Building a Cyber Security Infrastructure

Tempered Networks presents alternative architecture approach
By Bill Lydon, Editor
A company called Tempered Networks has developed an interesting, alternative approach to cyber-protection architecture for industrial control systems. The architecture goes beyond a software only solution and includes both hardware and firmware components to create a secure industrial automation network. Tempered Networks, formerly Asguard Networks, was founded by David Mattes, current Chief Technology Officer (CTO), in April 2012. Meeting multiple international standards, the Tempered Networks solution is based on Mattes’ 7-years of Boeing R&D experience. Jeff Hussey was recently appointed President and is a successful entrepreneur who previously founded F5 Networks, Inc. The company has an installed base of 15 customers in manufacturing, oil and gas, utilities (water, power and energy) industries. The first installation was completed in December 2012.
Tempered Networks has an alternative cyber security protection approach to the many software-only approaches. Other solutions reside on the same computers with many other applications that are subject to constant software updates, configuration changes, and operating system updates. Because of this, other solutions are potentially very brittle, susceptible to many faults, and create an opportunity for cyber security breaches. Furthermore, as Industrial Ethernet protocols have proliferated on the factory floor, IP devices have become vulnerable to cyber threats. While the importance of cyber security protection is being emphasized, the industrial Ethernet protocol associations behind EtherNet/IP and PROFINET do not yet support IPv6, the latest computer networking standard. IPv6 incorporates higher levels of security, more efficient routing and packet processing, superior multicast, simplified network configuration, and other benefits.
Tempered Networks Architecture
The Tempered Networks solution is an overlay network architecture that cloaks critical infrastructure devices, while allowing them to communicate over secure channels. The solution offers centralized governance and oversight. Tempered Networks strategy uses hardware, software and firmware to create a cyber-secure architecture that works with existing automation controllers and industrial protocols. Cyber security best practices are embedded in hardware appliances that simplify deployment and administration. This solution is based on standards from the Trusted Computing Group (TCG), the Internet Engineering Task Force (IETF), and the International Society of Automation (ISA).
Users add security appliances at each controller and PC node associated with industrial automation (HMI, historians, etc.). This appliance, called a HIPswitch, is an industrially hardened, small form factor device. The HIPswitch connects to the controller/PC communications ports and also has another port to connect to the plant Ethernet. Versions are also available with Wi-Fi and cellular communications. Communications and network security is administrated by Tempered Networks HP Switch Conductor appliance, which creates a secure private network (SPN).
The HP Switch Conductor is used to authorize and configure communication security policies for HIPswitch devices on the SPN and provides function to centrally govern, audit, and monitor the networks. Using the HP Switch Conductor, users can selectively authorize access, create secure private networks, and define security policies for each device. The architecture also enables integration of remote devices using cellular communications. This secure overlay network can coexist on a plant network that has normal Ethernet communications, but it is invisible to other network devices. This approach provides a way to create a network and migrate all existing equipment to a cyber-secure environment. It works on both IPv4 and IPv6 networks.
Empowering Philosophy
Based on Mattes’ years of real-world experience, the Tempered Network’s solution is designed so users can implement a secure industrial automation network on their own, as a “drop-in” solution. This approach lowers the barrier for creating secure networks by removing complexity and reducing the risk of configuration errors. Mattes said, “The solution must be easy to deploy, it has to make peoples job easier.” “Security has become such a complex, difficult can of worms. It has to be responsive to the evolving threat today. Users can’t patch software fast enough to keep up. We are doing this today for Fortune 500 companies.”
Related Articles
- Bill's Automation Perspective on Cybersecurity
- Industrial Ethernet Architecture & Cyber Security Risk
- Cyber Security Lessons from a Military Leader
- Industrial Cyber Security Compliance & Enforcement
- Ethernet Infrastructure - Is IPv6 another Y2K?

Check out our free e-newsletters
to read more great articles.
- Posted in:
- Article
- Related Portals:
- Cybersecurity, Factory Automation, Industrial Networks, Process Automation
MORE ARTICLES
-
Lean Manufacturing and the Global Digital Process Automation Market
By Thomas R. Cutler
Digital Visual Management on the manufacturing plant floor is secure by creating virtual meeting rooms for real-time, 24/7,... -
Inside the Top Causes of PLC Control System Failure
By James Davey, Boulting Technology
Despite their resilience and rugged design, PLC-based control systems can still break down and their failure... -
Network Monitoring: Passive, Active or Both
By Zane Blomgren, Tripwire
There is little doubt that the need for OT operators to adapt to stronger cyber security postures is getting... -
Making the IoT Work for Test
By Mike Santori, National Instruments
The IoT and IIoT are making test more complex. IoT technologies can help address automated test challenges.... -
To CNC or not to CNC?
By Jonathan Wilkins
In industry, both 3D printing and CNC machining allow manufacturers to produce complex parts but sometimes it can be difficult...
RELATED
-
Softomotive announces Softomotive’s RPA Academy online learning portal
The Softomotive Academy is designed to improve the employability quotient of professionals and developers. It provides them with the opportunity to...
-
OSI to help Spanish power company enhance SCADA/Generation Management System
This system with replace an aging SCADA/GMS currently servicing the Balearic and Canary Islands, two Spanish archipelagos in the Mediterranean Sea...
-
Beckhoff Automation announces Kevin Barker as President
As the new president, Barker will oversee all sales, engineering, marketing and administrative operations from the headquarters of Beckhoff...
-
Dassault Systèmes announces acquisition of elecworks automation design software product line...
The acquisition of the elecworks assets will streamline and boost Dassault Systèmes’ development of an integrated mechatronics solution on the...
-
CyberX partners with Spire Solutions to strengthen industrial cybersecurity solutions in the...
CyberX is an industrial cybersecurity company to have been awarded a patent for its ICS-aware threat detection analytics and machine learning...