Φiriki Intelligence Blog Cybersecurity for Government Networks

Cybersecurity for Government Networks

Defending Critical Government Operations From Cyber Threats

Customer:

A Government Security Agency in Asia-Pacific

Customer Requirement:

Enable real-time transfer of arbitrary files into a secure network environment from open-source networks via file transfer, HTTP and email transports, while providing absolute protection from online data leakage and data exfiltration attacks from the secure network.

Waterfall’s Unidirectional Solution:

Secures the classified/high-security network with a Unidirectional Security Gateway, ensuring continuous and secure cross-domain data flow, while preventing sensitive data from leaking into or being exfiltrated from external, low-security/unclassified networks.

Preventing Data Exfiltration Attacks on High-Security Networks

Government security agencies, public utilities, financial institutions and other sensitive sites world-wide are vulnerable to online cyber attacks aiming to exfiltrate sensitive data. As all software can be hacked, protecting an organization’s most sensitive information with only software and firewalls is not sufficient from a national security standpoint. Software and firewalls can be exploited by malicious and sophisticated adversaries seeking to gain access to sensitive data stored in high-security networks.

  • The challenge

Seamlessly and efficiently transfer files from an open source network into a highly-sensitive secure network, while removing embedded malware from the files and preventing absolutely any data exfiltration back into the source network. Support file movement via HTTP, file transfer and emailed transports.

  • Waterfall solution

A Waterfall Unidirectional Gateway was installed to transmit files from the low-security to the high-security network. Unidirectional Gateway software connectors gather files in real time from the low-security network and populate those files into file and email servers in the high security network. Government and law enforcement applications and personnel can interact normally and bi-directionally with the copies on the secure network, while the Unidirectional Gateway hardware physically prevents any data leakage back into the low-security network.

  • Results & benefits

Hardware-Enforced Security: The classified/high-sensitivity network is now physically protected from online data exfiltration attacks.

Seamless Integration: with a wide variety of CDR solutions

Common Criteria Certification: for the utmost in assurance of resistance to cyber attacks

Network Appliance: with web-based user interface for all administration, monitoring, management and even troubleshooting activities, with no additional software required to be installed on source or destination networks or servers.

Theory of Operation

Waterfall Unidirectional Security Gateways replace one layer of firewalls in the defensive design of classified high-security network environments, providing absolute protection from online data exfiltration attacks. Unidirectional Gateways contain both hardware and software components. Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments.

Unidirectional Security Gateways Benefits:

arrow red rightSafe cross-domain integration of classified and non-classified networks

arrow red rightEliminates any risk of online data leakage through the gateway from classified and other high-security networks

arrow red rightSimplifies compliance with even the most demanding cybersecurity regulations, standards and best-practice guidance, including USDHS, ANSSI, Australian Government Information Security, and more

arrow red rightSimplifies audits and change reviews

arrow red rightReplacing at least one of the layers of firewalls in a defense-in depth architecture with Unidirectional Security Gateways disables online data exfiltration attacks

Global Certifications and Compliance:

Certified: Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore

Assessed by: US DHS SCADA Security Test Bed & Japanese Control Systems Security Center Bed, Idaho National Labs, Digital Bond Labs, GE Bently Nevada Systems Labs, and NISA Israel

Complies with: global ICS Standards & Regulations, NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, Australian Signals Directorate, and many more