Vulnerability Assessment and Performance of the Supervisory Controlled and Data Acquisition System at Kenya Electricity Generating Company Limited, Kenya

Abstract

SCADA is an acronym of Supervisory Control and Data Acquisition System. This system is used in various industries for example utility companies, water,oil and Electricity utilities. Kenya Electricity Generating Company Limited, KenGen is the leading electric power generation company in Kenya, producing about 80 percent of electricity consumed in the country. The company utilizes various sources to generate electricity ranging from hydro, geothermal, thermal and wind. Vulnerability Assessment is a process that defines, identifies, and classifies the security holes in a computer, network, or communications infrastructure. Vulnerability analysis forecasts the effectiveness of proposed countermeasures and evaluates effectiveness after they are put into use. The study was carried out in five areas namely Eastern Hydro, Western Hydro, Kipevu, Olkaria and Central Operations where SCADA systems have been installed. The objectives of the study were to determine the extent to which the SCADA system is vulnerable, establish the challenges of performing a vulnerability assessment on the SCADA system and to determine the link between vulnerability assessment and performance of the SCADA system. The design of the Research was descriptive correlation survey. We had 50 successful respondents out of a sample size of 55.A structured questionnaire was used to collect data from Key SCADA users distributed in various KenGen areas who were selected using stratified random sampling technique. Collected data was analyzed using descriptive statistics by means of the statistical package for social sciences (SPSS). The data analysis was in form of frequency and percentages to determine the relationship of the variables. From the study 45% of the respondents were in the age bracket of between 30-39 years who have more IT Skills to detect vulnerability of the SCADA system. The study also found out training on SCADA system in KenGen was very low, KenGen implements adequate security policies for SCADA Systems but does not conduct adequate periodic audits on the SCADA security enforcement policy. The study recommends that the KenGen needs to be conducting adequate periodic audits on the security enforcement policy. Pearson correlation analysis was used to study the relationships between the variables. Independent t-tests (2-tailed) and ANOVA test were used to determine the level of significance. According to the results of the study, there is a strong relationship between Vulnerability assessment and Organizational performance. The study further recommends that employees be trained on the importance SCADA security and how it can affect the competitiveness of the KenGen. The limitations of the study were; the sampled respondents were drawn from some selected sections KenGen staff and the study was only focused KenGen that uses SCADA system. This study recommends further research on the contents and comprehensiveness of SCADA Vulnerability assessment and performance can be done to other related parastatals in Kenya using SCADA systems