At the recent ICS Cyber Security Conference we had the first public discussions of Aurora. Aurora is a gap in protection of the electric grid. Aurora is starting Alternating Current (AC) equipment (generators, motors, etc) out-of-phase imposing a large torque which can cause significant loss of equipment life or damage. One way Aurora can be caused is by remotely manipulating relay configuration settings. Michael Toecker recently wrote a very interesting blog about the cyber vulnerability of digital protective relays (www.digitalbond.com). Michael stated: "...The protective relay technician's laptop is infected by two pieces of malware, "Malware Protection Designed to Protect" and "Windows XP Recovery". These are fake Anti-Virus and Backup programs respectively, and infect users via either drive by download or by the user actually downloading and installing the software. That's right, if this post is a representative sample, the cyber security and reliability of the electric power grid could be in the hands of the normal computer user who will click on and install just about anything..."
There are a number of major danger signals here:
- Protective relays are not as secure as NERC or others would have you believe.
- Protective relays are not just used in electric substations but also protect large electric equipment in many industries.
- The electric industry appears to still be in denial that Aurora is real. Following the ICS Cyber Security Conference, one of the utilities that had attended arranged for a phone call with his substation colleagues. This particular utility uses GE protective relays. To date, there are only two protective relay manufacturers that offer a relay with the Aurora fix. GE is not one of those vendors. The utility said that since GE has not included Aurora mitigation it must not be a problem for them. "Don't call me, I'll call you".
- Other industries appear to be uninformed as many feel it is an electric industry problem that does not affect them.
What will it take for people to wake up?