Air-Gaps for Communicating Systems
Protecting Critical Systems via One-Way Connections
Every system is hackable, especially if it’s connected to the Internet. This is no surprise, of course, but it seems a wide swath of industry, especially in the manufacturing area, are being exposed to this reality for the first time.
All factory, utility, marine, and other industrial control systems should, of course, be 100% isolated, or air-gapped, from the Internet. However, in reality they are increasingly connected and usually poorly protected.
This is for many reasons, and I recall being at the forefront of this in the early 1990’s, connecting PLCs to LANs to share data, and with modems so we could connect remotely. The Internet is just a more modern, and dangerous, version of this.
It’s so nice to have all the data flowing in all directions, all the time. But also very dangerous.
This is especially true today with integrated manufacturing, ERP, order management, logistics, e-commerce, and all other systems totally connected. It’s so nice to have all the data flowing in all directions, all the time. But also very dangerous.
It’s doubly dangerous when there are life-safety and other connected systems whose malfunction can kill people and/or damage equipment, product faulty products or cause other real-world harm.
How can we protect these system, yet share some data at the same time?
I argue there is simple no way to actually protect them using normal technology. Firewalls, satellite links, cellular connections, etc. can all be overcome, especially in the reduced-security footing (and skills) often present in these industries.
The reality is banks and the military both struggle to protect themselves, so the chances of a factory or utility or ship doing it are zero. Simple as this.
So one strategy and currently the only real one, is 100% isolation of these system. However, this has significant downsides, especially that we cannot get data out of them, including we can’t get alerts, metrics, logs, records, etc. out to larger, more connected systems. Let alone modern data analytics, machine learning, or even business or ERP platforms.
What we need is a way to communicate and send data.
By the way, this is exactly the same problems airlines face onboard modern aircraft, how to separate and isolate critical plane systems from the passenger entertainment, and now Internet, networks.
We can take a page from the airplane makers, and use their primary isolation method, that of the one-way communications bridge.
But all their hardware & software is custom-built and super expensive; we need something that can support normal protocols and tools, while remaining 100% secure.
So I propose we design and build simple one-way telemetry links for these industries, that support modern protocols and methods.
The simplest way is to have two small computers, such as Raspberry Pi’s, connected by a ONE-WAY link such a an Ethernet cable with only the transit pair in place (cut/remove the receive pair), a single fiber, or even a fast serial connection.
It’s very important the prohibition on return data flow be physical, i.e. no actual wire or path, making it impossible to override or bypass in any way. This is the only way to be safe.
In this model, a sending system uses TCP/IP or UDP to connect to the sending Pi and send data, such as by at REST API. The sending Pi handles that data and buffers it to send to the receiving side.
The sending Pi then transmits it over the one-way link, probably using a modified driver and methods as most standard systems won’t support zero return data very well.
The receiving Pi receives the data and sends it on, again probably using standard REST APIs or other protocols so it can communicate over its network to other systems.
The important feature here is the receiving machine can never, ever send data nor compromise the sending machine or system. It’s impossible.
Physically impossible is a good feature of a secure system.
Such as simple system would operate much like UDP, where the sender sends a data packet and hopes it gets received. There is no flow control, retransmission, or control of any kind.
This system would be ideal for telemetry or data-only feeds, such as on airplanes, utilities, ships, factories, trucks, etc. where the main public systems need data from the embedded ones.
It would not work for sending data to the local systems, such as ERP order details, product configuration, remote control, etc. That would have go traditional ways or under very strict security channels for limited specific users and needs.
But the number and classes of telemetry only systems is very large, and a system like this can help make them much safer. And it’s easy to build on commodity hardware.