Aurora is real and has caused damage

Dec. 4, 2016

In preparation for a new book, I was able to find information about an actual Aurora event. The event affected a non-utility facility (no generator involved) where it experienced multiple Aurora events over a multi-day span resulting in damage to motors.

I have written frequently about the Aurora vulnerability. In preparation for a new book, I was able to find information about an actual Aurora event. The event affected a non-utility facility (no generator involved) where it experienced multiple Aurora events over a multi-day span. The events originated from the utility which was outside the facility’s control (Aurora can affect nuclear plants, refineries, water facilities, pipelines, hospitals, data centers, and other critical facilities who “are at the mercy” of the utility for Aurora mitigation). The Aurora events damaged motors with one of the motors out of operation for weeks. If the motors would have been large industrial motors such as those used in power plants, refineries, mining, etc., the motors could have taken many months to repair or replace. The controller logs showed no breaker operation though the mechanical counter showed breaker operation. (This is similar to what occurred with the March 2007 INL test. The SCADA operator saw no impact until the generator coupling broke and the generator was isolated from the grid despite the fact the generator was being physically damaged without being seen. The lack of adequate forensics can impact predictive maintenance programs and confidence in remaining life estimates for critical equipment.). Finally, existing protection failed to prevent the damage. (The 2007 INL generator test, a small scale motor test at INL, and a small scale DOD Aurora test facility have all validated that existing relay protection will not prevent an Aurora event from occurring with its potential resulting damage.) This is the gap in protection of the electric grid affecting all electric substations independent of protective relay vendor. Additionally, I am aware of at least one international facility with significant damage that appears to be Aurora-related.

The demonstration of hacking a protective relay used for Aurora mitigation at the October 2016 ICS Cyber Security Conference showed how an Aurora mitigation device could be used as the Aurora initiation device www.controlglobal.com/unfettered. The 2015 Ukrainian cyber attack and the hacking demonstration should be a wake-up call to address the Aurora vulnerability.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.