There are a number of issues about Aurora that are confusing including its name, what it does, how to detect it, and what could be vulnerable.
As Aurora is still classified as "For Official Use Only", I will not go into any technical details.
First, I would like to address the confusion in the name Aurora. The Aurora I am referring to is the test the Idaho National Laboratory did for DHS in 2007 that destroyed a diesel generator with the consequent CNN tape.
The reason DHS performed the test was to demonstrate that a cyber attack could destroy large rotating equipment (remember this was in 2007 long before Stuxnet). This is not the same as the Chinese attack on Google also named Aurora which has caused confusion.
Aurora is a gap in the protection of the electric grid that can be caused by cyber. It is a basic physics property - an out-of-phase condition - that cannot be seen by the operator and can NOT be mitigated by any traditional IT cyber mitigation. The only means to prevent an Aurora event is by physical hardware mitigation.
Aurora was demonstrated to be able to cause damage to a diesel generator. However, Aurora can cause damage to any load connected to the grid. Yet, Aurora is not addressed by the NERC CIPs or by the nuclear industry in NEI-08-09 - a second gap in protection of the electric grid.
I believe that if the Aurora vulnerability was discovered as part of a reliability test and the disclosure made to industry through traditional reliability channels, this problem would have been addressed.
Because it was called a "cyber security" problem, it was sent through the security channels and effectively indefinitely deferred. This is probably one of the most glaring examples of the discontinuity between the NERC CIPs and grid reliability.
Cross-posted from ControlGlobal.com's Unfettered Blog - copyright 2012 and ff by Putman Media Inc. All rights reserved.