Unidirectional network

A unidirectional network (also referred to as a unidirectional gateway or data diode) is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.^[1]

After years of development, data diodes have evolved from being only a network appliance or device allowing raw data to travel only in one direction, used in guaranteeing information security or protection of critical digital systems, such as industrial control systems, from inbound cyber attacks,^[2]^[3] to combinations of hardware and software running in proxy computers in the source and destination networks. The hardware enforces physical unidirectionality, and the software replicates databases and emulates protocol servers to handle bi-directional communication. Data Diodes are now capable of transferring multiple protocols and data types simultaneously. It contains a broader range of cybersecurity features like secure boot, certificate management, data integrity, forward error correction (FEC), secure communication via TLS, among others. A unique characteristic is that data is transferred deterministically (to predetermined locations) with a protocol "break" that allows the data to be transferred through the data diode.

Data diodes are commonly found in high security military and government environments, and are now becoming widely spread in sectors like oil & gas, water/wastewater, airplanes (between flight control units and in-flight entertainment systems), manufacturing and cloud connectivity for industrial IoT.^[4] New regulations^[5] have increased demand and with increased capacity, major technology vendors have lowered the cost of the core technology.

^ "Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies - United States Department of Homeland Security" (PDF). Cybersecurity and Infrastructure Security Agency. September 2016. Retrieved 15 April 2023.
^ Scott, Austin (30 June 2015). "Tactical Data Diodes in Industrial Automation and Control Systems". SANS Institute. Retrieved 15 April 2023.
^ "National Institute of Standards and technology. Guide to Industrial Control Systems (ICS) Security" (PDF).
^ "IoT Security".
^ "ANSSI - Cybersecurity for Industrial Control Systems" (PDF).

[us-cert1-1] "Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies - United States Department of Homeland Security" (PDF). Cybersecurity and Infrastructure Security Agency. September 2016. Retrieved 15 April 2023.

[autogenerated1-2] Scott, Austin (30 June 2015). "Tactical Data Diodes in Industrial Automation and Control Systems". SANS Institute. Retrieved 15 April 2023.

[NIST-3] "National Institute of Standards and technology. Guide to Industrial Control Systems (ICS) Security" (PDF).

[4] "IoT Security".

[autogenerated3-5] "ANSSI - Cybersecurity for Industrial Control Systems" (PDF).

[1]

[2]

[3]

[4]

[5]