Currently, important infrastructures (such as power generation, chemicals, water, petroleum and gas) are connected to the Internet to enable remote monitoring or remote operation via the Internet. Thus, services such as remote monitoring and remote operation of a control network can be provided relatively easily and inexpensively by means of IP communications as a platform. In order to enhance such service business, it is important or almost necessary to connect the control network to the Internet or a cloud computing system. On the other hand, requirement for cybersecurity of such important infrastructures (industrial resources) has been increased. For example, in North America, the NERC CIP (North American Electric Reliability Corporation critical infrastructure protection) requirement is provided, where a security standard required when important infrastructures are operated is defined. Thus, it is necessary to develop an infrastructure or system to fulfill both demands of providing services via the Internet and securing the control network from cyberattacks, at a low cost.
As technique for protecting an internal network such as the control network from cyberattacks, firewalls are widely known (Patent Documents 1 and 2). A firewall is provided at the border between an internal network to be protected and an internal network such as the Internet, to protect the internal network from cyberattacks. For instance, in the technique disclosed in Patent Document 1, a local network (internal network) and the Internet are connected through a firewall, and communications from the Internet side to the local network side are absolutely refused. On the other hand, at the time of communication from agents on the local network to consoles on a second local network connected via the Internet, the port of the firewall is dynamically opened to allow the communication. In this way, communication between the internal network and the external network is enabled while the internal network is protected from attacks from outside.
In the technique disclosed in Patent Document 2, routers are provided between the Internet and a public subnet and between the public subnet and a private internal subnet, respectively, and packets passing through the routers are filtered by the routers. For example, the router installed between the public subnet and the private internal subnet provides IEEE 1394 connection between computers on the public subnet and computers on the private internal subnet. The router performs filtering of packets based on the source ID of IEEE 1394 or on whether the packet is necessary for remote operation based on frame buffer transfer between a computer on the public subnet and a computer on the private internal subnet. The computer on the private internal subnet receives a data through polling of computers on the public subnet by means of read transaction at a constant time interval, and sends data by means of write transaction. With such a configuration, even if a large amount of improper data is sent by a computer on the public subnet, it is possible, by checking the amount of data transfer, to detect abnormal transferring and thereby to prevent its immediate influence on the computers on the private internal subnet, according to Patent Document 2.
On the other hand, for the purpose of security measures, a device called data diode, by which data is allowed to flow only one way in a communication path of a gateway, is known. It is said that by using the data diode, it is possible to completely prevent data flow in the direction opposite to the allowed direction, thereby to provide protection from cyberattacks such as virus attacks and hacking from outside. For example, in the technique disclosed in Patent Document 3, computers are connected through such data diodes and also through general communication paths. And, confirmation of delivery of the data sent through the data diodes is performed by using the general communication paths, whereby security measures using data diodes are realized while reliability of data transmission is secured.