Securing communications from a process plant to a remote system includes a data diode disposed therebetween that allows data to egress from the plant but prevents ingress of data into the plant and its associated systems. Data is secured across the data diode by securely provisioning a sending device at the plant end of the diode to a receiving device at the remote system end. The sending and receiving devices share secret key material that is recurrently updated. To ensure fidelity of communications across the unidirectional data diode, the sending device recurrently provides context information that is descriptive of data sources of the plant. Additionally, data transmitted from plant data sources to the sending device of the data diode may be secured using a respective security mechanism/technique, and data transmitted from the receiving device of the data diode to the remote system may be secured using a respective security mechanism/technique.
