Cyber Attack! - Lessons Learned: Aurora Attack

Deck: 

Test gets major media hype, but SCADA vulnerabilities remain

Fortnightly Magazine - January 2008
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

An electric generation turbine spins wildly out of control and ceases production in a smoking mess, all because of a computer hacker. Fact or fiction?

A video was leaked to the press in late September 2007 showing exactly that scene. The video was produced for the U.S. Department of Homeland Security (DHS) by the Idaho National Laboratory and shows what happened when a generator was remotely taken over by computer hackers.

But does the video disclose a serious threat to the U.S. electric grid, or it something more banal?

The simulated attack, named the Aurora Generator Test, took place in March 2007 by researchers investigating supervisory control and data acquisition (SCADA) system vulnerabilities at utility companies. The experiment involved hackers invading the plant’s control system to change the operating cycle of the generator.

DHS officials then quietly worked with the industry to fix the undisclosed vulnerability. Some security experts argue the test proves what can go wrong on a larger scale if simultaneous attacks are launched on power plants, shutting down larger portions of the grid. Other experts suggest that the test, while appearing dramatic on video, doesn’t really mean much.

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.