Data Diode
A network device enforcing unidirectional data flow, making any traffic in the reverse direction physically impossible - used to protect critical networks.
What is a Data Diode?
A data diode is a specialised network device that physically enforces unidirectional data flow. Unlike firewalls, which filter traffic based on configurable rules, a data diode provides hardware-level guarantees - data can flow in only one direction, and any return traffic is physically impossible.
A typical data diode consists of an optical transmitter on the source side and a receiver on the destination side, connected by optical fibre with no capability for return transmission. More advanced solutions support various protocols (OPC, Modbus TCP, Syslog, file transfer) and emulate bidirectional communication on the source side so that applications can function normally.
Data diodes are deployed in the energy sector, nuclear industry, defence and critical infrastructure - wherever monitoring data needs to flow from the OT network to the IT network without any risk that an attacker could use the connection to penetrate the industrial network.
Why does it matter?
A data diode offers the highest level of protection against remote attacks on OT networks - even if the IT network is fully compromised, the attacker cannot send a single packet through the diode towards the protected network. It is used as an alternative or complement to an air gap, enabling controlled export of operational data (e.g. to historian systems, SIEM or management dashboards) without breaching the isolation of the critical network.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.