There are many sensors to monitor the security of IT systems. Vulnerability scanners can find
and track vulnerabilities. Anti-virus can detect malware on laptops or servers. Network intrusion
detection systems can detect attacks over the network.
But these sensors do not work well for Operation Technology (OT) systems, such as SCADA
systems. Vulnerability scanners can cause devices in substations to crash or misbehave. There
is no anti-virus for specialized devices such as RTUs or protection relays. And network intrusion
detection systems cannot understand OT communication protocols. So, until recently, grid
operators could not monitor the security of OT systems.To solve this problem new sensors have
been developed for OT systems. But what can these sensors detect?