The present embodiments relate to an apparatus and a method for transmitting data from a transmitter in a first communication network to a receiver in a second, safety-critical communication network.
In industrial automation systems (e.g., a signal tower or a train controller in railway automation), in production halls in manufacturing automation, for example, or in refineries or breweries in process automation, for example, automation areas that are critical with regard to safety are coupled to general networks (e.g., an office network). Security network gateway units (e.g., firewalls) may be installed at network boundaries between a first communication network and a second, safety-critical communication network in order to couple differently critical network areas in a controlled manner. In such security gateways, the data stream to be transmitted is filtered according to configurable filtering rules and is checked against test patterns (e.g., virus patterns).
The document DE 10 2006 036 111 B3 discloses, for example, a method and a test system for securely transmitting a message from a first zone to a second zone. In this case, the message is transmitted from the first zone to an evaluation unit in a third zone by a one-way lock unit (e.g., a data diode). In this case, copies of the message are made available to different analysis units that check the copies and based on the evaluation result of all analysis units, then possibly forward the message to a second zone. Such an analysis unit is, for example, a virus scanner that checks the messages or the data stream for previously known test patterns (e.g., virus patterns).
In order to achieve reliable protection from malware such as viruses, the test patterns are to be continuously updated. In this case, the test patterns may be updated at hourly intervals or, at the longest, at daily intervals. It is not feasible to load such hourly or daily up-to-date test patterns or virus patterns in industrialization environments. Therefore, “white list” scanners are used instead of virus scanners in practice. A white list specifies the patterns or the data that is allowed to pass through to a second, safety-critical communication network. However, such white list scanners may be used only internally inside a static environment. The white list scanners are not suitable for securely interchanging variable data with external systems since such data has not been entered in the fixed white list.