As with any investment, resiliency upgrades can reach a point of diminishing returns. Analyzing the costs and benefits can help guide upgrade strategies.
Cyber Attack! - Lessons Learned: Aurora Attack
Test gets major media hype, but SCADA vulnerabilities remain
An electric generation turbine spins wildly out of control and ceases production in a smoking mess, all because of a computer hacker. Fact or fiction?
A video was leaked to the press in late September 2007 showing exactly that scene. The video was produced for the U.S. Department of Homeland Security (DHS) by the Idaho National Laboratory and shows what happened when a generator was remotely taken over by computer hackers.
But does the video disclose a serious threat to the U.S. electric grid, or it something more banal?
The simulated attack, named the Aurora Generator Test, took place in March 2007 by researchers investigating supervisory control and data acquisition (SCADA) system vulnerabilities at utility companies. The experiment involved hackers invading the plant’s control system to change the operating cycle of the generator.
DHS officials then quietly worked with the industry to fix the undisclosed vulnerability. Some security experts argue the test proves what can go wrong on a larger scale if simultaneous attacks are launched on power plants, shutting down larger portions of the grid. Other experts suggest that the test, while appearing dramatic on video, doesn’t really mean much.
“Sometimes specific tests like this focus attention on one narrow little thing, because it’s easy [to fix], instead of focusing attention and funds on the general problem,” says Erich Gunther, CTO and principal consultant at EnerNex Corp. “It isn’t as sexy as watching something blow up, but I’d prefer that we pay attention to having an overall security policy with layers of defense.”
Utilities use two primary types of control systems — distributed control systems typically within a single generating plant, and SCADA systems for large, geographically disbursed operations. SCADA systems are perceived as having vulnerabilities that make them susceptible to cyber attacks, especially because of increased connectivity of control systems to other systems and the Internet.
As the Aurora test demonstrated, SCADA systems are vulnerable because they were developed in a time when security was not as important as it is today. “SCADA was not designed to deal with the modern-day security issues we come across,” says Cheryl Traverse, president and CEO of Xceedium, a control-systems security vendor. “It’s a very insecure protocol.”
One reason for the potential vulnerability is that most SCADA devices weren’t designed for easy upgrades if software vulnerabilities are found after the equipment was crated and shipped. “That’s going to have to change in the industry, especially as we find ways to make them more accessible to more people within an organization,” Gunther says.
In the meantime, improving the security of installed SCADA systems can require significant hands-on attention.
“SCADA systems classically are deployed over very long lifetimes,” says Darren Highfill, utility communications security architect at EnerNex. “You have to be careful how you deploy patches to make sure you don’t inadvertently break one thing when you are trying to fix another.”
Part of the problem is that many utilities’ SCADA equipment