Due to recent security incidents, there is now a significant debate with regard to what is the best way to protect Industrial Control Systems (ICS). 

Businesses have a real, and ongoing, requirement to extract business information from Industrial Control Systems for crucially important management purposes.

When dealing with a network security environment that isn’t a traditional enterprise network, the threat and risk concerns need to be looked at with a different perspective. The business needs to exchange data via connecting networks but the Information Assurance (IA) World and the ICS World have different concerns. The IA World is more worried about data loss while the ICS World is more  worried about the risk to their process.

So, there’s an obvious and profound dilemma here. There’s a need to share information, but all of the current sharing mechanisms patently introduce differing levels of unmanaged risk to the ICS business processes.

This paper focuses on the debate whether networks should be isolated via an Air-Gap or joined by well-configured Firewall(s) but the debate often misses a third option – Data Diodes.

The purpose of this briefing paper is to provide the relevant information to help you to make the right decision for your business.