Cisco Subnet An independent Cisco community View more

New approach to Internet of Things security addresses merger of IT and OT

Internet of Things security IoT
Credit: ITworld/Steve Traynor

The IoT introduces new cybersecurity challenges for IT. Tempered Networks aims to provide help by taking an entirely new approach.

The concept of the Industrial "Internet of Things" (IoT) is still a bit of an enigma for most organizations, but it is certainly of high interest. I've been presenting on this topic at the IT Roadmap events and the sessions have been packed. If you find yourself in New York on July 29, stop by the Javits and see the session.

One of the challenges that businesses face with the IoT is how to bring IT (Information Technology) and OT (Operational Technology) together. If you're unfamiliar with IT versus OT, IT is, of course, corporate IT, which is the group that most of the readers of this site belong to. OT is responsible for the technologies that deal with operating the business and generating revenue. This is a very broad range of items and is normally vertical in nature: trucks in field service, medical equipment in healthcare, factory floor hardware in manufacturing. etc.

In an IoT world, everything gets connected to a common network. This means water pumps, heart monitors, conveyor belts, and heavy machinery will be connected to the same network that supports printers, PCs, and corporate servers. There is a little bit of overlap in these two worlds, as some manufacturers make infrastructure to be used in industrial environments. Ruggedized laptops and fanless Ethernet switches are good examples. For the most part, though, these two worlds are separate and IoT is bringing them together quickly as the data these devices generate provides valuable insight into the revenue-generating components of the enterprise.

One of the challenges is how to secure the OT devices. They may exist on a network today, but they're likely closed, not in a secure data center, and do not have the same level of instrumentation to manage and secure themselves. IT already struggles to secure the corporate network. Now they're tasked with bringing OT technology onto that network and maintaining the same or higher levels of security. This might sound like an impossible task, but there is a vendor addressing this problem.

I recently ran across a company called Tempered Networks that has a solution designed to secure OT endpoints. Tempered can actually improve IT security, but IoT would certainly be the low-hanging fruit for the solution for more organizations. The company has an appliance (physical and virtual) called a HIPswitch that sits immediately in front of any IP-connected device. The HIPswitches are managed centrally through the HIPswitch Conductor, which is a controller and orchestration engine.

The HIPswitches are both hardened and data-center grade, purpose-built security appliances that assume that the network it is connected to is untrusted, so the default is no connectivity. Through the Conductor, the administrator can configure private overlay networks between HIPswitches. For example, in a factory floor, the equipment may only need to talk to a single central server. The HIPswitches can be used to create a secure, overlay network between the equipment and that one server that would remain invisible to everything else. 

The Tempered model is the opposite of the way traditional security works. Instead of assuming trust and then trying to manage the untrusted, Tempered assumes zero trust and then the administrator defines explicit trust relationships between the HIPswitches to allow whitelisted communications of protected devices.

Also, the IP addressing of the HIPswitches on the untrusted network is completely independent of the IP addressing scheme of the overlay networks, meaning the HIPswitches will ignore any communications coming from the untrusted network that does not have a peer HIPswitch identity. This protects the device from being infected by malicious traffic. A worm could be running rampant over the physical network but would have no access to the private overlay networks. For you Star Trek fans out there, think of having a Klingon cloaking device for your OT endpoints.

The HIPswitch Conductor also allows for delegation of management on a per-overlay basis, so for organizations that want to maintain some separation of IT and OT, IT could set up the policies and networks and then OT could take over the management of them. 

Because of the IoT, we're likely to see orders of magnitude more devices connected to data networks over the next few years, many of which will have no native security capabilities. Tempered Networks provides an easy way for businesses to connect OT endpoints rapidly without having to worry about compromising the security of the rest of the organization.

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies