Industrial infrastructures are growing in size and complexity. And it’s all too clear that traditional enterprise IT solutions have not been successful in safeguarding them from cyber-attack. They do not meet the best-practice deep-packet inspection capability in the field, nor do they place an emphasis on zone protection network segmentation. As well, they tend to focus on preventing loss of confidential information, rather than what really matters in the industrial world – reliability and integrity of the system.In this architecture, a Cybridge is used as a one way content filter gateway which enables the extraction and export of protocol data and information from within the industrial networks, carried upon industrial protocols, to enterprise networks. This allows safe and easy integration of the machine data coming from the SCADA network in enterprise reporting and statistical services, within external or public networks without any Cyber-attacks apprehension.

1. Cybridge
Secure Content Filter
for SCADA Networks
by Bynet
Bynet Solutions
Bynet Inside
www.bynetgroup.com

2. SCADA Industrial Protocol
Supervisory Control And Data Acquisition (SCADA) networks contain computers
and applications that perform key functions in providing essential services and
commodities (e.g., electricity, natural gas, gasoline, water, transportation).
As such, they are part of the nation’s critical infrastructure and require protection from
a variety of threats that exist in cyberspace today.
By allowing the collection and analysis of data and control of equipment such as
pumps and valves from remote locations, SCADA networks provide great efficiency
and are widely used. However, they also present a security risk.
Security Challenges
Built for reliability and stability rather than security, industrial infrastructure networks
have long been easy targets for malware attacks.
City and regional infrastructures depend on reliable access to energy, water and
transportation systems.
In a very real sense, all infrastructures are built upon the industrial infrastructure base.
The concept of the ‘network of everything’ that futurists and planning commissions
have spoken about optimistically for years has arrived. But they forgot one thing:
industrial security.
SCADA networks were initially designed to maximize functionality, with little
attention paid to security. As a result, performance, reliability, flexibility and safety
of distributed control/SCADA systems are robust, while the security of these
systems is often weak. This makes some SCADA networks potentially vulnerable to
disruption of service, process redirection, or manipulation of operational data that
could result in public safety concerns and/or serious disruptions to the nation’s critical
infrastructure.
Action is required by all organizations, government or commercial,
to secure their SCADA networks as part of the effort to adequately
protect the nation’s critical infrastructure.

3. Industrial Security
Industrial infrastructures are growing in size and complexity. And it’s all too clear that
traditional enterprise IT solutions have not been successful in safeguarding them from
cyber-attack.
They do not meet the best-practice deep-packet inspection capability in the field,
nor do they place an emphasis on zone protection network segmentation.
As well, they tend to focus on preventing loss of confidential information, rather than
what really matters in the industrial world – reliability and integrity of the system.
In this architecture, a Cybridge is used as a one way content filter gateway which
enables the extraction and export of protocol data and information from within
the industrial networks, carried upon industrial protocols, to enterprise networks.
This allows safe and easy integration of the machine data coming from the SCADA
network in enterprise reporting and statistical services, within external or public
networks without any Cyber-attacks apprehension.
Cybridge - SCADA Industrial Protocol Gateway
Cybridge SCADA Protection is a comprehensive industrial network protection solution
designed and developed by Bynet Communication Group. The hardware/software
combination has been designed specifically to protect against Trojans, worms and viruses
that might infect industrial SCADA systems.
Secure Content Filter Cybridge enables the connectivity of various networks having different
levels of classification and information security policies including SCADA and enterprise
network connection. The Cybridge is a security solution for organizations who intend to
connect different networks while controlling traffic that traverses between the networks.
The Cybridge provides the network security administrator or Security Operation Center (SOC)
managers the ability to monitor, filter and defend internal networks or server farms against
cyber-terror attacks, both from outside or from within - while ensuring that traversing traffic
accords the security policies defined by SOC managers.
The Cybridge is based on secured unidirectional data flow combined with a content filtering
engine. The Cybridge is a platform specially designed to implement network gaps between
external and internal networks or internal network with different classification, using session
termination and regeneration at each side. Using a configurable platform for content filtering,
enables on the one hand the security administrator to develop its own private content filtering
engines for specialized purposes and filtering tasks, and on the other hand the Cybridge could
be provided with suit tailored development for the specific organizational needs and threats.

4. Cybridge Advantages
• Both appliance and HW agnostic delivery
options – simple, configurable and maintainable
• Any-to-any transformation - input files in one
format and output files in a different format
• Multiple data formats - the types of data
formats that can be processed are practically
unlimited
• Affordable and scalable - cost effective and
modular system. Begin with one component
and add more components as the need arises
• A field tested security solution
© 2013 Bynet Data Comm. LTD, All Rights Reserved. Bynet and the Bynet logo are trademarks
of Bynet Data Comm. LTD, and may be registered in certain jurisdictions.
All trademarks identified by © are trademarks, trademarks or service marks, of Bynet Data Comm. LTD.
10/13 • RB11133
Notice: Every effort was made to ensure that the information in this document was complete and accurate
at the time of publication. However, information is subject to change.
has extensive knowledge and proven experience in ICT solutions
in general, and in the Security sector in particular
Bynet Data Communications
Security ProvenSecurity Proven
Bynet Data Communications
8 Hanechoshet St., Tel Aviv 6971071- Israel
Tel: +972-3-645-8080
Fax: +972-3-548-8058
info@bynetgroup.com
www.bynetgroup.com
SCADA Seamless Connectivity Proxy
(SCP) - Key Features
• Provides secure unidirectional connectivity,
either input or output, between SCADA
and Enterprise networks segments.
• To achieve bi-directional functionality,
it would be necessary to install two Cybridges
• Single standard appliance
• Physical and Logical Industry standard
UDP sub-layer
• One Way – No Feedback attack possibility
• Protocol Structure Validation
• Data Scheme Validation
• Packet Cryptographic Signature
• Secure Violations Notification & Logs