Skip to main content
close search
site logo
Dive Brief

DHS data dump could enhance cybersecurity risk for utilities

Published Jan. 5, 2015
Robert Walton's headshot
Senior Reporter

Dive Brief:

  • A generator vulnerability first identified years ago remains a threat, and the accidental release of U.S. Department of Homeland Security documents over the summer may have made the situation worse for utilities, Government Executive reports.
  • In 2007 the Idaho National Laboratory's Aurora Project demonstrated how a remote attacker could damage generators by opening and closing certain circuit breakers to ultimately push a machine's rotating parts out of alignment.
  • In July, responding to a Freedom of Information Act request for information on the unrelated "Operation Aurora," DHS mistakenly released more than 800 pages of information related to the generator vulnerability including the location of sensitive pieces of infrastructure.

Dive Insight:

North Korea's recent cyberattack on Sony Pictures Entertainment — the Federal Bureau of Investigation determined the attack originated there — has officials worried about the spread of attacks to critical infrastructure like the nation's power grid.

More than seven years ago the Idaho National Laboratory revealed it was possibly to damage physical grid infrastructure through a cyber attack that focused on switching on and off key circuit breakers to throw rotating equipment out of alignment. And in 2010, the North American Electric Reliability Corporation issued an alert to the industry, noting at the time "there is no single answer to the Aurora vulnerability."

So why hasn't the Aurora vulnerability been patched?

Government Executive reports the solution is a fairly simple piece of hardware the Department of Defense will provide to utilities for free. But because installing it would designate those facilities as "critical" and open them up to compliance audits by the North American Electric Reliability Corp., none have taken the offer.

It's still a very difficult attack to pull off, experts say, but nations like Iran and North Korea have shown they have the capability. Which is why the DHS' accidental release of Aurora documents could be costly. The agency had been queried for documents on the unrelated cyber attack "Operation Aurora," which targeted Google and other well-known companies. Instead, it released a trove of information including the names of Pacific Gas & Electric substations which could be vulnerable.

Recommended Reading

Filed Under: Generation

Editors' picks

Company Announcements

View all | Post a press release
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
ABB launches next-generation medium voltage drive, designed to enhance industrial performance …
From ABB
November 19, 2024
Regional grid operator holds board meeting at boycotted hotel, drawing criticism from climate …
From Fix the Grid Campaign
November 06, 2024
Editors' picks
Latest in Generation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell