In this paper, the security issue in the state estimation problem is investigated for networked control systems. The communication channels between the sensors and the remote estimator are vulnerable to attacks from malicious adversaries. The false data injection attacks (FDIAs) are considered. We aim to find the so-called insecurity conditions under which the estimation system is insecure in the sense that there exist FDIAs that can bypass the anomaly detector but still lead to unbounded estimation errors. In particular, a new necessary and sufficient condition for the insecurity is derived in the case that all communication channels are compromised by the adversary. Furthermore, a specific algorithm is proposed for generating attacks with which the estimation system is insecure. Moreover, for the insecure system, we propose a system protection scheme through which only a few (rather than all) communication channels require protection against FDIAs. A simulation example is utilized to demonstrate the usefulness of the proposed conditions/algorithms in the secure estimation problem for a flight vehicle.