Guards are not Air Gaps

“An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.”  (Wikipedia)

Note the emphasis in the word physically.

A number of forums have discussed whether data diodes are equivalent to air gaps in one direction, including a number of articles on this blog.   In reality you can argue it both ways.

Continue reading “Guards are not Air Gaps”

The Need for Network Segregation in Critical Infrastructure Systems

A recent article in the NY Times claims:

The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants.

This cannot be allowed to happen, here I explore the issue in a little more detail.

Continue reading “The Need for Network Segregation in Critical Infrastructure Systems”

Data Diode Technology Can Help Solve Complex Cyber Security Issues

Due to recent security incidents, there is now a significant debate with regard to what is the best way to protect Industrial Control Systems (ICS).

Generally, the debate focuses on whether networks should be isolated via an Air-Gap, or joined by well-configured Firewall(s) but the debate often misses a third option – Data Diodes.

Continue reading “Data Diode Technology Can Help Solve Complex Cyber Security Issues”