Ever-increasing advances in industrial network connectivity and remote access bring with them increased cybersecurity fears.
“Connectivity enables the enterprise to aggregate data and, through analytics, perform predictive maintenance and increase uptime,” says Lucas Kane, director of product management atTempered Networks, a provider of cybersecurity technology. “However, devices in industrial M2M (machine to machine) networks were not built with security in mind and if these networks aren’t secure, hackers can find pivot points into the network.”
As the number of connected devices in industrial facilities increases, cybersecurity becomes more complex; yet the supply of IT resources in an organization may not keep pace with this growth. And while basic cybersecurity measures such as firewalls and VLANs still have value in network segmentation, it is becoming increasingly important to secure individual devices on the network.
“Security requires a defense-in-depth approach,” Kane explains. “Were a hacker to get past your firewalls, can they easily access your most critical infrastructure? The Tempered system not only encrypts all data but it cloaks or hides your infrastructure. You can’t hack what you can’t see.”
Alane Moran, Tempered Networks’ vice president of marketing adds, if a hacker “cannot see the devices, they cannot attempt to breach them—even if they know they are there. [When a device is cloaked] there is no visible IP address on the network.”
This is the idea behind Tempered Networks’ technology: provide encrypted overlay networks that leverage existing TCP/IP networks to cloak endpoints (such as servers, IP cameras and PLCs) and industrial Internet of Things (IIoT) devices. The system is comprised of two types of components: aHIPswitch(a security appliance) and aConductor(the orchestration engine). “The host identity protocol (HIP) bases trust on cryptographic IDs, rather than spoofable IP addresses,” says Kane. “Not only are all endpoints hidden, but you can truly verify the identity of a device before allowing trust between two protected devices or users.”
When a HIPswitch is protecting an IP- or serial-connected device, the device becomes invisible to any untrusted device, system or hacker. The Conductor, which acts as the brains of the operation, provides single-pane-of-glass management (a single device/interface that presents data from multiple sources) of all HIPswitches, devices, and communications policies.
Tempered Networks’ approach begins with zero trust, meaning that only whitelisted devices can communicate with each other. Until the Conductor establishes trust—and therefore a connection—nothing can communicate with a HIPswitch-protected device.
Plus, HIPswitches are built to withstand harsh industrial environments with wide operating temperature ranges and can use wired, WiFi or cellular connections. Virtual models are also available.
Despite its seemingly rigid framework of operation, the technology does allow for flexibility and scalability. Once a company has a HIPconductor in place, new devices can be cloaked by purchasing additional HIPswitches (they plug and play with the existing conductor.)
In terms of costs, where some security systems come with significant maintenance costs or subscriptions and require expensive IT staff to deploy and operate, the Tempered Networks’ system is purpose-built to be easy-to-deploy and manage, requiring little or no advanced IT skills. In addition to the purchase price of the system, customers pay a small maintenance fee that covers technical support, firmware upgrades and an ongoing hardware warranty. Of course, the cost of implementation varies based on the number of devices that require cloaking, but as an example, a company with 10 endpoints to protect may spend in the range of $25,000-30,000 to purchase 10 HIPswitches and a Conductor.
“The total cost of ownership of the Tempered system is significantly less that traditional security systems. IT teams can quickly scale their networks and ensure their infrastructure is secure by default,” explains Kane.
The company’s technology is currently used by multiple Fortune 500 companies in manufacturing environments and a variety of utilities servicing major metropolitan areas in the U.S. to cloak endpoints and secure communications.