Waterfall Security Solutions, a global leader in cybersecurity technologies for critical infrastructures and industrial control systems, has announced the recognition of unidirectional communications technologies in strategies recommended by the Department of Homeland Security (DHS).
Unidirectional communications refers to a technology that allows data to travel in only one direction, which can be instrumental in safeguarding the security of Industrial Control Systems (ICSs).
The DHS report, Seven Strategies to Defend ICSs, issued in December 2015 by the National Cybersecurity and Communications Integration Center (NCCIC) warned that cyber intrusions into US Critical Infrastructure systems are happening with increased frequency.
The report indicates that in 2015 there were 295 reported breaches on ICSs, with a significant number going undetected and unreported.
Consequently, DHS recommended seven strategies to secure ICSs against modern threats. The department believes that if system owners had implemented the strategies outlined in the report, “98 percent of incidents ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] responded to in FY 2014 and FY 2015 would have been prevented.”
"This latest report issued by DHS clearly supports our technology and company mission to elevate the levelof cybersecurity of industrial control systems and critical network infrastructures," said Lior Frenkel, CEO and co-founder, Waterfall Security Solutions. "The DHS report says loud and clear: you should make unidirectional gateways your first choice. Software-based security, such as firewalls, will not save you."
Three out of the seven strategies recommend using hardware-enforced unidirectional communications, a technology pioneered by Waterfall Security Solutions. The company’s unidirectional gateways have been used in industrial sites, manufacturing facilities, critical infrastructures and global industrial vendors.
Reduce Your Attack Surface Area
Keep ICS networks away from untrusted networks like the Internet. Unused ports and services should be locked down and turned off. Rely only on real-time connectivity, which allows users to receive information the moment it is published, without the need for updates. One-Way communication is also recommended. This is where information is transferred only in one direction, from the sender to the receiver. There is no possibility for the receiver to give feedback to the sender.
Build a Defendable Environment
This is done by segmenting networks into enclaves, or protected sections. When a large internal network is subdivided, it prevents hackers from expanding their access to other enclaves and contaminating them.
Implement Secure Remote Access
Hackers have become incredibly skilled at finding and gaining access through “hidden back doors.” Restricting such access is critical to avoiding a cyber-attack.
While no system is 100 percent secure, DHS believes that implementing these strategies can greatly improve the security posture of ICSs, since “for many ICSs, it is not a matter of if an intrusion will take place, but when.”
