Securing Air-gapped Network in a USA based Power plant

odix
odix

Background

Power Plants IT infrastructure are designed as highly-secured, air-gapped networks, as required from critical infrastructure suppliers. These networks completely blocking access to external files, except via removable media. The process of accepting external files is required to meet NERC (North American Electric Reliability Corporation) CIP (critical infrastructure protection) standards.

odix

Challenge

The power plant is required to enable the access of diverse files delivered via portable media to its air-gapped network. This exposes the power plant to the threats of removable media like USB drives, CDs, DVDs, and portable hard disks can carry. All portable media must be scanned for threats with the highest security standard before the files can access the network.

odix

Solution

The US power plant chose to deploy the odix Kiosk solution to act as the gatekeeper to all files needed to be sanitized prior infiltrating into the network. The odix Kiosk was deployed as an isolated element that is not connected to the organizational network. This configuration makes odix Kiosk a safe and secure solution for inserting files into the critical network.

odix

Key takeaway

Removable media introduces high-risk threats to any organization and for ICS (Industrial Control Systems) infrastructures the vulnerability is dangerous. When designing a file sanitization station for ICS and SCADA networks, it is mandatory to comply with NERC-CIP and NIST 800-53 requirements like the odix Kiosk is.