Building a Cyber Security Infrastructure

Tempered Networks presents alternative architecture approach
By Bill Lydon, Editor
A company called Tempered Networks has developed an interesting, alternative approach to cyber-protection architecture for industrial control systems. The architecture goes beyond a software only solution and includes both hardware and firmware components to create a secure industrial automation network. Tempered Networks, formerly Asguard Networks, was founded by David Mattes, current Chief Technology Officer (CTO), in April 2012. Meeting multiple international standards, the Tempered Networks solution is based on Mattes’ 7-years of Boeing R&D experience. Jeff Hussey was recently appointed President and is a successful entrepreneur who previously founded F5 Networks, Inc. The company has an installed base of 15 customers in manufacturing, oil and gas, utilities (water, power and energy) industries. The first installation was completed in December 2012.
Tempered Networks has an alternative cyber security protection approach to the many software-only approaches. Other solutions reside on the same computers with many other applications that are subject to constant software updates, configuration changes, and operating system updates. Because of this, other solutions are potentially very brittle, susceptible to many faults, and create an opportunity for cyber security breaches. Furthermore, as Industrial Ethernet protocols have proliferated on the factory floor, IP devices have become vulnerable to cyber threats. While the importance of cyber security protection is being emphasized, the industrial Ethernet protocol associations behind EtherNet/IP and PROFINET do not yet support IPv6, the latest computer networking standard. IPv6 incorporates higher levels of security, more efficient routing and packet processing, superior multicast, simplified network configuration, and other benefits.
Tempered Networks Architecture
The Tempered Networks solution is an overlay network architecture that cloaks critical infrastructure devices, while allowing them to communicate over secure channels. The solution offers centralized governance and oversight. Tempered Networks strategy uses hardware, software and firmware to create a cyber-secure architecture that works with existing automation controllers and industrial protocols. Cyber security best practices are embedded in hardware appliances that simplify deployment and administration. This solution is based on standards from the Trusted Computing Group (TCG), the Internet Engineering Task Force (IETF), and the International Society of Automation (ISA).
Users add security appliances at each controller and PC node associated with industrial automation (HMI, historians, etc.). This appliance, called a HIPswitch, is an industrially hardened, small form factor device. The HIPswitch connects to the controller/PC communications ports and also has another port to connect to the plant Ethernet. Versions are also available with Wi-Fi and cellular communications. Communications and network security is administrated by Tempered Networks HP Switch Conductor appliance, which creates a secure private network (SPN).
The HP Switch Conductor is used to authorize and configure communication security policies for HIPswitch devices on the SPN and provides function to centrally govern, audit, and monitor the networks. Using the HP Switch Conductor, users can selectively authorize access, create secure private networks, and define security policies for each device. The architecture also enables integration of remote devices using cellular communications. This secure overlay network can coexist on a plant network that has normal Ethernet communications, but it is invisible to other network devices. This approach provides a way to create a network and migrate all existing equipment to a cyber-secure environment. It works on both IPv4 and IPv6 networks.
Empowering Philosophy
Based on Mattes’ years of real-world experience, the Tempered Network’s solution is designed so users can implement a secure industrial automation network on their own, as a “drop-in” solution. This approach lowers the barrier for creating secure networks by removing complexity and reducing the risk of configuration errors. Mattes said, “The solution must be easy to deploy, it has to make peoples job easier.” “Security has become such a complex, difficult can of worms. It has to be responsive to the evolving threat today. Users can’t patch software fast enough to keep up. We are doing this today for Fortune 500 companies.”
Related Articles
- Bill's Automation Perspective on Cybersecurity
- Industrial Ethernet Architecture & Cyber Security Risk
- Cyber Security Lessons from a Military Leader
- Industrial Cyber Security Compliance & Enforcement
- Ethernet Infrastructure - Is IPv6 another Y2K?

Check out our free e-newsletters
to read more great articles.
- Posted in:
- Article
- Related Portals:
- Cybersecurity, Factory Automation, Industrial Networks, Process Automation
MORE ARTICLES
-
Manufacturing Automation - Inside Universal Robots Efforts to Empower the Small/Medium Enterprise
By Bill Lydon, Editor, Automation.com
Collaborative robots are re-defining the way manufacturers operate today. To help further that process is... -
Predicting the Future of Industrial Maintenance
By Gernut van Laak, Group Automation Solutions Leader, ABB Food and Beverage
The need for factory maintenance often goes unnoticed. This article... -
Integrators Talk about Collaborative Robots: A Roundtable Discussion
By Jeff Burnstein, A3
The Association for Advancing Automation (A3) reached out to several large automation integrators to get their input on the... -
Lean Manufacturing and the Global Digital Process Automation Market
By Thomas R. Cutler
Digital Visual Management on the manufacturing plant floor is secure by creating virtual meeting rooms for real-time, 24/7,... -
Inside the Top Causes of PLC Control System Failure
By James Davey, Boulting Technology
Despite their resilience and rugged design, PLC-based control systems can still break down and their failure...
RELATED
-
Mobile Safety in Hazardous Areas
By Pepperl+Fuchs
Mobile devices can solve many challenges in hazardous industrial environments. But a device that lacks the proper protection... -
Rockwell Automation and Schlumberger announce Sensia joint venture
The Sensia joint venture will be a fully integrated provider of measurement solutions, domain expertise, and automation to the oil and gas...
-
Valve Manufacturers Association of America (VMA) announces 2019 Annual Valve Industry Knowledge...
The 2nd Annual Valve Industry Knowledge Forum will be held April 9-11, 2019 at the Doubletree Hotel at Perimeter Park in Birmingham, AL.
-
Northrop Grumman Corporation announces appointment Om Prakash as Chief Executive, Japan
As chief executive, Northrop Grumman Japan, Prakash will be responsible for ensuring effective performance on current programs, as well as...
-
Integro partners with Industrial Eye to enhance machine vision solutions
Industrial Eye and the Integro team are joining forces to provide vision solution applications to a wide array of industries.