones within a production network

Minimal feedback channel

Absolutely Reliable Data Transfer

Our cyber-diode stands apart from the diode solutions from other manufacturers in one important aspect: we can guarantee 100 % reliable data transfer.

How do we achieve this?

cyber-diode has a minimal feedback channel for status messages. This allows a signal to be sent back to the sender at the end of each transmission to confirm that all data has been completely and correctly received. The feedback is minimal: it consists only of a single status bit (OK/not OK) per connection. 

Conventional glass fiber data diodes without a physical feedback channel are unable to transport this feedback. This means that the sender never knows whether the transfer was successful or if it needs to be repeated again. With this type of data diode, one can never be sure that all data has been transfered – data loss must always be considered a possibility. Using the feedback, the cyber-diode can also always transfer data at the optimal speed: it detects the maximum transfer rate that the receiver can process. cyber-diode supports protocols TCP and UDP, e.g., for Syslog, and FTP for file transfers and SMTP for e-mail via built-in adapters.

state-of-the-art technology

High Security Through Low Complexity

With the feedback channel, it must, of course, be ensured that only status messages flow back and not any other data. This aspect is regulated by the diode function that uses state-of-the-art technology: its programming has been kept to a minimum – it only has a few hundred lines of program code – and runs on a microkernel operating system that has also been reduced to an absolute minimum. Due to the low complexity, the central filter process is easy to analize; the code can be examined line by line to exclude errors.

This compact construction of cyber-diode guarantees absolutely reliable one-way data transfer. The degree of security this solution provides can be seen with vs-diode from genua, which uses the same technology and is approved for use up to the SECRET security level by the German Federal Office for Information Security (BSI).

Secure System Monitoring

Security by Design Means Guaranteed Error-Free Functioning

We supply cyber-diode as a complete solution that is preconfigured and easy to integrate into your network. The solution’s security by design guarantees the correct functioning of the diode – this cannot be disabled, even through incorrect administration. We will be happy to assist you with the installation – service is provided directly from the manufacturer genua.

The industrial data diode cyber-diode for secure system monitoring
The industrial data diode cyber-diode for secure system monitoring

OPC Unified Architecture

Flexible Use Cases through OPC UA Support

cyber-diode fully supports the OPC Unified Architecture (OPC UA), an open standard for exchanging machine data. In plants in the manufacturing and process industry, for example, this enables a secure, reliable, and manufacturer- and platform-independent communication.

The advantages of cyber-diode with OPC UA are apparent in two aspects in particular. First, the standard makes every type of information available at all times and at all locations for every authorized application and every authorized person. Second, the data is now unidirectional and, thus, cannot be tampered with and transmitted across security-critical network boundaries. With OPC UA, cyber-diode further strengthens its security functions: the machine data that it collects, such as control variables, measurement values or parameters, is passed on to client applications in encrypted form.

IOMMU & VPN-ready

In addition to the OPC UA integration, cyber-diode is especially secure through the use of an I/O Memory Management Unit (IOMMU) for compartment separation (black side/red side).

On the red, outgoing side, the data diode is VPN ready. Moreover, cyber-diode can be expanded for connection via mobile telephony (LTE) and WLAN. The hardware is suitable for space-saving DIN rails or 19" rack housing and offers UEFI and Secure Boot support.

Our sales team will be glad to answer your questions. We are looking forward to get in touch with you.

 

Contact Us