Lessons learned from Aurora

Aug. 29, 2012
On the SCADSec blog site, Ed Beroset stated the following: I've attended a number of security conferences at which speakers would gravely intone that "we have not yet learned the lessons of Aurora." When I've probed a bit deeper, I've found that there is a very wide range of interpretations as to what those might be. My questions for this group are: 1) what is "the lesson of Aurora"? and 2) what has been done about it? and 3) what's left to do?

In response to Ed, there are a number of lessons-learned specifically from Aurora:

On the SCADSec blog site, Ed Beroset stated the following: I've attended a number of security conferences at which speakers would gravely intone that "we have not yet learned the lessons of Aurora." When I've probed a bit deeper, I've found that there is a very wide range of interpretations as to what those might be. My questions for this group are: 1) what is "the lesson of Aurora"? and 2) what has been done about it? and 3) what's left to do?

In response to Ed, there are a number of lessons-learned specifically from Aurora:
1) Make sure we are on the same page. There are two distinct "cyber Aurora" attacks. Google Aurora and the INL Aurora that destroyed the diesel generator. My focus is on the INL Aurora.
2) Understand the problem. Aurora is a physical gap in protection of the electric grid- it is physics and not a network problem. As it is physics, it requires a hardware solution.
3) Determine if the people making claims are experts. There were a very limited number of people that attended the INL test. In 2007, DHS briefed end-users in a closed session. Since Aurora is still FOUO that means there are a limited number of people who can be expected to understand the issue.
4) Get the right people involved. Aurora affects protective relays not cyber networks. Because the INL test was identified as cyber, the protective relay experts were generally excluded.
5) Don't obfuscate a problem to confuse the attackers. DHS made a decision early on to make Aurora For Official Use Only (FOUO) which made the technical information generally unavailable to people who did not have appropriate access to such information. The only public information was the CNN tape which was somewhat misleading. Consequently, the attackers may have been confused but the end-users certainly were. Moreover, there was significant confusion as to what really was done in the Aurora test at INL and the rumor mill worked overtime. Unfortunately, much of what is in the public domain is incomplete, misleading or incorrect. This is why we will have the first public session on the Aurora test at INL at the October ICS Conference (www.icscybersecurityconference.com) by some of the people who were actually involved in the test.
6) Don't politicize a technical problem. Somehow Aurora has managed to fall into a political morass involving DOE, DHS, NERC, industry lobbyists, etc. This is a real problem with a real solution - let's refocus the effort on understanding the problem and get on with implementing the solution!
Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...