Secure Unidirectional Security Gateways for Industrie 4.0

Abstract

Secure data exchange between different geographical sites (e.g. industrial manufacturing facilities, power plants, research labs, and manufacturer test facilities) is an important part of cybersecurity. It is for example addressed by section 13 “Communications Security” of ISO/IEC 27002:2013. ISO/IEC 27033-4:2014 gives guidance for securing communications between networks using security gateways (firewall, application firewall, Intrusion Protection System, etc.). While the newest part of the multipart ISO/IEC 27033 standards series, ISO/IEC WD 27033-7 “Information technology Network security Part 7: Guidelines for network virtualization security” is more on the abstraction of physical components involved in communication, this paper aims to emphasize the fiber optical network communication-based security between very specific Cyber-Physical Systems (CPS). In this case, secure means a strictly reduced feedback channel. According to ISO/IEC 27033-4, essentially, the approaches described in this paper would be classified as physically unidirectional security gateways. In this paper, requirements and concepts will be presented which are beneficial for a scalable use in Industry 4.0 applications for highest (hardware-enforced) unidirectional communication and which can coexist with Firewall and Demilitarized Zone (DMZ) approaches that are also needed for complex IACS architectures.