Utility SCADA Systems Remain A Key Point Of Security Vulnerability In Smart Grid Deployments, According To Pike Research


BOULDER, Colo. ---- The discovery of the Stuxnet worm in 2010 shone a harsh light on the fragility of industrial control systems (ICS), such as supervisory control and data acquisition (SCADA) systems, and has created a new urgency among security vendors and utility managers alike. Nearly overnight, ICS security went from being a non-issue to being critical. Because of that rapid change, ramp-up time has been non-existent, with no time for an industry to consider what is needed and how to develop a manageable approach to security. At nearly the same time, the American Recovery and Reinvestment Act of 2009 created a gold rush mentality, with utilities and vendors submitting requests quickly in order to obtain some of the funding. Many of those requests simply stated a list of infrastructure components, without adequate consideration of cyber security requirements. As a result of these two developments, the utility industry now has a large installed base of smart grid components, but little idea how to secure them. No clear or shared vision exists of what to build.

According to a recent report from Pike Research, such risks to the electrical grid will require utilities to make major new investments in cyber security for ICS in the coming years. The cleantech market intelligence firm forecasts these investments will total $4.1 billion during the years between 2011 and 2018.

“Many SCADA systems were deployed without security in the belief that SCADA would always be isolated from the Internet,” says senior analyst Bob Lockhart. “But it’s not, and even when it is, attacks such as Stuxnet can circumvent the isolation by using USB memory sticks to spread. And SCADA security has different objectives than IT security. The familiar ‘confidentiality, integrity, and availability’ is replaced with ‘safety, reliability, and integrity.’ This is nearly impossible to accomplish with the infrastructure-only approach taken by most information security products.”

One of Stuxnet’s more noticeable effects was to cause nearly every security vendor to create an Energy Business Unit. Security vendors have taken one of three approaches to entering the smart grid market. A few security vendors have focused on ICS security since their founding. Some of the relative newcomers to ICS security have hired long-time energy industry veterans to run their energy business. Others have simply rebranded existing products as “smart grid ready” and sell based upon the widespread adoption of their products in IT environments.

Pike Research’s report, “Industrial Control Systems Security”, analyzes and forecasts the market for ICS Security for Smart Grids, with an in-depth assessment of the major risks facing smart grid ICS environments. Risks were identified through a combination of primary research and mapping the environments against key security baselines such as NIST Special Document 800-82, Guide to Industrial Control Systems Security, and ISO27002:2005, Information technology – Security techniques – Code of practice for information security management. An Executive Summary of the report is available for free download on the firm’s website.

Pike Research is a market research and consulting firm that provides in-depth analysis of global clean technology markets. The company’s research methodology combines supply-side industry analysis, end-user primary research and demand assessment, and deep examination of technology trends to provide a comprehensive view of the Smart Energy, Smart Grid, Smart Transportation, Smart Industry, and Smart Buildings sectors.

Related Downloads

The ViewTrainer

The ViewTrainer 8.9

Human-Machine-Interfaces and SCADA (Supervisory Control and Data Acquisition) systems are becoming more important than ever in the world of industrial controls. The ViewTrainer provides you with the knowledge to begin building complex systems....


IOServer 1.0

This software allows OPC clients such as HMI (Human Machine Interface) and SCADA (Supervisory Control and Data Acquisition) systems to exchange plant floor data with PLC (Programmable Logic Controllers). Supports TCP/IP, UDP/IP or Serial (Direct,...

Scada for Fab

Scada for Fab 3.0

SCADA System is the System for Supervisor Control and Data Acquisition. It can collect digital and analog of the fields, carry out live or remote real-time control over the fields controlled by the FABs and provide with necessary resource management...


AggreGate SCADA/HMI 4.50.04

AggreGate SCADA/HMI is a system for visualizing and operating processes, production flows, machines and plants. It is a highly reliable multi-user distributed solution that provides supervisory control and monitoring for many sectors, such as Process...

ABB SCADAvantage 5.2

ABB’s SCADA solutions for Oil and Gas automation are flexible and comprehensive. Our solutions include integration of

* SCADA host systems, Remote Terminal Units and Flow Computers, Chromatographs, Instrumentation

CliMon (III) 2.0

Diagnose and control software for air conditioning control systems from passenger coaches equiped with SATREC-MMA21 control unit.

For the microprocessor control units developed, it is necessary to have a diagnose and control software to...

VID 1.152

VID stands for "Virtual Instrument Desktop" alternatively "VID", the Sanskrit root of Vidya, meaning "to know". The VID software allows low cost industry standard Modbus or NetCommander hardware to be used in distributed control and monitoring...


CitectSCADA 7.2

CitectSCADA is an industrial control system: computer software that monitors and controls a process. This process can be industrial, infrastructure or facility-based.

Its primary function is to collect information (data) and provide an...

OpenControl Client 1.0

OpenControl is specialized software designed for Industrial Automation to provide real-time visualization to the Executives, Management, Operators and Maintenance Staff.

OpenControl is state-of-the-art HMI/SCADA software developed by...

Serial Monitor Protocol Analyzer

Serial Monitor Protocol Analyzer

Software serial port monitor Rs232 sniffer with protocol analyzer and packet data logger. This monitoring utility can spy, capture, view, log, analyze, test com ports activity performing com port connection and traffic analysis with data acquisition...