Data Diodes for Levels 2-3 and 3-4 Integration

Blog entry by Stan DeVries.

Data diodes are network devices which increase security by enforcing one-direction information flow.  Owl Computing Technologies’ data diodes hide information about the data sources, such as network addresses.  Data diodes are in increasing demand in industrial automation, especially for critical infrastructure such as power generation, oil & gas production, water and wastewater treatment and distribution, and other industries.  The term “diode” is derived from electronics, which refers to a component that allows current to flow in only one direction.

The most common implementation of data diodes is “read only”, from the industrial automation systems to the other systems, such as operations management and enterprise systems.

This method is not intended to establish what has been called an “air gap” cybersecurity defense, where there is an unreasonable expectation that no incoming data path will exist.  An “air-gap” is when there is no physical connection between two networks.  Information does not flow in any direction.  Instead, the data diode method is used as part of a “defense in depth” cybersecurity defense, such as the NIST 800-82 and IEC 62443 standards.  It is applied to network connections which have greater impact on the integrity of the industrial automation system.

One-way information flow frustrates the use of industrial protocols which use the reverse direction to assure that the data was successfully received, and subsequently triggers failsafe and recovery mechanisms when information flow is interrupted.  A data diode can pass files of any format and streaming data such as videos and an effective file transfer, vendor neutral approach, in industrial automation is to use the CSV file format.  The acronym CSV stands for comma-separated values, and there are many tools available that quickly format these files on the industrial automation system side of the data diode, and then “parse” or extract data on the other side of the data diode.

There are 2 architectures which are feasible with data diodes, as shown in the diagrams below.

The single-tier historian architecture uses the industrial automation system’s gateway, which is typically connected to batch management, operations management and advanced process control applications.  This gateway is sometimes called a “server”, and it is often an accessory to a process historian.  A small software application is added which either subscribes to or polls information from the gateway, and this application periodically formats the files and sends them to the data diode.  Another small application receives the files, “parses” the data, and writes the data into the historian.

The Wonderware Historian version 2014 R2 and later versions can efficiently receive constant streams of bulk information, and then correctly insert this information, while continuing to perform the other historian functions.  This function is called fast load.

For L2-L3 integration, the two-tier historian architecture also uses the industrial automation system’s gateway.  The lower tier historian often uses popular protocols such as OPC.  This historian is used for data processing within the critical infrastructure zone, and it is often configured to produce basic statistics on some of the data (totals, counts, averages etc.)  A small software application is added which either subscribes to or polls information from the lower tier historian, and this application periodically formats the files and sends them to the data diode.  Another small application receives the files, “parses” the data, and writes the data into the upper tier historian.

The Wonderware Historian has been tested with a market-leading data diode product from Owl Computing Industries, called OPDS, or Owl Perimeter Defense System.  It uses a data diode to transfer files, TCP data packets, and UDP data packets from one network (the source network 1) to a second, separate network (the destination network 2) in one direction (from source to destination), without transferring information about the data sources.  The OPDS is composed of two Linux servers running a hardened CentOS 6.4 operating system.  In the diagram below, the left Linux server (Linux Blue / L1) is the sending server, which sends data from the secure, source network (N1) to the at-risk, destination network (N2). The right Linux server (Linux Red / L2) is the receiving server, which receives data from Linux Blue (L1).

The electronics inside OPDS are intentionally physically separated, color-coded, and manufactured so that it is impossible to modify either the sending or the receiving subassemblies to become bi-directional.  In addition, the two subassemblies communicate through a rear optic fiber cable assembly which makes it easy for inspectors to disconnect to verify its functionality.  The Linux Blue (L1) server does not need to be configured, as it accepts connections from any IP address. The Linux Red (L2) server, however, must be configured to pass files onto the Windows Red (W2) machine.  This procedure is discussed in section 8.2.2.6 of the OPDS-MP Family Version 1.3.0.0 Software Installation Guide.  The 2 approaches can be combined across multiple sites, as shown in the diagram below.  Portions of the data available in the industrial automation systems are replicated in the upper tier historian.

Cyber Physical and Operational Management Evolution

In recent months Stan DeVries and I as part of Common Architecture Team, and also investigating large opportunities have spent many hours discussing the internet of things, Industrie 4.0, and shift to Cyber Physical architectures. It is fundamental for the rapid innovation businesses will need in order to stay competitive, both delivering products, but evolving efficiency and leveraging an effective "operational team", Stan submitted this blog on the subject.

Recently the academic phrase “cyber-physical systems” has appeared in presentations and articles on smart manufacturing and Industry 4.0.  Much of the emphasis has been on the “cyber” element, with frequent example of automation.  This may imply “lights out” operations, which might be achievable and desirable in some operations, but unnecessary, in-feasible and undesirable in most.  It should be helpful to consider one of the models of cyber-physical systems, which is called the Boyd OODA Loop, as shown in the following diagram:

Colonel Boyd was an excellent fighter pilot and military strategist.  The key elements of his decision model are:

• Observation: the collection of data by means of the senses
• Orientation: the analysis and synthesis of data to form one's current mental perspective
• Decision: the determination of a course of action based on one's current mental perspective
• Action: the physical playing-out of decisions

Using this model, automation improves the Observation and Orientation so that users engage with only the “right” information, at the “right” time (often earlier than real-time) in the”right” context – for the “right” results.

While the Boyd decision model is excellent for one or a few workers, another model is necessary for considering an entire operation, such as a manufacturing plant, a power generation station, petroleum refinery, oilfield etc.

If we accept that the main value of the automation is to improve the Observation and Orientation, then the above diagram implements these 2 important steps in what can be called the Smart Solution Center, which is a combination of a technology/data center and specialists who are providing support, improvement and instruction to other workers.  One of the key outputs of the Smart Solution Center, so that most of the work performed by knowledge workers within that Center and other workers spend the majority of their time on planned work, instead of being consumed with reactive work.

But automation of Observation and Orientation must be extremely accurate and trustworthy.  To achieve and sustain these attributes, we recommend a “Virtual Smart Plant” which is used to design, modify, test and train workers.  This is also key to sustaining behavior change and if possible, culture change.  Best practices have shown that workers change their performance in lasting ways if they experience the change for themselves, and especially if they can experience new learning in a “safe” environment.

In the above diagram, the “work orders” are more than task lists, but a combination of recipes, KPI targets, instructions, handover/turnover actions etc.  The black rectangle at the center bottom of the diagram is focused on people, who are doing what humans do best: dealing with new knowledge, managing complexity, and navigating change.

So the key to applying “cyber-physical systems” is optimizing the use of the workers, not eliminating them, and this optimization requires using technology in a “smart” manner, such as focusing on Observation and Orientation.

An increasing amount of leading companies are developing the "Smart Solution Centers" (often reference to as Centers of Excellence) where they can physical one location or a "virtual smart center" maximizing the leverage of key thought leaders in the analysis and development of operational/ process innovations. A good example of this is Rio Tinto's Process Excellence Center for mining in Brisbane (plenty of write up on this) where data is analysed converted into effective knowledge through simulation, analysis models, to improve operational running of mine process.