Crossroads Blog | Institute National Security and Counterterrorism

critical infrastructure, cyber attack, industry standards

The Aurora Vulnerability and the Risk for Nuclear Power Plants

In February, an experienced nuclear engineer concluded on the cyber security portal Infosec Island a non-neglectable risk of a potential cyber attack, which, under certain circumstances, could cause a core melt. Due to the contribution, the so-called “Aurora Vulnerability” lies in the alternative current (AC) motors that run the emergency core cooling system, and which can be targeted and destroyed with a cyber attack, once they are needed and operational.

Referring to the Fukushima incident, the author illustrated that “emergency core cooling may be needed for a significant period of time,” which would be hard to hide from the public, and thus from potential cyber attackers. With such a risk being “certainly more probable than once in a million years,” which marks the threshold for safety analyses to address specific threats, the author posed the following questions:

Why haven’t the nuclear plant operators implemented the fix for protecting their own business assets?
Why has the NRC not mandated the fix for safety reasons?
Why is IAEA not addressing this threat?

 

In 2007, CNN reported on “Aurora”, an experimental cyber attack that caused a generator to self-destruct. According to the news outlet, it alarmed the federal government and the electrical industry “about what might happen if such an attack were carried out on a larger scale,” raising awareness on the potential of cyber attacks on the energy critical infrastructure sector. Former contributor Zach touched on “Aurora”, when he blogged in 2011 on the Department of Homeland Security’s (DHS) research on the potential impacts of cyber attacks on industrial control systems at the Idaho National Laboratory.

 

Leave a Reply

Bitnami