The Aurora Project: An Epiphany on HackingThe following is sourced from a December 19, 2014 article in Defense One:
On July 3, 2014, DHS mistakenly released more than 800 pages of classified documents related to the Aurora Project, a 2007 research effort led by DoE’s Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems. Classified? Oops.
The Aurora Project exposed a vulnerability common to many electrical generators, water pumps and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down. Read more here.
This CBS 60 Minutes report (2 parts) is titled Cyber War: Sabotaging the System:
Below is the 2nd part of the report which includes a clip from the 2007 Aurora Project at DoE’s Idaho National Laboratory where a power generator self-distructs from a computer virus. The following video will be an epiphany for many viewers and is a must-see resource.
On September 26, 2007, CNN reported on the 2007 Aurora Project in an article with an agreement with the DHS not too divulge certain details.
On November 20, 2011, Congressman Langevin (D-RI) spoke on MSNBC regarding two cyberattacks on water treatment facilities, one in Springfield, IL and the other in Milford, NJ. The incident in Springfield was the first confirmed case of a cyberattack on a basic U.S. utility and may have been a “dry run” for a larger attack. Congressman Langevin also discussed the 2007 Aurora Project by DoE’s Idaho National Laboratory.
Computer Hacking: No Longer Child’s PlayCBS 60 Minutes published this report on March 4, 2012 titled Stuxnet: Computer Worm Opens New Era of Warfare.
The evident success of the Stuxnet computer virus in damaging an Iranian nuclear facility has U.S. officials asking if our own infrastructure is safe. Steve Kroft, in the above CBS 60 Minutes report, discusses the discovery of the how the Stuxnet computer virus works and how it can be reversed engineered and deployed on other industry facilities and critical infrastructures. The implications and applications of Stuxnet and similar computer viruses are chilling.
In the following one hour presentation, Ralph Langer, who first began unraveling the Stuxnet virus, speaks in detail about its distructive capabilities.
For technical professionals needing more in-depth information, this 2013 Black Hat presentation demonstrates how a computer virus can command a system to self-destruct its own physical assets.
Destruction for Those Off Guard
The good news regarding cyberattacks is that the potentially deadly and destructive effects of a successfully deployed computer virus can be mitigated by an ALL HAZARDS approach to grid security. Known and proven hardware exists to harden our electric grid and improve grid resiliency.