Check our Library for the Complete Story on our Products & Technology
Resource Library «
• Compliance Info
• Video Demos
• Use Cases
• Case Studies
• White Papers
• Product Sheets
• The Owl Advantage
Resource Library «
Established in 1999, Owl has a proven history in creating best-of-breed cybersecurity products, specializing in data diode technology designed from the ground up with components specifically purposed for one-way transfer.
Proudly USA owned and operated in Ridgefield, CT, Owl manufactures and supports network security products for the US intelligence, military, and government communities, critical infrastructure, and commercial enterprises.
Video Product Demonstrations «
OPDS-1000 - Real Time, One-Way Data Transfer Over a Data Diode «
OCDS-ST06 - Real-Time Streaming Video Transfer Solution «
OPDS-100D - Rockwell Automation Data Transfer «
2015| HOTT Presentation - Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes | Dennis Lanahan
2016| AUSA Global Symposium Presentation - Owl Speaks About Cybersecurity | Anthony Buono
Use Cases «
Booklet Includes All Use Cases Below
White Papers «
What do Owl products do?
Owl Computing products enable the secure, hardware-enforced, one-way-only transfer of data between network domains of different security levels and policies. Owl solutions ensure the isolation of both networks, while facilitating the delivery of mission-critical, and time-critical, information.
What is a data diode?
A data diode is an inter-network connection that permits information to travel in one direction only. It is most commonly deployed between two or more networks of different security classifications.
How do Owl products work?
Our core products are combinations of Owl-designed communication card hardware & drivers, and internally developed software applications. Communication cards are mounted in Send-only (Blue) and Receive-only (Red) server platforms, connected via fiber-optic or copper cabling. Owl software, specific to the kind(-s) of data to be transferred, is installed in both platforms. The Blue Owl application converts the data to Owl proprietary format, segments it to ATM cells, and sends it to the Red machine. The Red Owl application restores the information to its original format, for distribution to selected destinations.
What is Owl DualDiode Technology®?
The Owl DualDiode data diode design is a multi-layered approach for the transparent and secure transfer of user applications (files, TCP/IP traffic, streaming video, syslog messages, data historians, SCADA, etc.), across a wide range of computer operating systems. DualDiode solutions enable hardware-enforced, one-way information transfer between discrete network domains, to ensure communications capability and absolute assurance against data leakage -- at link speeds ranging from 2Mbps to 10Gbps. Custom-designed Send-only & Receive-only Communication Cards are matched with proxy/adapter Owl software applications to “condition” specific user data types to the Owl protocol break for transfer.
How does Owl secure information transfer operating systems?
Owl uses DISA Security Technical Implementation Guides (STIGs) and the processes of Certifiable Linux Integration Platform (CLIP) & Owl Security Enhanced Linux (OSELinux) to secure and constrain an OS to explicitly determined functionality and interaction with resident Owl software applications. This OS and application "hardening" may extend to the implementation of mandatory and/or role-based access controls, with customized menus explicitly defining what actions individual privileged users can take.
What does an Owl system do?
Owl systems pass data from one computer to another, and/or from one network to another, in one direction only. Data flows forward without impediment at high throughput rates. Data does not flow at all in the reverse direction. Data transfer may be low-to-high or high-to-low security. Some deployments may require both unidirectional paths, physically and logically separated but intrinsic to a higher application use.
Is the Owl system a firewall?
No. An Owl system does functions like a gateway, but with an important difference: data flows in one direction only, and paths are preconfigured. Because security is enforced in hardware, there is no possibility of security breach through software attack. Owl drivers have been developed internally and are not dependent on the TCP/IP communication stack of hosts on which they reside. An Owl data diode solution is a "non-routable" protocol break between the two networks it connects one-way. Owl systems cannot be "hacked."
What types of error-checking are used in Owl systems?
Data is verified at multiple levels. Error-checking is performed in hardware in accordance with ATM AAL5 protocol. At a higher level, advanced hash algorithms are used to validate integrity of IP packets assembled from ATM cells. Packet sequences are also verified. Finally, the packets are merged into higher level data structures that are also verified using advanced hash algorithms.
How fast will data flow through an Owl system?
Owl Communication Cards are designed to meet individual client capacity needs. Link speeds range from 1Mbps to 10Gbps.
For an example of throughput, link speed for Owl 2500 Communication Cards is 2.488 Gigabits/sec. When configured for clear-channel, an Owl 2500 pair transfers up to 270 Megabytes/sec of content. When configured as channelized, a 2500 pair will support up to 8 virtual connections over a single physical link, each connection configurable to meet individual application needs.
How does Owl manage log files?
Owl provides log file capability on Send-only and Receive-only servers. The level of detail of information that is stored in these log files is controlled by an argument in the startup scripts. All software applications support the Owl log file-management system, and the maintenance of historical information such as data archiving, aging, etc.
Log files may be viewed locally or remotely by Owl Performance Management Service OPMS, on which real-time logs are replicated and displayed graphically via a Web interface. Alternately, Owl Log File Service (OLFS) delivers log information as a datagram stream to a third-party enterprise network manager, or as static files for admin analysis.
Can we run multiple Owl Applications on the same machine(s)?
Yes. Owl SNTS supports concurrent UDP, TCP, and file transfer; a single Communication Card set enables the hardware transfers. With channelized Owl 2500 cards, for specific user needs, multiple Owl applications may be run on individual machines, with one card set.
What Data Diode Patent does Owl exclusively License from Sandia?
Owl Computing Licenses Patent Number: 5,703,562
Method For Transferring Data From An Unsecured Computer To A Secured Computer,
December 30, 1997.
What other Patents has Owl been granted?
On March 9, 2010, Owl received Patent Number: 7,675,867 for One-Way Data Transfer with Built-In Data Verification Mechanism, and markets the technology as the Owl Secure Acknowledgment Engine (OSAE).
On May 10, 2011, Owl was granted Patent Number: 7,941,526 for Transmission of Syslog Messages over a One-Way Data Link, to transfer syslog messages over DualDiode Technology®.
On August 2, 2011, Owl was awarded Patent Number: 7,992,209 B1 for "Bilateral Communication using Multiple One-Way Links."
On November 29, 2011, Owl was granted Patent Number: 8,068,415 B2 for "Secure One-Way Data Transfer using Communication Interface Circuitry."
On March 20, 2012, Owl was awarded Patent Number: 8,139,581 B1 for "Concurrent Data Transfer involving two or more Transport Layer Protocols over a Single One-Way Data Link."
Are Owl products certified and accredited?
Certified -- Owl Communication cards are NIAP Common Criteria-certified:
Owl 2500 Communication Cards -- NIAP Common Criteria EAL-4
Owl 155 Communication Cards, versions 3 & 4 -- NIAP Common Criteria EAL-4
Owl 155 Communication Cards, versions 1 & 2 -- NIAP Common Criteria EAL-2
Owl 052 - under consideration for EAL certification
Safety Certified - TUV Rheinland Group
All Owl DualDiode Technology products may be included in cross-domain solutions that require accreditation in operational deployment. Owl products function in over 1200 accredited applications throughout the DoD, US Intelligence community and other government agencies. Owl Perimeter Defense solutions are deployed throughout Critical Infrastructure organizations.
As of March 2012, Owl has two entries on the UCDMO Baseline Inventory as an accredited Cross Domain Solutions – OCDS-FT01 (formerly Owl 4.0) for low-to-high file transfer at link speed 155Mbps woth Solaris OS, and ECDS-FT01 for enterprise file transfer at link speed 2.5Gbps with Linux OS. A third candidate – OCDS-ST01 – will shortly join the first two. ST01 enables the secure transfer of Full Motion Video and COTS files.
I have been directed to review the UCDSMO Baseline Configurations against my requirements.
How do Owl solutions fit into the currently listed Baseline solutions?
As of January 27, 2012, Owl OCDS-FT01 (formerly Owl 4.0) & the Owl ECDS-FT01 (formerly ECDS) are accredited Cross Domain Solutions for transfer on the UCDMO Cross Domain Baseline List. This designation describes solutions that are accredited, and have been successfully evaluated for re-use by other programs requiring these functionalities. This is in addition to many existing niche and individually accredited solutions for individual Agency, DOD or program uses.
Are Owl systems reliable?
Yes.. No Owl system has ever failed in the field.
Do we have to re-certify when we modify or create new software applications based on Owl systems?
No. Security in Owl systems is primarily enforced in hardware, and it is Owl hardware that is certified.
Can the Owl system improve the security of my network?
Yes. Owl systems are designed to prevent leakage of sensitive information from secure isolated networks. Data flows into the secure network, but cannot flow out through the same channel. Without the capability of bilateral communications, the secure network is rendered impervious to probing cyber attacks.
If Owl products send data one-way only, then how do I know my data arrived successfully?
The Owl suite of secure one-way data transfer systems does not provide any back-channel for data verification. Instead, Owl systems perform multiple levels of error-checking on both the Send and Receive machines as data is being sent. Owl systems have proven highly reliable, and are widely used by the most demanding IT customers in the US DoD, US Intelligence Community and major critical infrastructure customers. For clients requiring explicit confirmation of data receipt, the Owl Secure Acknowledgment Engine provides this capability, with no compromise to the original one-way transfer of information.
Can the Owl system support multiple users?
Yes. Owl systems are server-based; the combination of high throughput and seamless network integration accommodates multiple concurrent users. In Enterprise Services deployments, an Owl ECDS can support a wide range of service subscribers, each with its own set of security policies, across a single physical link.
For Process Control customers, an Owl Perimeter Defense solutions can support a range of different applications, with up to 32 individual connections, on a single physical chassis.
Can I move large files through the Owl system?
Yes. Multi-GigaByte and TeraByte-scale files have been reliably transferred through Owl systems. In such cases, Owl 2500 Communication Cards are preferred because of their high link speed (2.488 Gigabits per sec) and high content throughput rates (clear channel - 270+ MegaBytes/sec) automate transfers that had typically been sneaker-net/walk-net transactions. An estimated file size upper limit of 2 TeraBytes is imposed by limitations in host operating systems.
Will the Owl system transfer streaming video?
Yes. Owl solutions will pass streaming video in real-time. On the Send-only server, the optional Owl MUX/DEMUX Server application supports N instances of distinct UDP streams. On the Receive-only server, the MUX Server supports unicast, multicast, and broadcast distribution modes. The OCDS-ST01 Cross Domain Solution is specifically designed to support video and COTS files transfers.
How does Owl offer a TCP product in a one-way environment, if TCP typically requires handshaking?
With Owl TPTS, TCP client establishes a "handshake" with TCP server on the Send-only machine. TCP/IP address information is stripped from the incoming packets, with packet payload transferred to the Receive-only machine. The receiving machine establishes a TCP handshake with its intended recipient and completes the transfer. In Web Server language, the Owl application may be thought of as a one-way proxy. For maximum security, no IP routing information is passed across the one-way link.
Do any Owl products provide encryption?
Yes. Owl Remote File Transfer Service may impose encryption and authentication on files delivered as TCP/IP packets across networks, or from a source, across a DualDiode transfer, to a destination.
Other encrypt/decrypt services may be integrated into an Owl cross-domain solution, as with malware scanning and/or data filters. Our products provide a physical one-way link that allows users to safely send data and trust that absolutely no information - not even handshaking protocols - escapes from your private network via our products.
With what hardware and software are Owl systems compatible?
Owl systems are designed for compatibility with all network devices that support standard IP network communication protocols. Owl secure one-way data transfer systems are designed to function transparently on their host networks. Owl one-way data transfer hardware may be installed in any computer platform with standard PCI-x or PCI-e bus slots operating at 3.3 volts or 5 volts. Owl hardware and software has been extensively tested with a wide range of operating systems - Windows, Solaris, and LINUX. Check under the Products sub-menu for up-to-date Version Information.
Are Owl systems easy to install?
Owl OEM product kits feature color-coded components, streamlined installation procedures, and thorough documentation. Basic Owl systems are routinely installed by client personnel in less than an hour -- sometimes as quickly as 15 minutes.
What components are included in a Turnkey purchase option?
Today, in most cases customers purchase Owl products either as Communication Card sets with application-specific Owl software, or as fully developed Cross Domain Solutions (CDS) [or Perimeter Defense Solutions (PDS)]. Turnkeys include all the application-specific items, two rack-mount servers with the selected Owl communication cards and application software, tested and installed.
How much does an Owl system cost?
Owl systems vary in price based on Owl Communication Card selection, Owl software required for user-specific data types, CDS or PDS requirements, and optional lifecycle & configuration management. Contact us, via the Contact Form included on this website, or call Owl Sales toll-free 866.695.3387, for pricing details on your application.
Can Owl products be exported?
All Owl Communication Cards have an ECCN number of 5A991 with an AT1 restriction -- they can ship almost anywhere (exceptions, -- Cuba, Iran, Iraq is OK with some additional restrictions, Libya, N. Korea, Sudan and Syria).
Detailed information on ECCN ⟨ Export Control Classification Number ⟩ can be Found Here.
Owl Cross Domain Solutions, involving card sets, Owl software, specially modified servers and Oss, and content management suites are handled on a case-by-case basis.
Are you compliant with section 508 of the Rehabilitation Act?
Owl Computing Technologies, Inc.'s products are considered fully compliant with the applicable provisions of section 508 of the Rehabilitation Act. Owl products are designed to work seamlessly with accessibility enhancement features of their host platform operating systems, thus enabling Federal employees with disabilities to interact with Owl systems with the same effectiveness as Federal employees without disabilities.
Where are Owl cards manufactured?
Owl products are designed and manufactured In the USA.
All Owl products have a U.S. controlled supply chain.
How Does It Work?
Certs, Patents, Accreditations
Network Security Markets «
Cross Domain Markets «
UCDSMO Baseline Solution *
THE WL ADVANTAGE «
The Owl Advantage series highlights the unique features, benefits, technologies, and design elements that contribute to the overall value and ROI of the Owl product line, and set it apart from competitors. Specific traits and capabilities are identified and explained in detail to help decision makers and technical specialists understand how the product works and the specific benefits it can provide to their organization.
38A Grove Street, Suite 101
Ridgefield, CT 06877
Toll Free (US): 1-866-695-3387
Direct: +1 203-894-9342
Fax: +1 203-894-1297
Service & Support Center «
63 Copps Hill Road
Ridgefield, CT 06877
Direct: +1 203-894-5381
Fax: +1 203-894-5387
UCDSMO Baseline Solution *
• Air Force
• Intel Communities
• Department of Energy
• National Labs
• US Federal Agencies
• Commercial Facilities
• Defense Industrial
• Food & Agriculture
• Critical Manufacturing
SERVICES INDUSTRY «
• Emergency Services
• Financial Services
• IT Infrastructure
• Universities & Labs
ENERGY & UTILITIES «
• Nuclear Reactors
• Oil & Gas
• Water / Wastewater
Compliance Information «
Common Criteria «
Owl Version 7 Communication Cards successfully completed EAL-2 certification in 2014.
Owl 2500 v6 Communication Cards, with 2.488Gbps link speed, have successfully completed EAL-4 certification
under the Assurance Continuity program in 2007.
Owl 155 v4 Communication Cards successfully completed EAL-4 certification in 2007.
Owl 155 v3 Communication Cards successfully completed EAL-4 certification in 2005.
Owl 155 v1 & v2 Communication Cards successfully completed EAL-2 certification in 2002.
Federal Regulatory Guidance «
Threats to cyber security are capable of adversely impacting reliability of electrical power generation. Protection of critical infrastructures, which include the national electrical power grid and other essential utilities, are now considered a significant aspect of national security.
Compliance requirements define Critical Assets, on which reliability of the electrical power grid depends, and also defines Critical Cyber Assets (Information Processing systems) essential to the operation of the Critical Assets. Examples of Critical Cyber Assets at control centers and backup control centers include computer systems and networked facilities at master and remote sites that provide monitoring and control, automatic generation control, real-time power system modeling, and real-time inter-utility data exchange.
Critical Cyber Assets are wrapped in an electronic security perimeter, whose definition closely matches the definition of a network security domain used by the Department of Defense.
Owl one-way Cross Domain Solutions provide a method of secure access through the electronic security perimeter; enabling Critical Cyber Assets to share information with the outside world without risk of data corruption or loss of network integrity.
DualDiode® Technology from Owl computing provides a non-routable protocol break that is rendered in hardware and operates at the physical layer.
The Federal Information Security Management Act of 2002 (FISMA) recognizes the importance of information security to the economic and national security interests of the United States. FISMA also delegates specific duties and responsibilities to the Computer Security division of the National Institute for Standards and Technology (NIST) to provide guidance in securing Federal information systems.
NIST Special Publications in the 800 series present documents of general interest to the computer security community. NIST SP 800 publication numbers of particular interest include the following:
SP 800-30 | July 2002
SP 800-37 | May 2004
SP 800-53 | August 2009
Effective Reliability Standards that are clear, consistent and technically sound, coupled with a strong standards enforcement program, form the foundation of NERC’s efforts to help maintain and improve the reliability of North America’s bulk power system. NERC provides a number of additional programs and services designed to support owners, operators and users of the bulk power system in their efforts to attain operational excellence.
These include identifying issues before they have a chance to become critical, sharing best practices, supporting training and education, monitoring the international electric grid, benchmarking performance to provide the industry with an objective lens through which to view itself.
The U.S. Nuclear Regulatory Commission (NRC) was created as an independent agency by Congress in 1974 to enable the nation to safely use radioactive materials for beneficial civilian purposes while ensuring that people and the environment are protected.
The NRC regulates commercial nuclear power plants and other uses of nuclear materials, such as in nuclear medicine, through licensing, inspection and enforcement of its requirements.
Owl Computing Technologies is a member of the Nuclear Energy Institute (NEI). NEI is the policy organization of the nuclear energy and technologies industry and participates in both the national and global policy-making process.
NEI’s objective is to ensure the formation of policies that promote the beneficial uses of nuclear energy and technologies in the United States and around the world.
Quick Links «
38A Grove Street, Suite 101
Ridgefield, CT 06877 USA
+1 866.695.3387 Toll Free (US)
U.S. Owned & Operated