Last month, Digital Bond Labs, a cybersecurity lab focused on finding new security and reliability vulnerabilities in control-system components, performed a security assessment of Waterfall’s FLIP product line. We have great confidence in our solutions at Waterfall, and DigitalBond’s testing verified what we were already convinced of, that the FLIP cannot be transformed into a bidirectional communication channel, nor can it be controlled remotely.
The Waterfall FLIP is type of a hardware-enforced unidirectional security gateway. The technology replicates control system servers to IT networks without enabling anything to move in the opposite direction. When needed, the Waterfall FLIP also replicates servers from IT networks to control networks, for as long as is needed. For example, FLIP products are routinely deployed to replicate historian data out of control system networks nearly continuously, and reverse orientation several times per day so that the FLIP software can fetch anti-virus and other security updates and transmit them to the control system.
Digital Bond’s findings were in line with Waterfalls marketing message for FLIP, stating that:
- It could find no way to transform the FLIP into an interactive bidirectional channel, and that “the FLIP is always a one-way system.”
- IT could find no way to remotely control the FLIP mechanism that reverses direction from either the “inside” or “outside” networks.
Digital Bond concluded that, since the FLIP is unidirectional at all times, and the direction cannot be remotely controlled, “the FLIP is a much stronger security mechanism than a firewall.” Digital Bond Labs’ researchers also concluded that the FLIP “provides a defensive advantage versus. traditional thumb drive data transfers” because the FLIP “provides a single entry point to the control system network that can be hardened and monitored versus thumb drive transfer, which introduces a risk of infection to every system that the thumb drive is connected to.”
Unidirectional security gateways prevent IT security issues from weakening operational technology (OT) security. The verification from Digital Bond Labs serves as assurance that Waterfall solutions are capable of protecting reliability-critical systems and process equipment from security threats. Cyberattacks aimed at control systems have much greater potential consequences than attacks on IT systems. Unidirectional security gateways stop IT network attacks from becoming OT problems.
Waterfall also has FLIP technology solutions for Substations. Learn more on our product page.