Body

 

 

Customer Needs

Securely collect remote ICS data from customer sites

Isolate and encrypt access over any network

No modifications to customer networks

Eliminate ICS Internet exposure

Deploy quickly with little local assistance

Manage without requiring new headcount or expertise

Constraints

Managed ICS’ run on customer networks

Can’t modify customer networks

Large distribution of very remote sites

Local installers with no IT expertise

Small staff supporting thousands of ICS

No downtime, 7x24 safety operations

Results

Plug-and play installation by installers

100% cloaking of industrial controls

90% reduction of attack surface

Runs over any unmanaged network

Machine to machine encrypted communications

Rapid on-boarding of new sites

 

Delivering Global Services

A leading manufacturer of industrial gas products, sells and distributes atmospheric, process and specialty gases to customers across many industries; from aerospace to food and beverage and electronics to healthcare systems in over 50 countries.

The global manufacturer installs and maintains production plants on its customers’ facilities running automated chemical processes managed by industrial control systems (ICS) for the production of specialty gases like Argon. To deliver on its service level agreements (SLAs), the manufacturer must continuously monitor remote production, safety and availability of their customers’ plants.

 

Safety and Security Exposure

The manufacturer has a 7x24 NOC at its headquarters to remotely monitor their equipment running at customer sites and a secondary NOC geographically separated. Some remote plants had no access to a network and no remote monitoring capability leaving them without a reliable way to ensure the safety and security of these critical pieces of infrastructure.

 

Looking for 7x24 Access and Segmentation

The company needed an access solution that could be deployed across a variety of production environments, could run on networks they didn’t own or control, and integrate with existing monitoring infrastructure without disruption. The manufacturer’s customers have local process control technicians performing general oversight and maintenance of the physical plant, but these local technicians often have no IT, network, or cyber-security training who would have to install the solution.

 

Support Legacy and Modern ICS Easily

They also wanted a solution that would not require changes to an underlying network and would protect and restrict access to both legacy and new ICS and SCADA systems regardless of their operating systems.

 

Alternatives Considered,
A Combination of Complexity and Cost

The manufacturer considered industrial cellular modems, enterprise and industrial IPSec VPNs, next-gen firewalls, and private network services through large cellular providers. They estimated that these traditional options would be too complex and too costly and not address all of their constraints and requirements. The would not provide the simplicity they needed with end-to-end encrypted access and segmentation that could run on any type of network.

 

Network Attack Vectors Eliminated

The Gas Manufacturer chose Tempered Networks’ Identity Defined Networking (IDN) solution because of its simplicity, ability to ride over any network, and unique access control enforcement. ICS and SCADA systems are visible and can communicate only with other authenticated and authorized machines; to all other systems they are invisible.

 

 

"The central console allows us to instantly add Identity-based access controls to our ICS and SCADA systems. It’s simple and fast to provision regardless of where our equipment is located and whether its running over customer, cellular, or commercial broadband. System communication is locked down to only authorized systems in our NOC."

Network Administrator
Gas Producer


10 Minute Plug and Play Deployment

The manufacturer quickly deployed by pre-provisioning HIPswitches and shipping them to non-technical customer staff to install. The plug and play design made it a simple two-step process. Once turned on, the HIPswitches automatically register to the Conductor, the ID network management console, and are placed into a hardened and segmented overlay network that cannot be breached. Each site installation and activation takes less than 10 minutes.

 

Stronger Security, Fast and Simple Failover

IDN enables centralized control over all aspects of support and maintenance, including the revocation of components that become lost, stolen, broken, or otherwise compromised. In addition, the manufacturer’s primary and secondary monitoring centers now have graceful failover between sites from ICS endpoints to specific servers providing granular availability control.

 

Peace of Mind with Reliable ICS Operations

Today, the manufacturer can easily monitor its production facilities around the world and ensure customer safety, security and availability from one central location. They no longer have to attempt to negotiate different network providers in each region or face complicated and unreliable installs for predictive monitoring access.

 

 

 

 

 

Experience the same simplicity, security, and cost-savings