GreenTech Pastures

Heather Clancy
Home / News & Blogs / GreenTech Pastures

Utilities caught flat-footed in smart-grid security

By | December 9, 2011, 8:44am PST

Summary: New research predicts more than $4.1 billion will be spent by 2018 to secure SCADA and industrial control systems.

Just yesterday, I was chatting with one of my ongoing sources about technology trends for 2012. We weren’t specifically focused on green technology concerns, but one of the items weighing heavily on his mind was the revelation that smart-grid deployments are pointing up a serious security gap in the industrial systems to control things like water pumps or dams and other utility services.

The supervisory control and data acquisition systems, fondly referred to as SCADA devices, at most of the nation’s utility companies wasn’t built, frankly, with the Internet in mind. These systems were supposed to live in their own little world, so security wasn’t a big concern when many of these technologies were put into place.

The rise of the Stuxnet worm, which specifically focused on compromising SCADA technology, began waking up the world to the dangers of connecting these systems into the smart grid. Some of those vulnerabilities are mentioned on ZDNet’s Zero Day security blog. The issue of specific dangers was raised in recent weeks when an apparent breach occurred at an Illinois water utility. Apparently, the incident was a false alarm. At least that is what we are now being told, but it doesn’t make us any less vulnerable.

Now Pike Research is predicting a wave of security investments by utility companies specifically focused on industrial control systems. Between 2011 and 2018, more than $4.1 billion will be spent on related security projects, according to Pike Research’s report, “Industrial Control Systems Security.”

Notes Pike Research analyst Bob Lockhart:

“Many SCADA systems were deployed without security in the belief that SCADA would always be isolated from the Internet. But it’s not, and even when it is, attacks such as Stuxnet can circumvent the isolation by using memory sticks to spread.”

Lockhart warns that security means different things for the information technology and industrial controls world. Whereas the main foci of IT security solutions are concepts such as privacy or availability, SCADA security also needs to be concerned with reliability, safety and integrity, Lockhart said.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “GreenTech Pastures”

Topics

Security, Smart Grid, Heather Clancy, SCADA, Pike Research

Heather Clancy is an award-winning business journalist with a passion for green technology and corporate sustainability issues.

Disclosure

Heather Clancy

Writing publicly about what the high-tech industry is actually doing to help itself and the world get greener or more sustainable is one way I figure I can contribute more meaningfully to said effort. I am also a big OMG-kind-of-fan of smart leadership, which is why the goodly folks who publish this blog let me go on about this topic and why I am always on the hunt for forward-looking business management ideas.

My daily writing is focused on looking for topics for my blogs, GreenTech Pastures and Business Brains. I also write often about emerging technology trends such as mobile computing, unified communications and cloud computing. Occasionally, I will pop up at an industry conference in some sort of speaking capacity. In cases where a speaking engagement involves a sponsor that may be covered in this blog, that fact will be disclosed in coverage as appropriate.

My corporate writing work usually consists of crafting research white papers about some aspect of technology. In the event that my commentary (in written, audio or video form) mentions a company for which I have provided consulting advice, I will disclose that fact. However, there is no connection between these projects and the topics that I am covering in my blog.

Biography

Heather Clancy

Heather Clancy is an award-winning business journalist with a passion for green technology and corporate sustainability issues. Her articles have appeared in Entrepreneur, Fortune Small Business, The International Herald Tribune and The New York Times. In a past corporate life, Heather was editor of Computer Reseller News, where she was a featured speaker about everything from software as a service to IT security to mobile computing.

Heather started her journalism life as a business writer with United Press International in New York. She holds a B.A. in English literature from McGill University in Montreal, Quebec, and has a thing for Lewis Carroll.

4
Comments
Add Your Opinion

Join the conversation!

Just In

al Q'aeda, too
Robert Hahn 9th Dec
I'm talking about the kind that can defend infrastructure against the Chinese military's top cyber warriors. MCSEs are not gonna cut it.

We're not training anywhere near enough of these people. Just sayin'.
View in thread
0 Votes
+ -
Can't even hire 'em as consultants
Robert Hahn 9th Dec
How many truly competent and up-to-date security mavens are there? Does anyone believe there are enough to go around? After the military, the spooks, and the IT security consultants get done hiring theirs, what's left for the average water works or municipal traffic-control department... or their software suppliers?
0 Votes
+ -
RE: Utilities caught flat-footed in smart-grid security
smashandgrab 9th Dec
@Robert Hahn - It's much more lucrative for the individual to be a consultant. However, I see most consultants as paper MCSE's with a little personal computer experience. As for how many... Are we talking REAL TRAINED or self proclaimed?
0 Votes
+ -
al Q'aeda, too
Robert Hahn 9th Dec
I'm talking about the kind that can defend infrastructure against the Chinese military's top cyber warriors. MCSEs are not gonna cut it.

We're not training anywhere near enough of these people. Just sayin'.
0 Votes
+ -
Since no real humans
Stan57 9th Dec
Since no real humans do much manufacturing work anymore in the USA they cut back on security instead of cutting back on safety. Is that a real suprise to anyone? The ability to flip a switch at a municipal water treatment plant should never be able to be done over the Internet. Ever!

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix