Utilities caught flat-footed in smart-grid security

Utilities caught flat-footed in smart-grid security

Summary: New research predicts more than $4.1 billion will be spent by 2018 to secure SCADA and industrial control systems.

TOPICS: Security

Just yesterday, I was chatting with one of my ongoing sources about technology trends for 2012. We weren't specifically focused on green technology concerns, but one of the items weighing heavily on his mind was the revelation that smart-grid deployments are pointing up a serious security gap in the industrial systems to control things like water pumps or dams and other utility services.

The supervisory control and data acquisition systems, fondly referred to as SCADA devices, at most of the nation's utility companies wasn't built, frankly, with the Internet in mind. These systems were supposed to live in their own little world, so security wasn't a big concern when many of these technologies were put into place.

The rise of the Stuxnet worm, which specifically focused on compromising SCADA technology, began waking up the world to the dangers of connecting these systems into the smart grid. Some of those vulnerabilities are mentioned on ZDNet's Zero Day security blog. The issue of specific dangers was raised in recent weeks when an apparent breach occurred at an Illinois water utility. Apparently, the incident was a false alarm. At least that is what we are now being told, but it doesn't make us any less vulnerable.

Now Pike Research is predicting a wave of security investments by utility companies specifically focused on industrial control systems. Between 2011 and 2018, more than $4.1 billion will be spent on related security projects, according to Pike Research's report, "Industrial Control Systems Security."

Notes Pike Research analyst Bob Lockhart:

"Many SCADA systems were deployed without security in the belief that SCADA would always be isolated from the Internet. But it's not, and even when it is, attacks such as Stuxnet can circumvent the isolation by using memory sticks to spread."

Lockhart warns that security means different things for the information technology and industrial controls world. Whereas the main foci of IT security solutions are concepts such as privacy or availability, SCADA security also needs to be concerned with reliability, safety and integrity, Lockhart said.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Can't even hire 'em as consultants

    How many truly competent and up-to-date security mavens are there? Does anyone believe there are enough to go around? After the military, the spooks, and the IT security consultants get done hiring theirs, what's left for the average water works or municipal traffic-control department... or their software suppliers?
    Robert Hahn
    • RE: Utilities caught flat-footed in smart-grid security

      @Robert Hahn - It's much more lucrative for the individual to be a consultant. However, I see most consultants as paper MCSE's with a little personal computer experience. As for how many... Are we talking REAL TRAINED or self proclaimed?
      • al Q'aeda, too

        I'm talking about the kind that can defend infrastructure against the Chinese military's top cyber warriors. MCSEs are not gonna cut it.

        We're not training anywhere near enough of these people. Just sayin'.
        Robert Hahn
  • Since no real humans

    Since no real humans do much manufacturing work anymore in the USA they cut back on security instead of cutting back on safety. Is that a real suprise to anyone? The ability to flip a switch at a municipal water treatment plant should never be able to be done over the Internet. Ever!