Two-way, secure, data communication within critical infrastructures

摘要

Systems and methods for two-way, secure, data communication within critical infrastructures are usable to protect critical infrastructure information while allowing real-time monitoring and remote access. Such communication systems and methods can be used to protect critical data by, for example, providing a single point of access via unidirectional, serial, non-routable connections. Additionally, data flow may be controlled by a first server that is not accessible outside of the critical infrastructure.

主权项

1. A system, comprising:
at least one memory of a first server that stores computer-executable instructions; at least one processor of the first server configured to access the at least one memory of the first server, wherein the at least one processor of the first server is configured to execute the computer-executable instructions to:
receive, from a second server, via a first unidirectional serial link, a first unique datagram comprising at least data and a checksum value, wherein the first unique datagram comprises a first plurality of unique datagrams concatenated based at least in part on a second configuration file associated with the second server;decrypt the first unique datagram;verify data from the first decrypted unique datagram against the checksum value; andwhen the data is verified:
combine data associated with operation of a power plant and an associated checksum value into a second unique datagram;encrypt the second unique datagram;concatenate a second plurality of unique datagrams comprising the encrypted second unique datagram, wherein the concatenation of the second plurality of unique datagrams is based at least in part on a first configuration file associated with the first server, wherein the first configuration file and the second configuration file comprise installation-specific configuration files that are accessible only via the first unidirectional serial link or a second unidirectional serial link, wherein the first configuration file has contents that are the same as contents of the second configuration file, and wherein the first configuration file configures the first server to share the data with the second server using the second unidirectional serial link; andtransmit, to the second server, via the second unidirectional serial link, at least a portion of the second plurality of unique datagrams.