Method for securely transmitting control data from a secure network

摘要

This method securely transmits data from a secure control system [110] located on an isolated computer network [100] to a separate computer [210] outside the isolated control network [100]. The method includes several features designed to minimize the risk of outside cyber attack on the control system [110] while ensuring that the data is transmitted correctly and promptly. The system uses a non-routable unidirectional physical data link [300]. Messages [400] are redundantly transmitted to computer [210] without acknowledgement along with checksums [430,450]. The checksum information is used to validate that the message header [420] and the message data [440] have been received correctly. Redundant information contained in repeated message data blocks [440] is discarded after the transmitted message [400] is correctly received and decoded. An ordered transmission sequence is used to minimize the message delay if an individual message [400] was not received correctly on its first transmission.

主权项

1. A secure system for transmitting message data from a secure computer on a secure network to anon-secure computer on a non-secure network comprising:
a one-way communication link from the secure computer directly to the non-secure computer, wherein the one-way communication link is configured to provide the only communication between the secure computer and non-secure computer; a predetermined non-routable communication protocol known by both the secure computer and the non-secure computer; and wherein said secure computer is configured to transmit a message including said message data and error detection information multiple redundant times to the non-secure computer according to the predetermined protocol, said non-secure computer is configured to identify, decode, and verify message data that has been correctly transmitted according to the predetermined protocol, and further configured to discard message data that has not been correctly transmitted according to the predetermined protocol, and to store message data that has been transmitted correctly according to the predetermined protocol, the secure computer receives no feedback data from the non-secure computer, each cycle of transmission begins with a newest pending message being transmitted first and followed by an older pending message, which has not yet been transmitted a pre-determined number of times, and the predetermined non-routable communication protocol does not include a data field that facilitates routing of the message over a packet routing network.