Part of the PROTECT Playbook ← Return to Hub

Data Diodes & Unidirectional Flows

Regulatory Context: IACS UR E26 (Section 4.2.3) emphasizes the need for high-integrity protection for mission-critical zones. Data diodes provide a hardware-enforced “unidirectional flow,” ensuring that data can exit the OT environment for monitoring without any possibility of a cyber-attack entering from the IT or Satellite network.

In modern shipping, the home office needs real-time engine data, fuel consumption, and hull performance metrics. However, connecting the Engine Control Room (ECR) to the internet creates a path for ransomware. A Data Diode solves this by allowing data to flow out, while physically preventing any data—including malicious commands—from flowing back in.

The “One-Way” Philosophy

Unlike a firewall, which uses software to block traffic, a data diode uses hardware physics. It is the digital equivalent of a check valve in a piping system; it is physically impossible for the “fluid” (data) to move in the opposite direction, regardless of how a hacker tries to manipulate the software.

Physical Isolation

Traditional diodes use fiber optics with only one LED (transmitter) and one Photo-receiver. There is no physical return path for a hacker to send a command back to the ship.

Protocol Scrapping

Unidirectional gateways “strip” complex protocols (like TCP) and send raw data, preventing the use of common network exploits that rely on two-way communication handshakes.

Comparison: Firewall vs. Data Diode

Feature Standard Firewall Data Diode
Communication Two-Way (Bidirectional) One-Way Only (Outbound)
Security Basis Software Policy (ACLs) Hardware Physics
Maintenance High (Constant patching) Low (Set and forget)
UR E26 Suitability Standard Zones Critical Category III Isolation
Implementation Best Practices
Deploy at the IT/OT Edge

Place the diode where the Engine Room network meets the Ship’s Business/VSAT network. This allows performance monitoring without risking the AMS.

Use for Log Aggregation

Use a diode to push security logs from the OT environment to a shore-based Security Operations Center (SOC) without creating a return path for attackers.

Advisor Tip: The “Feedback” Exception. Data diodes are not suitable for systems that require remote control from shore (like remote DP diagnostics). If you must have two-way traffic, you must use an iDMZ with ZTNA as described in Pillar B. Diodes are for “Monitoring-Only” scenarios.

Next Section

Secure Space & Physical Access

Secure Space & Physical Access Regulatory Context: IACS UR E26 §4.4 requires that physical access to cyber-system asset...

Scroll to Top