New model lets complex corporate networks layer security on top of legacy systems
Established companies gain confidence in cloud computing while safeguarding data
By Byron Acohido, ThirdCertainty
Tempered Networks got its start by taking a unique approach toward locking down the industrial control systems (ICS) used at the Boeing Co.’s airplane manufacturing plants.
The problem Boeing was trying to solve at the time turns out to be much the same as the puzzle organizations of all types face today: How do you ingrain security into complex hybrid networks without completely throwing out legacy systems.
Striking that balance in the age of cloud computing and the Internet of Everything is crucial to empowering employees to securely and productively leverage modern IT systems. “Security is great, but business has to run,” says Marc Kaplan, vice president of security architecture and services at Seattle-based Tempered Networks.
ICS technologies predate the internet. So those used in manufacturing plants, utility plants and transportation systems remain a huge security challenge. The rising dominance of cloud computing and mobile devices to run modern-day networks has exposed ICS controls, in particular, to threat actors.
Related article: Critical infrastructure attacks remain clear and present danger
Boeing, for instance, found it challenging to assure security of its industrial controls while also maintaining a high pace of jetliner production. “They had to find a way to identify and separate systems from each other,” Kaplan says. The solution came in the form of an innovative protocol—called HIP, host identity protocol—developed by Ericsson and sponsored by Boeing and the U.S. Navy.
Stability and security
“Essentially, it’s an overlay, so an environment can keep running the systems it ran before,” he says. It’s an identity-based network, an architecture that “rides above” an established system, without changing fundamental system attributes.
It was an important breakthrough, since most industries are reluctant to make wholesale changes to legacy systems that are working. In today’s banking sector, for example, “these systems run very old code, and for good reason,” Kaplan says. “They’re very stable; the upgrading is a high risk.
“When you’re running an electric grid, turning the grid off is not an option, so these systems couldn’t protect themselves,” he says. They needed an easy way to create identity-based networking without compromising or crashing the existing system.
Kaplan says using the HIP system provides companies something they could not do on their own, “which is rock-solid security with very fast and reliable connectivity.”
As it has turned out, Tempered Networks’ commercialized version of HIP has uses beyond industrial and financial systems. With companies turning over large chunks of their networking infrastructure to hosted services, like Microsoft Azure, Google Cloud and Amazon EC2, the same dilemma has cropped up: “How do I connect my enterprise environment to the cloud and do it seamlessly without having to re-architect pieces of it?” Kaplan says.
There’s also the question of protection. “Once I’ve moved the security aspects out of my data center into the cloud, I now have to rely on attributes of the cloud provider to keep security for me,” he says. “There’s more potential for inroads into your enterprise environment. … You’ve now extended yourself out to another data center.”
Sharing becomes easier
With a HIP system, companies can build overlays to share networks and network information. “If I want to send a file to you, I can have my own profile with you that you can come to my system. At the same time, I can have a profile that talks to my corporate network, as well,” Kaplan says. “I can extend what would be my cloud directly to the people I want into my services.”
For a deeper drill down on what Tempered Networks is bringing to the table, please view the accompanying video.
More stories related to corporate network security:
Targeted attacks on industrial control systems surge
Sophisticated tools help protect legacy industrial systems
Hacked sirens should serve as warning that better infrastructure security is needed