Test gets major media hype, but SCADA vulnerabilities remain
Lori Burkhart is managing editor of Public Utilities Fortnightly.
An electric generation turbine spins wildly out of control and ceases production in a smoking mess, all because of a computer hacker. Fact or fiction?
A video was leaked to the press in late September 2007 showing exactly that scene. The video was produced for the U.S. Department of Homeland Security (DHS) by the Idaho National Laboratory and shows what happened when a generator was remotely taken over by computer hackers.
But does the video disclose a serious threat to the U.S. electric grid, or it something more banal?
The simulated attack, named the Aurora Generator Test, took place in March 2007 by researchers investigating supervisory control and data acquisition (SCADA) system vulnerabilities at utility companies. The experiment involved hackers invading the plant’s control system to change the operating cycle of the generator.
DHS officials then quietly worked with the industry to fix the undisclosed vulnerability. Some security experts argue the test proves what can go wrong on a larger scale if simultaneous attacks are launched on power plants, shutting down larger portions of the grid. Other experts suggest that the test, while appearing dramatic on video, doesn’t really mean much.