AURORA and Its Effectives on Cybersecurity: Too Early to Pass Final Judgment
Since the original AURORA test bed at Idaho Labs in 2007 much has been said about the merits of the test conducted and many conjectures concerning its validity have been made. It is important to remember that AURORA is not an isolated case that exists outside the cybersecurity framework. To the contrary it is an integral part of the cybersecurity framework that is being discussed within the industry and government.
Many arguments were made about the setup of the test bed as to whether it represented a real world scenario. Many of these questions were a result of a reaction to limited amounts of information available concerning the test bed and the test itself. The limited amount of information caused many engineers and technicians to fill in the blanks based on their experience and perspective of the matter. So what is the truth?
Two utilities are currently conducting AURORA test beds within real world systems to determine the effects of AURORA. In these test beds data is being gathered that will provide greater insight into the effect of AURORA and its effect on system operations, system reliability and system security. Where there is some fairness to the comments concerning the original lab test bed, these tests being conducted will shed a brighter and more informative light on AURORA's effects.
AURORA is a part of the cybersecurity considerations that need to be considered by companies. It is important for us to remember that if we dismiss valid potential threats simply because we believe that it will not happen then we create and provide the weapon of our own demise to our enemies. Let us never forget 9/11 which we thought would never happen.
-- Mike Swearingen