Today’s networks work harder than ever. Our reliance on apps and cloud services means that nearly everything we do — even writing this blog — requires constant network chatter. However, not all networks are the same, nor are all types of network traffic. For example, if our Facebook updates or even our Hangout video occasionally lag, we’re unlikely to notice or be too concerned.

Not so with building automation and industrial networks. These networks connect devices performing vital tasks — controlling factory robots, water treatment plants, HVAC systems, and the like. They rely on real time communications. These communications are called “process control messages” because that’s exactly what they do — follow a process to perform a task. In order for SCADA systems to operate, they must send and receive these messages with low, predictable latency measured in just a few milliseconds. Network congestion is not an excuse for problems on the line.

These real-time messages say things like “pick up the object from the end of the conveyer belt and put it in the box” or “report reactor temperature values for the last half hour”. Some of these control messages are small, cyclical, and extremely predictable. Some are occasional, periodic data dumps that spike network traffic. Failure is not an option. To make things more complicated, there is typically less headroom in control networks. They are often still using 100MB ethernet, and sometimes include slower radio links to more distant equipment.

Industrial devices also have a broad range of capabilities. Some devices used in control systems are modern, resilient, and can do their job under tough network conditions. Scan them for security problems and they will be fine. Others are cost-optimized and have significant restrictions on their ability to respond to network traffic. Some are legacy and not designed to receive any“unexpected” network traffic. Interrogation of these two types of devices has the potential tie them up, keeping them from doing their job, or even knocking them offline.

Traditional IT security products have no real awareness of these network conditions. Obviously, they inspect any traffic they see, including this process control traffic. But they don’t parse or keep any state on the control messages that predict network traffic. They aren’t aware of network bandwidth restrictions, and they don’t have any awareness of periodic network traffic bursts. Each flow (or worse, each packet) exists as a separate event, not a series of connected events delivering a specific business outcome; they are not process aware.

At Rosetta, we think it is time for effective, process-aware network security that is always on, but never in the way. Without this security technology, industrial networking teams will continue to struggle with the basic blocking and tackling of security, and we will never realize the full benefits of the current Industrie 4.0 and connected manufacturing.

Watch this space.