Cyber attack exercise reveals power-grid vulnerability
A staged cyber attack on a power plant causes generator to self-destruct; experts fear that bigger, coordinated attacks could inflict widespread damage to U.S. electric infrastructure which may take months to fix; economic price tag price tag may reach $700 billion
Researchers launched an experimental cyber attack and caused a generator to self-destruct. The federal government and electrical industry are alarmed about what might happen if such an attack were carried out on a larger scale by terrorists. CNN reports that sources familiar with the experiment said the same attack scenario could be used against huge generators which produce the country’s electric power. Security experts fear that bigger, coordinated attacks could cause widespread damage to electric infrastructure which may well take months to fix. CNN adds that it was honoring a request from DHS not to divulge certain details about the experiment, dubbed “Aurora,” and conducted in March at the Department of Energy’s (DOE) Idaho lab. DHS acknowledged the experiment involved controlled hacking into a replica of a power plant’s control system, and sources familiar with the test said researchers changed the operating cycle of the generator, sending it out of control. The White House was briefed on the experiment, and DHS officials said they have since been working with the electric industry to devise a way to thwart such an attack. “I can’t say it [the vulnerability] has been eliminated. But I can say a lot of risk has been taken off the table,” said Robert Jamison, acting undersecretary of DHS’s National Protection and Programs Directorate.
Government sources said changes are being made to both computer software and physical hardware to protect power generating equipment. the Nuclear Regulatory Commission (NRC) said it is conducting inspections to ensure all nuclear plants have made the fix. Industry experts also said the experiment shows large electric systems are vulnerable in ways not previously demonstrated. “What people had assumed in the past is the worst thing you can do is shut things down. And that’s not necessarily the case. A lot of times the worst thing you can do, for example, is open a valve — have bad things spew out of a valve,” said Joe Weiss of Applied Control Solutions. “The point is, it allows you to take control of these very large, very critical pieces of equipment and you can have them do what you want them to do,” he said.
Here something else to worry about: What adds to the vulnerability of control systems is the fact that many of them are manufactured and used overseas. Persons at manufacturing plants overseas have access to control system schematics and even software
