Aurora is real and still not being addressed

April 27, 2009

Much has been written about the Aurora test performed by INL and shown on CNN. The fact that the test report is still not public has only caused further confusion.

"

Much has been written about the Aurora test performed by INL and shown on CNN. The fact that the test report is still not public has only caused further confusion.

INL and other national lab cyber researchers have hacked both equipment vendor and user cyber systems at will.  However, people had been reticent to believe that cyber attacks could actually damage equipment. The purpose of the test was to demonstrate that a cyber attack could physically damage rotating equipment. It doesn’t matter if it is a diesel generator, turbine, compressor, windmill, pump, etc. Therefore, this applies to all industries including the Smart Grid. It is hard to believe, but people still deny that damage is possible even after the test.

A group of industry experts developed the Aurora test plan and installed the machine as it would have been in the real world. The same experts validated the test results. Following the demonstration, NERC issued an Advisory on Aurora. However, as an Advisory, they were only recommendations not requirements. Moreover, the recommendations were tied back to CIP-002. Unfortunately, the electric industry is using the loopholes exposed by Mike Assante’s April 7th letter to continue to ignore Aurora. Given that very few utilities have addressed Aurora to this day, regulations are needed post haste.

Without going into the specific details of the test, the generator was a 3.8 MVA machine de-rated by the manufacturer to 2.8 MVA for severe duty, driven by a 5000 Hp diesel engine, operating at 1800 rpm.  The INL test was conducted from the generator breaker only to protect other equipment on the INL grid.  An attacker would not be under this constraint. Other remote breaker locations would have been just as effective. (This was not an Internet-based attack.) The smoke seen in the video was when the coupling was DESTROYED as the diesel engine seized from internal mechanical damage.  The entire unit was scraped at the end of the test.  INL researchers believe that a large steam unit would be even more likely to be damaged from such an event.  Mechanical design margins are much narrower for large turbines, generators, and transformers than for marine diesel units.

We will have discussions concerning Aurora and other cyber events that can, and have, damaged equipment at the October Control System Cyber Security Conference.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.