Aurora is real and still not being addressed

April 27, 2009

Much has been written about the Aurora test performed by INL and shown on CNN. The fact that the test report is still not public has only caused further confusion.


Much has been written about the Aurora test performed by INL and shown on CNN. The fact that the test report is still not public has only caused further confusion.

INL and other national lab cyber researchers have hacked both equipment vendor and user cyber systems at will.  However, people had been reticent to believe that cyber attacks could actually damage equipment. The purpose of the test was to demonstrate that a cyber attack could physically damage rotating equipment. It doesn’t matter if it is a diesel generator, turbine, compressor, windmill, pump, etc. Therefore, this applies to all industries including the Smart Grid. It is hard to believe, but people still deny that damage is possible even after the test.

A group of industry experts developed the Aurora test plan and installed the machine as it would have been in the real world. The same experts validated the test results. Following the demonstration, NERC issued an Advisory on Aurora. However, as an Advisory, they were only recommendations not requirements. Moreover, the recommendations were tied back to CIP-002. Unfortunately, the electric industry is using the loopholes exposed by Mike Assante’s April 7th letter to continue to ignore Aurora. Given that very few utilities have addressed Aurora to this day, regulations are needed post haste.

Without going into the specific details of the test, the generator was a 3.8 MVA machine de-rated by the manufacturer to 2.8 MVA for severe duty, driven by a 5000 Hp diesel engine, operating at 1800 rpm.  The INL test was conducted from the generator breaker only to protect other equipment on the INL grid.  An attacker would not be under this constraint. Other remote breaker locations would have been just as effective. (This was not an Internet-based attack.) The smoke seen in the video was when the coupling was DESTROYED as the diesel engine seized from internal mechanical damage.  The entire unit was scraped at the end of the test.  INL researchers believe that a large steam unit would be even more likely to be damaged from such an event.  Mechanical design margins are much narrower for large turbines, generators, and transformers than for marine diesel units.

We will have discussions concerning Aurora and other cyber events that can, and have, damaged equipment at the October Control System Cyber Security Conference.

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.