Abstract: A private overlay network is introduced into an existing core network infrastructure to control information flow between private secure environments. Such a scheme can be used to connect a factory automation network linking operations devices to a corporate network linking various business units, with enhanced network security. Such a connection can be facilitated by introducing into the existing infrastructure a set of industrial security appliances (ISAs) that work together to create an encrypted tunnel between the two networks. The set of ISAs can be scalable to overlay differently sized core networks, to create the private overlay network. Connections to the private overlay network can be managed by the ISAs in a distributed fashion, implementing a peer-to-peer dynamic mesh policy. The industrial security system disclosed may be particularly advantageous in environments such as public utility systems, medical facilities, and energy delivery systems.

Abstract: Embodiments are directed to managing secure communication between a plurality of node computers over a network. If overlay networks for node computers are provided for communicating between the node computers, a mesh network may be configured. If a node computer that may be associated with the overlay networks sends a communication to other node computers also associated with the overlay networks, a gateway computer associated with the node computer may perform actions to process the communication. The gateway computer may select an overlay network based on the node computer. Target gateway computers associated with the other node computers may be determined based on the overlay network and the mesh network. Physical paths from the gateway computer to the target gateway computers may be determined. The gateway computer may send the communication to the target gateway computers over the physical paths and then to the other node computers.