Secure network

connectivity –
without compromise
Siemens Data Capture Unit (DCU)

siemens.com/dcu
 White paper | DCU | September 2019

Enjoy a new standard in

network security
With Siemens Data Capture Unit (DCU) – a secure, compliant and
cost-effective solution that lets you connect your critical networks.

In an increasingly digital world, a bulletproof cybersecurity

solution is a true advantage. But what is the most effective
way to keep your data accessible while protecting your systems
from external threats? The Siemens Data Capture Unit (DCU)
was designed to provide connectivity for new systems as well
as legacy ones. User-friendly and reliable, the DCU is a one-
of-a-kind data diode solution for all enterprises. From
transportation to energy, from mining to healthcare: the
Siemens DCU aims to provide 100% protection against
cyberattacks – and secure access to your data in real time.

Contents

Overview 02

Introduction 03

Product pages 04 – 06

Industrial applications 07

Summary and conclusion 08

2
 White paper | DCU | September 2019

Digitalization: the driving force

in every industry
There are many benefits to digitalization – but also many risks. Yet, your
industrial networks are only as effective as the security systems that protect them.

Digitization is changing everything Use your data – without risk

The world is connected like never before. With the birth of What good is your data if it’s locked away within a network?
Industry 4.0 and the Industrial Internet of Things (IIoT), In a modern business-driven world, data needs to be avail-
we’ve seen a monumental shift from the stand-alone able because there are so many economic advantages to be
embedded systems of the 1980s to the all-encompassing gained from data analysis and insights.
IIoT we have today. And this move towards an IIoT will only
These advantages include optimized resources and assets
continue to accelerate as we develop newer and smarter
as well as enhanced plant and process availability. The ability
ways of analyzing high volumes of data.
to freely access smart data will also give you a clearer over-
In fact, it is estimated that there will be as many as 50 billion view of your entire operations and improve your compliance
devices connected to the IoT / IIoT globally by 2020. While a with international standards and regulations.
significant number of these will be conventional household
Put simply: for data to be truly useful, it needs to be secure
devices, many will be industrial assets requiring continuous
yet freely available when you need it. And here is where the
connectivity to improve their processes.
Siemens Data Capture Unit (DCU) comes in – a solution which
And while it is clear that this connectivity yields significant arose from this boom in connectivity and Siemens expertise
benefits, it also introduces a new landscape of cybersecurity in technology development for every major industry.
threats. Our industries need an intelligent solution to keep
data safe and maintain the security of critical networks.

3
 White paper | DCU | September 2019

The Siemens Data Capture Unit (DCU)

A first of its kind, the DCU provides risk-free and vendor independent connectivity
while keeping your critical networks secured.

Industrial control systems – by their very nature – need to The key to the DCU is a proven data diode technology. Used
be secure. But most highly secure industrial solutions are in the defense industry for many years, the technology has
complex to install and beyond the financial reach of many proven its value for mission-critical applications where
companies. The Siemens DCU is the first of its kind: offering security is a fundamental requirement. It was, however, up
connectivity without compromising the security of critical until only recently cost-prohibitive for many small to medium
networks. It is also a practical solution for all industries enterprises. Through extensive research and development,
including oil and gas, mining, healthcare, energy, and Siemens has managed to dramatically drop the cost of this
transportation. technology – making the DCU the most cost-effective and
user-friendly solution for secure network connectivity today.
It does this by building a secure IT-OT bridge and enabling
data-based cloud applications for tasks such as network
and cloud-based condition monitoring, the secure delivery
of patches and updates, predictive maintenance, process
optimization, and much more.

Industrial IoT operating system

(cloud or local)

One-way gateway
(software) – sender Data is received and pushed

Data Capture Unit DCU isolates critical OT network

(hardware) from IT network

One-way gateway
(software) – receiver Data is collected and filtered

Critical Network (OT)

Customer assets

As a fully secured edge device, the DCU functions as a bridge between your IT and OT – thus ensuring that your critical
networks remain physically isolated.

4
 White paper | DCU | September 2019

Benefits at a glance

1. Security
The Siemens DCU ensures the highest security using proven technology. To
date, there hasn’t been a single case of industry grade data diodes being
bypassed or breached by outside threats. By creating a physical break and
hardware enforced one-way data, the DCU eliminates the risk of external /
internet-based attacks affecting critical networks for which 100% security can
be achieved. The solution has also proven to be one of the most reliable on
the market with the highest MTBF (mean time between failures) combined
with extensive product support from Siemens.

2. Connectivity
The Siemens DCU ensures seamless connectivity between your IT and OT
networks. In this case, it functions as vendor neutral bridge that supports all
main industrial protocols. Using the DCU, you can collect data from your OT
networks (such as from plant SCADAs, for example) and push data to corporate
IT networks or to the cloud. The DCU offers direct connectivity to MindSphere,
Microsoft Azure and Amazon Web Services, amongst others. The DCU is also
compatible with 3rd party applications, which can be scaled to meet any need.

3. Compliance
The Siemens DCU does more than just keep your critical networks secure – it also
helps ensure cybersecurity compliance. Every major cybersecurity guideline
recommends the use of data diode technology to reduce the risk of systems
or user data being exploited. The DCU was also designed to comply with
internationally recognized security standards such as IEC 62443. Thanks to
its non-routable IP to IP communication, the DCU even meets US NERC CIP’s
(Critical Infrastructure Protection) requirements for isolation.

5
 White paper | DCU | September 2019

One hardware solution –

two unique modes of operation
The DCU is capable of two very different configurations to meet your needs:
whether you need to securely monitor data or enable seamless connectivity
for your assets.

Critical Network Open Network

STATUS
ETH 0 / USB

USB

ETH 0

CAP 4

CAP 3

CAP 2

CAP 1

–
1. Data diode for data monitoring
POWER
+
–
SUPPLY
The DCU hardware by itself can let you monitor your net-
work traffic using its integrated network terminal access
point. Independent of protocol, you can use the DCU to
securely capture a bit stream from any asset or network
segment in a critical network and transmit it to the open
network.

Critical Network Open Network

STATUS
ETH 0 / USB

USB

Gateway ETH 0 Gateway

sender sender
Client proxy Client proxy
CAP 4

CAP 3

CAP 2

CAP 1

–
2. One-way gateway for cloud connectivity
POWER
+
–
SUPPLY
The DCU in combination with Siemens one-way gateway
(OWG) software ensures seamless connectivity between
your existing systems and corporate IT networks or a wide
option of cloud providers. This simple yet highly secure con-
figuration lets you to increase your network protection or to
enable the development of your Industrial IoT.

6
 White paper | DCU | September 2019

Industrial applications
The Siemens DCU unlocks a world of possibilities for every industry
with data securely captured from critical networks.

Application 1: Transportation Application 2: Industry

The challenge The challenge
Autonomous driving may be poised to revolutionize the Howden is a company that that has been manufacturing and
vehicle world – but this technology has already existed for selling industrial fans, heaters, compressors, and steam
almost 10 years when it comes to trains. The operational turbines for many decades now. As such, it has a large and
control systems used for autonomous train lines, such as established customer base with Howden products, such as
those found in Hong Kong, are highly sensitive and critical steam turbines, in their plants. Howden wanted to offer
for public safety. As a result, multiple fail-safes were built these customers a digital solution which would allow them
into the systems to prevent cybersecurity attacks. The to connect their turbines to the cloud and extract opera-
problem? These fail-safes meant that crucial data could not tional data from their PLC / SCADA control modules. Data
be accessed remotely – data which could have been used to which can be used to improve their operations and extend
analyze and improve the entire network. A solution was the lifecycles of their assets. Howden thus needed a secure
needed that could keep these systems secure while allowing way to bridge the gap between these physical assets and
access to valuable data. the cloud.
The solution The solution
Following the implementation of the DCU, data can now be Howden turned to the Siemens DCU to enable secure
captured from safety-critical networks in real-time and sent access to asset data and data collection devices from any-
across the globe for monitoring and analysis. Data was also where in the world. In this instance, the DCU operated as a
sent to Germany during the crucial start-up phase for remote data collection device: storing information locally before
support as well as real-time system error analysis to reduce pushing it to the cloud for processing, analysis, and visual-
downtime. With no additional data collection sensors required ization. This simple solution has unlocked new potential for
and zero interference to existing systems. The Siemens DCU existing asset owners – and provides Howden with an
thus serves as a vital component in the Siemens Mobility enhanced value proposition it can offer to new customers.
portfolio of end-to-end solutions and services supporting
autonomous rail travel.

7
 White paper | DCU | September 2019

Securely connect your

critical networks
With the Siemens Data Capture Unit (DCU) – a secure, compliant and
cost-effective connectivity solution for any industry with critical systems.

With the rise of Industry 4.0 and the Industrial Internet of Offering unrivalled security, compliance and cost-effectivity,
Things, companies are increasingly turning to insights the DCU is a one-of-a-kind solution which taps on proven
provided by smart data to unlock new levels of efficiency data diode technology to provide secure data access for all
and operations. But with increased connectivity comes an enterprises reliant on industrial control systems. These
increased cybersecurity threat. The Siemens Data Capture include customers in the transportation, energy, mining,
Unit (DCU) meets this challenge by providing industrial and healthcare sectors.
connectivity without compromising security – even with
critical systems that were not initially designed to be connected.

Shaping cybersecurity together

To make the digital world more secure, Siemens joined forces with leading
global companies to sign the Charter of Trust in 2018 – a unique initiative to:

Protect the data of individuals

and companies

Prevent damage from people,

companies and infrastructures

Establish a reliable foundation on

which confidence in a networked,
digital world can take root and grow

Siemens Mobility GmbH 2019

Otto-Hahn-Ring 6
81739 Munich, Germany Subject to changes and errors.
The information given in this document only contains general descrip-
For more information, please visit: tions and / or performance features which may not always specifically
siemens.com/dcu reflect those described, or which may undergo modification in the
course of further development of the products. The requested perfor-
HL19074671 WP 0919 mance features are binding only when they are expressly agreed upon in
© Siemens Mobility GmbH 2019 the concluded contract.