This disclosure relates generally to the field of cybersecurity for control systems. More specifically, in some aspects, it relates to devices and methods for providing secure communications to and from one or more safety-critical control systems, such as those found on aircraft avionics, nuclear power plants, rail systems, ships, and automobiles, and applies to both manned and autonomous vehicles and systems. As an example, avionics control systems may be designed to be isolated, critical networks, but some avionics technologies, such as ADS-B and ACARS, support external communication messages, and have become increasingly important in aircraft operations. These latter technologies demonstrate a need for protecting critical systems from spurious, erroneous, or malicious signals, while still enabling external communications for aircraft operations. To provide adequate protection for these systems against, for example, cyber-terrorism and malicious attacks, a solution must be capable of both interfacing with, and routing data between, a multitude of communication media and protocols, including deterministic/real-time buses as well as non-deterministic and network interfaces, such as, for example, Ethernet, fiber-optics, CANBUS, ARINC-429, ARINC-664, RS-232/422/485, and MIL-STD 1553B. Additionally and advantageously, the solution can take into account the state of physical switches and relays, and digital and analog electrical inputs.
Current state of the art solutions for interfacing between safety-critical control systems, such as avionics, use a unidirectional “data-diode,” which is a device designed to provide only a one-way flow of information. This is mostly used to send messages and status data from the protected or safety-critical systems, such as avionics, to other systems. For example, a data-diode can be used for aircraft flight status information on commercial airline flights, providing customers details of the flight on a moving map application that shows where the aircraft is located, along with altitude, speed and time of arrival. In many instances, however, interfaces need to be implemented as bi-directional and therefore require a more sophisticated device that can enable a safe solution for messaging, remote command and control, or other applications required on systems such as a modern aircraft, power plant, transport vehicle, or unmanned system. Increasingly these systems are being operated for uses beyond their original intent, and in many cases they include specific equipment that must be controlled remotely or through networks or interfaces that require bi-directional communication. Further, a solution is needed that can validate and provide cyber security for machine-to-machine (M2M) communications and control messages between two safety-critical devices in a control system without interrupting critical timing on deterministic systems or buses or introducing system instability due to latency of processing the messages.
Accordingly, a solution has been sought to the problem of ensuring bi-directional cyber-security for safety-critical systems by protecting these critical control devices from both internal and external attacks and threats. “Bi-directional” is understood to encompass both incoming data (data coming into the critical control system or device from an interface, internal or external, with which the system or device is linked), and outgoing data (data communicated from the control system or device to the linked interface).