GLOBAL DEFENSE MARKET
DUBAI AIRSHOW NEWS: Saudi Company Seeks to Solve Classified Data Problem
Laura Heckmann photo
DUBAI, United Arab Emirates — Saudi Arabia-based Sami Advanced Electronics has developed a little black box that can protect sensitive data sharing by physically limiting the flow of data.
Resembling a nondescript DVR device, the slender black box is called Data Diode, and it’s attacking a problem the U.S. Defense Department has struggled with across the entire service: sharing quality data outside a classified network.
Data Diode is a hardware cybersecurity tool that protects isolated networks from cyber threats and external attacks, primarily ensuring the safe transfer of highly sensitive data in industries such as military and aerospace, a company fact sheet stated. It is designed to protect data both being sent from a high security network to an unsecured network and being received at a high security network from an unsecured network. Data Diode sits in the middle.
Typically, networks carrying sensitive information will completely separate from other networks to keep data secure, including military networks. This becomes a problem when data needs to be imported and exported from the isolated networks, the fact sheet said. A manual transfer of data generates further security risk and increases human workload, making data transfer prone to human error. “This is where Data Diodes truly shine,” it read.
The way it works is by physically limiting the flow of data in one direction on a hardware level, Badr Alghmlas, security service manager at Sami, said on the sidelines of the Dubai Airshow Nov. 13. A diagram depicting the device’s data connectivity flow showed a high security, mission critical network on the left and a low security corporate network on the right, with Data Diode at the center.
The device provides a physically secure one-way communication channel that allows data to be safely transferred to the secure network while not allowing any data to leave, he said.
“We need to make sure data [is] coming to us, but at the same time … we don’t want this information to go outside,” Alghmlas said. “So we need to be integrated with other systems … but don’t want the information to go outside. We use this device.”
Alghmlas described data as a formation of seven layers, with the first layer being the most basic. With Data Diode, it can catch an attack at the basic level, rather than four levels closer to the more important data, like a firewall might, he said.
“So if there is an attack, we can pass the first three layers instead” of a direct hit on the most important layer, he said.
Data Diode is different from a firewall in that firewalls are software and vulnerable to hackers, Alghams explained. Hackers can develop sophisticated and unrecognizable pathways to intrude across network security firewalls. Hardware-based security protocols, on the other hand, cannot be penetrated simply because a virtual threat cannot bypass a physical barrier, he said.
Another benefit of hardware is data leak prevention, “since no data can leave the network due to physical restrictions,” the fact sheet said.
Separation is key with Data Diode. It separates sender and destination, using physical and electrical separation, as well as fiber optic cable as a mode of communication across security networks.
Alghmlas said the device is “highly trusted” by government and industry, and already has “many deployments. We manufacture this already,” he said. Though he could not say to whom, he said “we [have] already sold multiple devices [to] multiple organizations.”