Control Engineering

Peter Welander

Old SCADA systems unsecurable?
December 17, 2007

A recent article in Network World says that electrical utilities are going to have to start shelling out big bucks to replace old SCADA systems that are effectively unsecurable against cyber attack.

Quoting the article: "But because many SCADA systems in place today to control the bulk-power grid may not be readily adapted for cyber security protection, IT managers at energy companies say they face the prospect of a wholesale replacement of their SCADA systems to meet regulatory goals.

"'There are SCADA systems out there for forty or fifty years and they’re running fine,' says Patrick Miller, chair of the electric-utility user group called Energy Security Northwest, whose membership hails from 20 utilities. The energy companies across the country, he says, expect the upcoming FERC decision to influence whether they will need to wholly replace SCADA systems to meet new security regulations."

Given that the control systems running process plants also tend to be old (Hopefully there aren't too many that are 40 or 50 years!) I did some research a while back on the topic of securing old DCSs and even asked some wise people if cyber security issues would force companies to phase out old platforms. One of the most interesting discussions was with some engineers from Idaho National Labs, which became the basis for an article and I managed to turn it into a podcast. They explain it much more elegantly, but the bottom line is that just about anything can be secured, although the task may not be easy. Nonetheless, it will likely be less painful and expensive than putting in a whole new control system.

Electric utilities, on the other hand, will likely find that they have no choice. Regulators may force them to make some difficult and expensive choices. There's much at stake, and the answer will ultimately find its way to your electric bill.

Posted by Peter Welander on December 17, 2007 | Comments (0)