SCADA vs. the Hackers

This article focuses on United States’ power grid vulnerability to cyber attack. None of the industrial control systems used to monitor and operate the nation's utilities and factories were designed with security in mind. Moreover, their very nature makes them difficult to secure. Linking them to networks and the public Internet only makes them harder to protect. The Internet made it easy. Instead of installing expensive private telecommunications links, companies let the Internet carry SCADA messages. Encryption may prevent a remote attack on data, but also may leave utilities vulnerable to attacks over corporate networks that are often linked to facilities. Someone on the inside may be able to unscramble encrypted data. Similarly, drive-by hackers will still be able to take advantage of security flaws in a wireless system to sneak into a plant network behind any encryption device. Stronger IT policies and encryption are good first steps. But the US power grid—and the entire nation’s utility and industrial infrastructure—remain vulnerable to cyberattack from terrorists and angry employees.