Low-cost, Plug-and-Play Date Diodes for Protection and Monitoring of DoD Facility Equipment

2021 ESTCP Project of the Year Award for Installation Energy and Water

Cyber attacks are one of the fastest growing threats to DoD installations’ information technology (IT) and operational technology (OT). Control systems, ranging from building environmental controls to large-scale systems such as the electrical power grid, are often integrated with organizational IT systems to promote connectivity, efficiency, and remote access capabilities. This level of interconnectivity increases the “attack surface” for cyber threats.

With a demand to meet energy efficiency and energy resilience requirements, managers of critical infrastructure benefit from the situational awareness provided by remote monitoring. This information leads to improved equipment performance and reduces unplanned downtime. However, recent attacks on U.S. and international power grids and building systems highlight the need for improved security on the industrial internet of things.

Data diodes are used today to protect the most critical of assets but at an expense often exceeding $100,000 per connection. Data diodes are

The team at CERL built a lab at its facility in Champaign, IL to test a variety of controllers and protocols. In this photo, a Fend data diode is being tested as an ICS cybersecurity defense technology under project EW19-5156.

security appliances that enable a physically enforced, one-way information stream about the state of equipment. These devices use light as the medium to transmit data from building automation systems (BAS) and networks to remote servers or cloud-based locations, physically isolating the equipment from lower-security networks. Fend Incorporated developed a low-cost device at 1/20^th the cost that provides the one-way data transfers of data diodes while removing the need for extensive on-site configuration. On-board processors enable Fend’s hardware to communicate with protected equipment and transmit information to an on-site network or cloud service.

The project responded to an FY19 ESTCP solicitation seeking innovative solutions to improve the use, access and quality of utility and facility-related data for the purposes of efficient and informed decision-making and improved management, resilience, operation and maintenance of military facilities and installations. Fend’s ESTCP demonstration set out to evaluate if the challenges to widespread DoD adoption of data diodes could be overcome to provide the benefit of secure monitoring and data accessibility to installation asset managers across the DoD. Fend approached ESTCP pre-production of an otherwise commercially available product, but with the goal of lowering the cost and easing installation while keeping the air gap security and compatibility with the most commonly used machine communication protocols across DoD.

Since the project kicked off in August 2019, Fend has developed a line of plug-and-play products made in the USA that have gone through rounds of various testing. Functional testing was done at CERL’s facilities in Champaign Illinois, and showed the diode was able to successfully send files and streams of system in a variety of common protocols. Cybersecurity testing was done by the Army’s Threat Systems Management Office (TSMO) at Redstone Arsenal and the Navy’s Control Systems Test Bed (CSTB) at Port Hueneme. This included penetration tests designed to mimic attacks by those who would try to send information across the diode in the reverse direction or otherwise disable the hardware, and the diode proved to withstand these outside attacks.

For the significant progress made, and the success of the Fend data diode observed in the field demonstrations, Mr. Colin Dunn and his team received the 2021 ESTCP Project of the Year Award for Installation Energy and Water for their project titled, Low-Cost, Plug-and-Play Date Diodes for Protection and Monitoring of DoD Facility Equipment.

The estimated completion date of Fend’s ESTCP demonstration is April 2022 at which point a full detailed final report will be available to the public on the ESTCP project’s webpage.

Project Team:

Mr. Colin Dunn – Fend Incorporated
Mr. Tapan Patel – U.S. Army Corps of Engineers, Engineer Research and Development Center, Construction Engineering Research Lab
Special thanks to the teams at the Army TSMO and the Navy CSTB