NERC Requires Aurora Compliance by All Registered Entities
If you run SCADA/EMS data exchange networks and are located 1 substation away from a generation plant then the Aurora vulnerability should be on your mind considering the latest NERC Alert. The CIP Standards will not help you out of this vulnerability; neither will “normal” protection schemes. Idaho National Laboratory (INL) blew past those in seconds with time to spare, just like a well trained adversary will (see video below). Since that time, there are many small and midsized entities that are vulnerable as vectors to allow an adversary the ability to reproduce this catastrophic physical failure on a grand scale.
The vulnerability in a nutshell is that by physical or cyber means an adversary gains access to the breakers up to three substations out from a generator and ‘bangs’ it out of phase. By how much out of phase is still something of a mystery to many who are not protection systems engineers or generator folks. Suffice it so say that they are very aware of the worst case scenario of phase alignment problems. Aurora creates this in a split second. One second your generator is humming happily and then next it has broken couplings and a mangled shaft. It leaves you scratching your head and putting out fires.
There is hope and now a reason to get this problem fixed. The first step in doing this is to create an inventory, the second is getting your best protection people, cyber folks and substation folks together to see what ingress point you have to your substations. Next is cutting off the “pipe”. If you are running modem access to your RTU’s you need to stop it. This is not good business practice unless you have encryption and password protection. Also of note are the engineering access points. If you have the access points set up on a VPN, you might have allowed split tunneling which is not a good idea. Last but not least is that entities need to start talking amongst themselves.
If you are a registered entity then you should be talking to whoever owns the next substation out from your onsite substation to see what they are doing to protect your assets. This affects most registered entities to some extent.
In order to comply with the NERC requirement you will have to create a mitigation plan and continue reporting to NERC every 6 months until you have mitigated this issue.
A complimentary Webinar “NERC AURORA Compliance: Are you Ready?” will take place on November 11, 2010. You can register here.