The electric grid is an engineering marvel that has been described as one of man’s greatest inventions. The grid requires understanding of the physics of the process which is why there is little question that engineers should be involved. The grid engineers are involved, except in many cases, for electric grid cyber security.
The Aurora vulnerability, restarting Alternating Current (AC) rotating equipment out-of-phase with the grid, is a well-known protective relay and grid synchronization issue (https://www.powermag.com/what-you-need-to-know-and-dont-about-the-aurora-vulnerability/). When AC rotating equipment and transformers are restarted out-of-phase with the grid, large torques and currents are generated resulting in equipment damage or failure. As a result of major grid equipment failures, IEEE has had a committee on out-of-phase conditions for many years. What is new for the IEEE committee with Aurora is the use of remote connectivity to open and reclose the breakers which is what makes Aurora a cyber vulnerability. Aurora is one approach to bring the grid down for 9-18 MONTHS. The March 2007 Idaho National Laboratory (INL) Aurora test demonstrated that large torque and current spikes occur before conventional relays, including synchronization check relays, can operate. This is the gap in protection of the electric grid. Several years ago, DOD ran a small scale test that validated the physics of the Aurora vulnerability demonstrated in the INL test.
February 4, 2019, I wrote a blog - https://www.controlglobal.com/blogs/unfettered/physics-issues-such-as-aurora-are-not-understood-by-many-ics-cyber-security-experts-this-can-be-an-existential-miss. Considering the current focus on grid cyber security, one may have expected Aurora to be a popular item of discussion at electric grid and ICS cyber security meetings/conferences. There were numerous discussions about the NERC CIPs and network anomaly detection at the recent S4 Cyber Security Conference, Distributech, and the Protect Our Power sessions at Distributech. Yet, despite the June 2014 DHS declassified Aurora information and the 2015/2016 Ukrainian grid cyber attacks which were the precursors to Aurora (remotely opening the breakers), there were no discussions on Aurora.
It has been almost 12 years since the INL test and resulting CNN tape yet almost all of the people I have talked to about Aurora were unaware of the actual details of Aurora, what equipment Aurora can affect, and the validity of the INL test. As best as I can tell, the only Conference where Aurora was discussed was the ICS Cyber Security Conference (while I was still involved) and the details were new to almost all of the attendees. Recently a colleague was doing training at a utility where two of the lead utility engineers said Aurora was “staged propaganda and not a real threat”. Why would those engineers be so uninformed about Aurora 12 years after the INL test?
I had conversations with the retired engineering managers from the ONLY TWO utilities that worked with DOD on installing and monitoring of the Aurora hardware mitigation devices. When I told them about the push back from industry on Aurora, they were dumbfounded and depressed. I have seen almost no discussions of Aurora in the various government and industry reports on electric grid reliability including the recent National Infrastructure Advisory Council (NIAC) report – https://www.controlglobal.com/blogs/unfettered/the-2018-niac-report-does-not-address-its-own-recommendations/ . Why is the Aurora vulnerability continuing to be shunned by the electric industry? Where is the appropriate education about Aurora for the appropriate government and industry decision makers, grid engineers, and cyber security personnel?
Joe Weiss
