In late December of 2025, Polish critical energy infrastructure — including wind and solar farms, combined heat and power plants, and industrial systems — was targeted in a coordinated cyberattack by suspected nation-state hackers.
Here’s the quick rundown of what the attackers accomplished:
- They gained initial access through exposed VPN/firewall devices (e.g., Fortinet hardware) using default credentials and no multi-factor authentication
- Once in, they reached OT and ICS, deploying destructive “wiper” malware designed to erase or corrupt files on controllers and HMIs
- The attack caused loss of communication and monitoring between facilities and grid operators, corrupted firmware, and even permanently damaged some ICS devices — but didn’t cause a blackout.
How Data Diodes Could Have Helped
A data diode is a cybersecurity hardware device that enforces unidirectional data flow, meaning data can physically travel in only one direction—from one network to another—without any possibility of return traffic. Let’s explore some of the ways that a data diode could have prevented this attack.
1. Blocking Unauthorized Access to Operational Networks
OT and ICS devices were reachable through the network because perimeter equipment (like VPN gateways) led into those environments. Data diodes, if in use, could have been used between:
- The internet-facing network and the enterprise IT segment
- The enterprise IT segment and the OT/ICS domain
With a diode in place, even if attackers compromised a VPN service, they’d never get network bidirectional traffic into the OT domain.
This means that if credentials were stolen, attackers couldn’t send commands or payloads into systems behind a diode because the diode physically prevents traffic from entering that zone.
2. Protecting Monitoring/Control Channels
Some systems (like grid monitoring dashboards or historian servers) often need data from the ICS but don’t ever need to send commands back. With a data diode, OT data could be sent out to monitoring systems safely, and no external or enterprise domain system could initiate traffic into OT devices.
This is a critical component of defensive architecture for industrial settings where traffic must be one-way.
3. Hardening Against Lateral Movement
In this attack, once inside the network, the attackers moved laterally — from entry points into backend Windows domains and OT controllers. Were a data diode present, network segmentation would have been physically enforced. A diode would have additionally ensured that air gaps were securely controlled with one-way data flows.
Even if an attacker managed their way into one segment, they would be unable to reach other segments if those were protected by unidirectional barriers.
Defense-in-Depth Cybersecurity
It’s important to remember that implementing data diodes is a key part of an overall OT cyber strategy, but it's not the only part.
- Enforcing strong authentication
- Staying up to date on software vulnerabilities or misconfigurations
- Remembering that diodes are a network design control, not a monitoring tool
In other words, diodes are most effective as part of a defense-in-depth strategy that will need to be combined with:
- Strong credentials and MFA
- Proper patching and firmware verification
- Network segmentation and least-privilege access
- Anomaly and intrusion detection systems
Do or Diode
Data diodes secure critical environments by offering physical, enforced one-way data flow, making it much harder for attackers to reach and control industrial systems even if they breach perimeter devices. In Poland’s case — where hackers exploited internet-exposed systems and moved laterally into control hardware — strategic deployment of diodes could have:
- Blocked attack paths into OT segments
- Prevented malicious command and malware delivery to ICS
- Limited the scope of destructive actions
OPSWAT’s MetaDefender Optical Diode family of products offers a variety of form factors and configurations purpose-built to meet you where you need to secure the perimeter. Connect with an expert today and discover how one of our diodes or unidirectional gateway solutions can keep your critical environments secure.
