Our team is always available to meet your cybersecurity needs
32. How do data diodes prevent malware infections from spreading, e.g. to another plant?
Answer – Several features prevent the proliferation of malware from an infected network/segment:
• Owl data diodes only accepts data from a whitelisted source: Malware would need to spoof a valid source IP address, port, and protocol type in
order to cross.
• Payload only transfer: Data is not transmitted in original packets across the data diode
• Protocol break: A dierent protocol is used to transfer the data payloads across the data diode
• Hashed and sequenced packets: Any “injected packets” would be identied and discarded
• Deterministic routing: If malware managed to cross the data diode it would have no control over where it goes, it is restricted to a predened and
congured address
• No return path: Malware cannot “phone home” through a data diode
• No external access: Malware cannot receive any remote commands through a data diode
33. What is the throughput or bandwidth of the data diode?
Answer – Dierent models support dierent bandwidth ranges. The DiOTa device is designed for low-bandwidth, single protocol applications and
supports up to 3 Mbps. Owl’s DIN rail compatible solution (OPDS-100D) supports up to 100 Mbps, while the 1U rackmount solution (OPDS-1000)
supports upgradeable bandwidth from 26 Mbps up to 1000 Mbps. Higher-powered enterprise solutions are also available that support up 10 Gbps, or
even greater bandwidth if used in parallel.
34. If I am transferring multiple data types, do I need multiple data diodes?
Answer – With the exception of DiOTa, all Owl data diode solutions can transfer multiple data types and multiple data flows simultaneously with
multiple sources and destinations.
35. What is the latency of Owl data diode transfers?
Answer – It is measured in single digit milliseconds.
36. Can Owl data diodes transfer and/or replicate historian data?
Answer – Yes. Owl data diodes can replicate historian data out of the OT network in a one-way only transfer to any external network or the cloud. The
one-way transfer ensures that the OT network remains isolated and protected from any potential cyberattacks.
37. If a historian is being replicated to a second location, is a second license required for the
replicated historian?
Answer – Typically yes. Check with the historian provider for specic terms.
38. Are redundant solutions available?
Answer – Yes. There are a number of dierent possible solutions, including server-based congurations, failover congurations, redundant devices
and support of 3rd party high availability congurations. In an Active Standby conguration, a second data diode can immediately and automatically
take over the transfer of les if the primary fails for some reason. Upon the primary data diode returning to service, it automatically resumes the
transfer of data.
39. When installing data diodes, does any software need to be installed on the source or
destination servers/systems?
Answer – This depends on the type of data being transferred, the source of the data and how it is being accessed. Owl data diodes run on the Linux
operating system; any data being transferred at a transport layer level (UDP, TCP, etc.) is handled natively by the Owl data diode. Data sources that
have application specic requirements, require a le to be retrieved, or require support in a Windows environment may require the installation of a
small application (i.e. client side of a client/server application).
40. Which industrial protocols are supported by Owl data diodes?
Answer – Owl data diode products natively support UDP, TCP/IP, SNMP, SMTP, NTP, SFTP, and FTP transfers, and a variety of other protocols and
applications via optional soware packages. Protocol adapters are available for Modbus, AMQP, MQTT, DNP3, IEC 104, HTTP(S), and OPC.