> But what if I need to send data two-ways? Some systems cannot operate one-way, so they require a two-way solution. For these use cases, Owl has a unique bidirectional data diode solution – ReCon – that operates on two parallel one-way paths. Get all the security advantages of data diodes with the flexibility of a two-way solution.

…but…what? Why are we doing the blinking-light song and dance at all then?

Let's hope the photosensor processing software on the receiving end doesn't have any bugs that could be exploited.

Depends on the direction.

If data diode points to outside, like a power plant exporting its status to web, then photosensor can be completely taken over. Sure, the web page might be completely bogus, but there will be no disruption in power plant's system. The hardware design guarantees it. That is the strongest case for data diodes.

If data diode points to inside, like a power plant getting new data from the outside, then sure, photosensor software is a concern, but since it's relatively simple, this would not be my biggest worry. I'd worry about app that runs on target PC and receives files; if file is an archive, about un-archiver exploits; an finally about the files themselves. If there a doc, are you sure it's not exploiting Word? If there is an update, are you sure it's not trojaned? Are you sure users are not click on the executable thinking it's a directory?

So one-way IrDa?

Yes, but the vendor also gives some reasonable transmission software that will be able to transmit common protocols (like OPC/DB updates and so on) multiplexed and abstracting away the confirmationless medium.

An optic fiber.

Optic gas.

It has to be. Otherwise it is not air-gapped but vacuum-gapped!

If you're already using a data transfer mechanism that the human can't verify every character going over the line, why use infrared? What does that give over a USB cable or, gasp, an internet connection?

The idea is in the name. It is a "data diode". It lets data through in one direction and the data can't go in the other. Verifiably because it doesn't have the hardware for data to go the other direction.

I don't think this property can be guaranteed for the alternatives you proposed.

But surely malware is just "data", no? Or am I missing something.

The idea is that the malware could have infiltrated the system (probably) but couldn't have exfiltrated data from it.

So a data diode wouldn't stop a "stuxnet" scenairo where the malware is trying to sabotage the air-gapped. But it would prevent secret information being leaked out.

(Btw. I'm just explaining what a data diode is, and what guarantees it provides. I don't actually think that it would be useful in practice, because it feels to be too cumbersome to use it and therefore the users/IT would poke holes into the security it would provide otherwise.)

interesting, thank you.

There is a cheap way to test via the open source data diode workshop. Https://www.github.com/vrolijk/osdd

Love to read your findings!

Why light instead of electricity: tradition, and a bit of quality assurance. For RS232, cutting one line was fine. But modern devices are complex: Ethernet transceivers support auto-MDIX and your RX line might become TX one with a flip of a bit, or your GPIO becomes input instead of output. You can fix it with a buffer, but optocouplers are cheap and look nice in slides.

Why not USB or internet:

Transmitter is totally safe from compromised receiver. If you insert USB stick to upload file, it could maliciously pretend to be a keyboard. If you connect to Internet to upload a file, your network stack can be exploited (and if you have firewall, then firewall must be exploited first, not impossible). Only data diode lets you push the data to unsecure zone and not worry about getting infected in the process.

If receiver has to be secure, things are not as clear-cut, but there is still advantages from great reduction in complexity. None of existing protocols work, so vendor usually implement something minimally simple to allow file transfer and maybe mailbox-like messages. This system will always have some risks present - even if you securely sent PDF to airgapped site, it might still exploit the PDF viewer. But at least the malware won't be able to report status to C&C and exfiltrate the data.

So with this data diode I can install an application to use the PC speaker as an output device, and then record the sound for exfil? Nice.

exfil ideas are always interesting to think about! The PC speaker idea may work, assuming:

(1) protected computer has a built-in PC speaker (for example, the computer I am typing this message on does not)

(2) There is an insecure PC with sound card and a microphone (or at least headphones which can be used as microphone)

(3) Secure and insecure PCs are close to each other, as opposed to being in different rooms

(4) It's quiet enough, and no one will notice the sounds (because PC speakers are crappy and can't do infra/ultra sound)

Likelihood of this succeeding depends on a lot of factors, the biggest of them being "how good is the security team". Presumably if they are buying data diodes, they at least have some knowledge?

Other exfil ideas I've read were to emit sounds using HDD, emit sounds by changing fan speed, blink code messages on lights ("sleep mode" or caps/num lock), show special patterns on monitors to transmit RF, add hidden dots to printed pages, abuse wireless keyboard or mice.. There are many idea and most of them are pretty impractical outside of very limited circumstances.