Cybersecurity has never been a simple challenge to solve, but in Critical Infrastructure industries, defenders operate in a league of their own.
It starts with the adversaries, who aren’t opportunistic criminals looking for a quick win.
We’re talking about state-sponsored groups operating with government resources, or organized cybercrime networks whose objectives range from ransomware to long-term espionage.
To say the stakes are high would be an understatement; the FBI's 2024 Internet Crime Report recorded over 4,800 complaints from Critical Infrastructure organizations. It might not seem like a high number, until you look at it in the context of a year; statistically speaking, that number can mean 13 attacks daily, one every two hours. For defense organizations specifically, a successful attack can directly undermine national sovereignty.
It’s no surprise that such an intense threat environment operates under strict, non-negotiable compliance frameworks, such as the NCSC (the National Cyber Security Centre) in the UK.
Simultaneously, security solutions adhering to the NCSC need to be replicable across an entire system. Defense organizations are multi-layered, so their protection has to be modular, and applicable across the entire organization, not just the ones that first identified the need.
It was within this context that a leading NATO naval force partnered with OPSWAT with a clear mandate: a certified, NCSC-compliant CDS (Cross Domain Solution) that could scale beyond a single division and serve as a foundation for wide adoption.
Designing a Scalable CDS Architecture for Multiple File Types and Branches, within Zero Regulatory Flexibility
Our customer faced a challenge that initially seemed impossible to solve.
Building a CDS solution for IMPEX (Import/Export) data flows between different classification levels, compliant with strict NCSC network separation requirements. The solution needed to be scalable and repeatable across multiple defense branches, support a wide range of file types, and maintain the highest possible level of resilience against cyberthreats.
Let’s look at each layer in turn.
No Approved IMPEX Cross Domain Gateway Existed
Classified networks inside Government and Defense institutions need formally approved rules for IMPEX data flows, enforced via an IMPEX Cross Domain Gateway. It did not initially exist within our customer’s systems.
In practice, this means there was no approved digital process for IMPEX operations at all. Without it, the customer could not move data across classification boundaries in a traceable, audit-ready way.
Inspection Capabilities Needed to Support Multiple File Types
Multiple data types were moving across differently classified networks: user files, security patches, hardware firmware updates, containerized applications, and custom military software all needed to cross the same boundary. The data had to be thoroughly inspected, to ensure no malicious elements could have penetrated highly classified environments.
However, the larger and more complex the data, the harder it is to verify it is clean. Some file types could not be treated as ordinary documents. Patches, installers, firmware, scripts, and custom military software needed behavioral inspection, because static scanning alone could not prove how they would act once introduced into a classified environment. At the same time, any gap in coverage could have compromised the boundary itself.
Strict Standards Required Absolute Network Separation
The NCSC framework comes with strict patterns of how data needs to move between classification levels. Central to this are SEFs (Security Enforcing Functions): security checks covering everything from malware detection to format validation.
Operating under the NCSC, the customer had to establish absolute rules for network separation (SECRET/OPEN classification). The classified and unclassified environments must never communicate, with the CDS Gateway acting as an unconditional barrier.
Failing to meet the SEFs scan could either lead to a malicious file reaching a classified network, or the extraction of sensitive information.
Building a Solution Suitable for Broader Adoption
The requirement was never just to solve a single problem.
The governmental department spans multiple branches, agencies, locations, and commands, and the Cross Domain solution implemented by the customer had to work across all.
Something which only worked in one context would leave another part of the department facing an identical gap. The customer needed to build a system which could become a consistent standard and be extended across the entire organization.
When There Is No Margin for Error: A Layered, NCSC-Certified Cross Domain Architecture
The challenge presented by the customer wasn’t going to be solved with a single product.
Instead, OPSWAT built a multi-faceted architecture, supported by multiple products and technologies, where every layer works toward the broader goal: ensuring nothing crosses the classification boundary unchecked.
Physical Network Separation through the MetaDefender Optical Diode™
The base of the architecture relied on hardware data diodes, which enforce one-way data flow at the network level. Unlike software-based controls, which can be misconfigured or bypassed, a hardware diode makes backflow physically impossible.
Physical constraints guarantee the absolute SECRET/OPEN network separation required by the NCSC.
The MetaDefender Optical Diode is designed to enable secure, hardware-enforced one-way data transfer between IT and OT networks, making it physically impossible for traffic to travel from lower classified levels into protected environments.
Multi-Layered File Handling via the MetaDefender Core™ Platform
Every file crossing the boundary is intercepted and inspected by MetaDefender Core, with inspection depth calibrated to the destination environment.
Files moving into the SECRET network pass through the full stack: multiscanning with multiple engines to broaden detection rates and Deep CDR™ Technology to remove any hidden threats. The Adaptive Sandbox applies emulation-based dynamic analysis to suspicious files, forcing evasive malware to reveal behavior that may not appear in static inspection or traditional VM-based sandboxing.
Files moving into lower classification environments are only scanned with multiple anti-malware engines, ensuring consistent protection across every flow.
MetaDefender Core is OPSWAT’s advanced threat detection and prevention platform; combining the Deep CDR™ Technology, Metascan™ Multiscanning, and Adaptive Sandbox to secure file workflows across critical infrastructure.
Automated File Transfer with the MetaDefender Managed File Transfer™ Technology
The MetaDefender Managed File Transfer technology automates the import/export of all the various data types handled by the customer, creating a governed, auditable pipeline.
Nothing moves manually, nothing moves untracked, and nothing bypasses inspection layers.
MetaDefender Managed File Transfer enforces policy-based controls and integrated threat prevention to safely move sensitive files between organizations, systems, or security zones.
NCSC-Certified Architecture
The architecture built on OPSWAT’s products adheres to the NCSC's security patterns for cross domain data flows. It became the first government-certified IMPEX solution, meaning it can be adopted as a consistent standard across other branches of the organization without redesigning from scratch.
Building It Once, Building It Right, Scaling It to 1M+ Daily Files
At its core, CDS is a problem of assembling the right pieces into a system that holds under the strictest regulations, across every file type, at the scale demanded by real-life defense operations.
The environment is unforgiving: sophisticated, highly motivated adversaries, zero tolerance for compliance gaps, and no margin for error.
For our customer, CDS at scale is a solved problem. Together, we built a certified, modular architecture scalable to processing over one million files per day.
If it sounds simple, it's only because OPSWAT has been focused on file security for over twenty years, across the most demanding environments critical infrastructure has to offer.
Whether your company is confronted with a similar cross domain challenge, or a more general critical infrastructure file security problem, OPSWAT has the experience to help; let's talk.
