Last month on blogged on Waterfall and other One-Way Security solutions. I have since received some additional information from Waterfall and a few of their customers/partners with two interesting points.
1. Waterfall Has More Control System “Connectors”
A “connector” allows what is typically two-way traffic to be sent through a one-way security device. You essentially install a protocol or application client / server on both sides of their device. The secure side server gets the information as usual, then pushes it out to the insecure side server using a Waterfall one-way protocol. So even though the communication is two way, data from the secure side can be available to the insecure side and accessed from other clients and servers on the insecure side.
In my original blog I mentioned that there were connectors available for protocols like OPC and ICCP, but in fact there is a much larger list including:
- Historians like OSIsoft’s PI Server and GE iHistorian
- Modbus TCP and DNP3
- NTP and log transfer
- Bentley Nevada, Siemens Simatic / WinCC and others
2. Some Connectors Push Configuration Data
One of the problems with the connector approach is the administrative burden. For example, an administrator would have to enter any new OPC tag on two systems, one on the secure side and the other on the insecure side. Of course this is often done with a USB stick or other sneakernet technique.
I learned that some of the Historian solutions have the ability to make configuration changes on the secure side and have these pushed through the one-way device to the insecure side.
