In a computer network handling sensitive data, portions of the network may be connected by hardware-enforced unidirectional channels (also referred to as one-way data links). The term “hardware-enforced unidirectional channel” is used in the context of the present patent application and in the claims to refer to a communication link that is physically configured to carry signals in one direction and to be incapable of carrying signals in the opposite direction. Hardware-enforced unidirectional channels may be implemented, for example, using Waterfall® systems, which are manufactured by Waterfall Security Solutions, Ltd. (Rosh HaAyin, Israel). The Waterfall system provides a physical one-way connection based on fiberoptic communication, using an underlying proprietary transfer protocol. When a transmitting computer is connected by a Waterfall system (or other hardware-enforced unidirectional channel) to a receiving computer, the receiving computer can receive data from the transmitting computer but has no physical means of sending any return communications to the transmitting computer.
Hardware-enforced unidirectional channels may be used to prevent data either from entering or leaving a protected facility. For example, confidential data that must not be accessed from external sites may be stored on a computer that is configured to receive data over a hardware-enforced unidirectional channel and has no physical outgoing link over which data might be transmitted to an external site. On the other hand, in some applications, the operator of the protected facility may be prepared to allow data to exit the facility freely via a hardware-enforced unidirectional channel, while preventing data from entering the facility in order to thwart hackers and cyber-terrorists.
In this latter category, for example, U.S. Pat. No. 7,649,452, whose disclosure is incorporated herein by reference, describes protection of control networks using a one-way link. As described in this patent, a method for monitoring a process includes receiving a signal from a sensor that is indicative of a physical attribute associated with the process and transmitting data indicative of the received signal over a one-way link. The transmitted data received from the one way link are used in monitoring the process. The method is described in the patent particularly in the context of Supervisory Control And Data Acquisition (SCADA) systems. A SCADA system receives monitoring data from the monitored facility via a one-way link. The SCADA system is unable to transmit any sort of data back to the monitored facility (although a separate, open-loop connection may be provided for this purpose), and therefore cannot be used as the base for an attack on the facility.