Search Archives
Why New Daedalus?

Daedalus was the mythical great architect and artificer of the classical world. Today, embedded intelligence is enabling the most profound changes in the way we create and use buildings since his day.

Building Intelligence meets the Intelligent Building. The Intelligent Building negotiates with the Intelligent Grid. How will this transform how we interact with the physical world?

More on the Web
Powered by Squarespace
« Cyborg Beetles, Cyber-security, Smart Buildings, and the Smart Grid | Cargo Cult Energy »

Cyber Security for the Grid

SCADA security, often called cyber-security when talking of the smart grid, is one of the areas where not only the answers are difficult, but often selecting the right questions is difficult. Supervisory Control And Data Acquisition (SCADA) refers to the on-line, computer-based monitoring and control of process from a central site. SCADA, which puts little intelligence into the distributed points, is still the primary model used for utility distribution systems, including the telemetry and operation of today’s dumb grid.

The SCADA model of systems architecture was appropriate when we were building monolithic systems using the very expensive minicomputer and networking was in its infancy. This led to the then obvious decision that the system has exactly one controller. Two systems sharing data was an unacceptable hindrance and bottleneck on process control. Large monolithic systems are expensive to install, expensive to update, impossible to partially upgrade, and do not imagine a need for inter-component security, any more than I imagine security between my arm and my leg. Every integration between two systems was detail oriented and required exposure of every detail, no matter how unimportant.

Distributed inexpensive systems are the rule today. Systems with full security and mutual authentication between every node are still orders of magnitude faster and cheaper than the old systems. Communications are orders of magnitude faster. Almost all of the constraints about how things needed to be done are now no longer true.

For too many control systems, the old models still apply. I spend a lot of time in the somewhat less critical building systems space. Nearly every vendor in that area prices an enterprise controller so that we will buy only one, and that one talks to all. Integrations are excruciatingly slow. The vendor, knowing he will only sell a few of these, prices them accordingly.

Before we built our Enterprise Building Management System (EBMS), we had multiple conversations with BAS vendors about installing multiple enterprise controllers rather than one. The incremental cost of the bits would have cost them nothing. I understand their need to get, say, a quarter million dollars per site. I just wanted my site to consist of 20 peers rather than a single master. They believe that 20 peers should cost 20 times a single system for the site. This was a marketing decision, not a technical decision, and it was a bad one.

We went to a distributed approach for EBMS (just search the archives), something that looks nothing like the approaches of SCADA. I can now upgrade parts of the infrastructure by replacing a single autonomous system agent in a single location. The deep intimacy that old integrations required is gone, and the reliability and resilience of the system is improved. This means it is possible for me to roll out incremental security fixes, or even system agents from a different platform, without spending years and re-training all.

I’ve heard a lot of scary, scary things when discussing SCADA. "Our system is so large and complex you may not comment on it until you have studied it for years" (So your system would fail if key plant engineers got hit by a bus going to a birthday lunch. That is yet another security problem). "Our system is so exceptional that it cannot share account management with the corporate HR systems." (So the business process to turn off remote access to these systems is too convoluted to occur in a timely manner). Recently, I have listened as SCADA engineers have railed against security researchers who expose security holes. "Our system is so unwieldy that we cannot respond to identified security holes in a timely manner." This attitude is dangerous for smart buildings and for the smart grid.

Security is about being able to do the right thing at the right time when requested by the right person. Denying access is just the most trivial part of that. Security is knowing whether to trust inputs received from others. Security is self detection of configuration changes, i.e., awareness of system integrity. Until smart buildings and the smart grid come to this fuller awareness of security, they will be too immature to interact.

PrintView Printer Friendly Version

Reader Comments (1)

Thanks for the overview of SCADA alternatives. I've got a board meeting on Thursday where I need to frame your argument for a better architecture in economic terms. You site the archives....

Other readers wanting to drill down into your case study can check the ebms category in the archives at

Then the First Steps article at

So this is another good reason for collecting your categories and redevining them as Chapters and Chapter Segments for that Book you are writing....

March 31, 2009 | Unregistered CommenterBob

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>