POWER September 2013 - 54

CYBERSECURITY
would be one AURORA mitigation device
for each substation relay that is connected to
customer loads. For a small utility with 20
substations, this could be 10 to 80 devices.
For a large utility with 12,000 substations, it
could be 1,000 to 24,000 devices.
Compare the cost of installing these devices
with the potential impact and risk to
the utility from an AURORA event. As AURORA
can damage or destroy large generators,
motors, or transformers, the cost is both
for the equipment replacement and facility
downtime. Many large industrial facilities
can have downtime costs of more than one
million dollars per day. Equipment replacement
times can easily be months. The risk
should be obvious.
Developing an AURORA
Cybersecurity Response Plan
In developing a cybersecurity response plan a
utility can create a cybersecurity framework
that best addresses its system conditions.
and provide IT staff with the flexibility needed
to adjust to the unique network conditions
that occur as a result of advancements of
technology relating to the support of grid operations.
It is important that the IT role does
not infringe upon the role of operations in
the security of grid operations. Instead, it is
important for the cybersecurity response plan
to create a framework that develops a symbiotic
relationship between IT and operations
groups.
The role of the operations team in the development
of a cybersecurity response plan
is the cybersecurity and physical security of
the utility's control systems and facilities.
The programming of control system devices
and the testing of those devices and communication
between the devices needs to be a
function of operations. The mapping of data
points for SCADA systems and communication
of that data should be the responsibility
of both operations and IT. Operations are
key in identifying AURORA conditions that
Customer loads in manufacturing facilities,
pipelines, refineries, electrified mass
transit, and even data centers and power
plants are directly at risk from AURORA.
When a utility develops its cybersecurity response
plan it must consider the roles of IT,
operations, and management functions.
In the case of IT, a cybersecurity response
plan should define the responsibilities of IT
2. Another mitigation device. The
SEL 751A feeder protection relay includes AURORA
mitigation features and can be used for
industrial and utility feeder protection. Courtesy:
Schweitzer Engineering Laboratories
exist on the system so those conditions can
be addressed as a part of their cybersecurity
measures.
The role of management in the development
of a cybersecurity response plan is to
provide guidance in the development of the
plan and emphasize the importance of this
plan to employees. Management has a very
important role in influencing company culture
to ensure security effectiveness and
system reliability. If the culture does not
change, any efforts made in developing and
implementing a cybersecurity response plan
become inconsequential.
NERC's Response to AURORA
On June 21, 2007, the North American Electric
Reliability Corp. (NERC) ES-ISAC issued
an initial Advisory Alert to registered
entities, informing those entities of AURORA.
The advisory, titled Mitigation Measure
8-Implement NERC Critical Infrastructure
Protection (CIP) Standards CIP-002 through
CIP-009, included this statement:
The implementation CIP-002 through
009 is required for electricity sector entities
by 2010 (upon FERC approval of
the standards). While the purpose of the
54
www.powermag.com
How to Get More Information
on AURORA
Because AURORA is still classified by
the Department of Homeland Security as
For Official Use Only (FOUO), little public
information is available. Moreover,
it is not clear what information can be
trusted as technically correct. NERC has
officially provided the information on
AURORA to the designated contact for
each organization on the North American
Electric Reliability Corp.'s compliance
registry.
standards is to ensure the reliability of the
grid, the standard allows the owners and
operators latitude in identifying critical
assets and critical cyber assets. This measure
calls for DPCD (Digital Protection
and Control Devices) capable of closing
breakers that can adversely impact critical
electrical rotating equipment to be
identified as Critical Cyber Assets (CCA)
associated with the NERC CIP-002 Standard.
This then requires enhanced cyber
security measures, documentation, and
compliance measures are enacted per
NERC Standards CIP-002 through -009
for these devices.
It can be argued that defining all substations
that implemented AURORA hardware
mitigation to be considered NERC CCAs
could have curtailed the implementation of
these devices.
A second Advisory Alert was issued to
the utility industry on Oct. 13, 2010, with
the intention that it would be used by the industry
to provide information on a utility's
knowledge of AURORA and the mitigation
plans it may have undertaken since the initial
AURORA alert. Responses to this report are
required every six months in order to provide
information concerning each utility's ongoing
AURORA mitigation efforts.
However, the second advisory states:
" This NERC Recommendation is not the
same as a Reliability Standard, and a failure
to implement this Recommendation will
not constitute the sole basis for an enforcement
action. However, pursuant to Rule 810
of NERC's Rules of Procedure, you are required
to acknowledge receipt of this Recommendation
and report to NERC on the
status of your activities in relation to this
Recommendation. "
Taken together, these NERC alerts advise
utilities to, at their cost, place a significantly
larger number of their power grid assets unPOWER
| September 2013

http://www.powermag.com

POWER September 2013

Table of Contents for the Digital Edition of POWER September 2013

Contents
POWER September 2013 - Cover1
POWER September 2013 - Cover2
POWER September 2013 - Contents
POWER September 2013 - 2
POWER September 2013 - 3
POWER September 2013 - 4
POWER September 2013 - 5
POWER September 2013 - 6
POWER September 2013 - 7
POWER September 2013 - 8
POWER September 2013 - 9
POWER September 2013 - 10
POWER September 2013 - 11
POWER September 2013 - 12
POWER September 2013 - 13
POWER September 2013 - 14
POWER September 2013 - 15
POWER September 2013 - 16
POWER September 2013 - 17
POWER September 2013 - 18
POWER September 2013 - 19
POWER September 2013 - 20
POWER September 2013 - 21
POWER September 2013 - 22
POWER September 2013 - 23
POWER September 2013 - 24
POWER September 2013 - 25
POWER September 2013 - 26
POWER September 2013 - 27
POWER September 2013 - 28
POWER September 2013 - 29
POWER September 2013 - 30
POWER September 2013 - 31
POWER September 2013 - 32
POWER September 2013 - 33
POWER September 2013 - 34
POWER September 2013 - 35
POWER September 2013 - 36
POWER September 2013 - 37
POWER September 2013 - 38
POWER September 2013 - 39
POWER September 2013 - 40
POWER September 2013 - 41
POWER September 2013 - 42
POWER September 2013 - 43
POWER September 2013 - 44
POWER September 2013 - 45
POWER September 2013 - 46
POWER September 2013 - 47
POWER September 2013 - 48
POWER September 2013 - 49
POWER September 2013 - 50
POWER September 2013 - 51
POWER September 2013 - 52
POWER September 2013 - 53
POWER September 2013 - 54
POWER September 2013 - 55
POWER September 2013 - 56
POWER September 2013 - 57
POWER September 2013 - 58
POWER September 2013 - 59
POWER September 2013 - 60
POWER September 2013 - 61
POWER September 2013 - 62
POWER September 2013 - 63
POWER September 2013 - 64
POWER September 2013 - 65
POWER September 2013 - 66
POWER September 2013 - 67
POWER September 2013 - 68
POWER September 2013 - 69
POWER September 2013 - 70
POWER September 2013 - 71
POWER September 2013 - 72
POWER September 2013 - 73
POWER September 2013 - 74
POWER September 2013 - 75
POWER September 2013 - 76
POWER September 2013 - Cover3
POWER September 2013 - Cover4
https://www.nxtbook.com/accessintelligence/POWER/pwr_may-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_april-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_march-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_february-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_january-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_december-2023
https://www.nxtbook.com/accessintelligence/POWER/pwr_november-2023
https://www.nxtbook.com/accessintelligence/POWER/power-october-2023
https://www.nxtbook.com/accessintelligence/POWER/re-tech-supp-to-power-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-and-re-tech-supp-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-august-2023
https://www.nxtbook.com/accessintelligence/POWER/power-july-2023
https://www.nxtbook.com/accessintelligence/POWER/power-june-2023
https://www.nxtbook.com/accessintelligence/POWER/power-may-2023
https://www.nxtbook.com/accessintelligence/POWER/power-april-2023
https://www.nxtbook.com/accessintelligence/POWER/power-march-2023
https://www.nxtbook.com/accessintelligence/POWER/power-february-2023
https://www.nxtbook.com/accessintelligence/POWER/power-january-2023
https://www.nxtbook.com/accessintelligence/POWER/power-december-2022
https://www.nxtbook.com/accessintelligence/POWER/power-november-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-October-2022-140th-Anniversary-Supp
https://www.nxtbook.com/accessintelligence/POWER/Power-October-2022-and-Anniversary-Supp
https://www.nxtbook.com/accessintelligence/POWER/power-and-re-tech-supp-september-2022
https://www.nxtbook.com/accessintelligence/POWER/power-september-2022
https://www.nxtbook.com/accessintelligence/POWER/power-august-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-July-2022-Intl
https://www.nxtbook.com/accessintelligence/POWER/power-july-2022
https://www.nxtbook.com/accessintelligence/POWER/power-june-2022-intl
https://www.nxtbook.com/accessintelligence/POWER/power-june-2022
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022-intl
https://www.nxtbook.com/accessintelligence/POWER/power-april-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-April-2022-Intl
https://www.nxtbook.com/accessintelligence/POWER/power-march-2022
https://www.nxtbook.com/accessintelligence/POWER/power-february-2022
https://www.nxtbook.com/accessintelligence/POWER/power-january-2022
https://www.nxtbook.com/accessintelligence/POWER/power-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-top-plants-supp-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-november-2021
https://www.nxtbook.com/accessintelligence/POWER/power-october-2021
https://www.nxtbook.com/accessintelligence/POWER/power-september-2021
https://www.nxtbook.com/accessintelligence/POWER/power-august-2021
https://www.nxtbook.com/accessintelligence/POWER/power-july-2021
https://www.nxtbook.com/accessintelligence/POWER/power-june-2021
https://www.nxtbook.com/accessintelligence/POWER/power-may-2021
https://www.nxtbook.com/accessintelligence/POWER/power-april-2021
https://www.nxtbook.com/accessintelligence/POWER/power-march-2021
https://www.nxtbook.com/accessintelligence/POWER/power-february-2021
https://www.nxtbook.com/accessintelligence/POWER/power-january-2021
https://www.nxtbook.com/accessintelligence/POWER/power-december-2020
https://www.nxtbook.com/accessintelligence/POWER/power-november-2020
https://www.nxtbook.com/accessintelligence/POWER/power-october-2020
https://www.nxtbook.com/accessintelligence/POWER/power-september-2020
https://www.nxtbook.com/accessintelligence/POWER/power-august-2020
https://www.nxtbook.com/accessintelligence/POWER/power-july-2020
https://www.nxtbook.com/accessintelligence/POWER/power-june-2020
https://www.nxtbook.com/accessintelligence/POWER/power-may-2020
https://www.nxtbook.com/accessintelligence/POWER/power-april-2020
https://www.nxtbook.com/accessintelligence/POWER/power-march-2020
https://www.nxtbook.com/accessintelligence/POWER/power-february-2020
https://www.nxtbook.com/accessintelligence/POWER/power-january-2020
https://www.nxtbook.com/accessintelligence/POWER/power-december-2019
https://www.nxtbook.com/accessintelligence/POWER/power-november-2019
https://www.nxtbook.com/accessintelligence/POWER/power-october-2019
https://www.nxtbook.com/accessintelligence/POWER/power-september-2019
https://www.nxtbook.com/accessintelligence/POWER/power-august-2019
https://www.nxtbook.com/accessintelligence/POWER/power-july-2019
https://www.nxtbook.com/accessintelligence/POWER/power-june-2019
https://www.nxtbook.com/accessintelligence/POWER/power-may-2019
https://www.nxtbook.com/accessintelligence/POWER/power-april-2019
https://www.nxtbook.com/accessintelligence/POWER/power-march-2019
https://www.nxtbook.com/accessintelligence/POWER/power-february-2019
https://www.nxtbook.com/accessintelligence/POWER/power-january-2019
https://www.nxtbook.com/accessintelligence/POWER/power-december-2018
https://www.nxtbook.com/accessintelligence/POWER/power-november-2018
https://www.nxtbook.com/accessintelligence/POWER/power-october-2018
https://www.nxtbook.com/accessintelligence/POWER/power-september-2018
https://www.nxtbook.com/accessintelligence/POWER/power-august-2018
https://www.nxtbook.com/accessintelligence/POWER/power-july-2018
https://www.nxtbook.com/accessintelligence/POWER/power-june-2018
https://www.nxtbook.com/accessintelligence/POWER/power-may-2018
https://www.nxtbook.com/accessintelligence/POWER/power-april-2018
https://www.nxtbook.com/accessintelligence/POWER/power-march-2018
https://www.nxtbook.com/accessintelligence/POWER/power-february-2018
https://www.nxtbook.com/accessintelligence/POWER/power-january-2018
https://www.nxtbook.com/accessintelligence/POWER/power-december-2017
https://www.nxtbook.com/accessintelligence/POWER/power-november-2017
https://www.nxtbook.com/accessintelligence/POWER/power-october-2017
https://www.nxtbook.com/accessintelligence/POWER/power-september-2017
https://www.nxtbook.com/accessintelligence/POWER/power-august-2017
https://www.nxtbook.com/accessintelligence/POWER/power-july-2017
https://www.nxtbook.com/accessintelligence/POWER/power-june-2017
https://www.nxtbook.com/accessintelligence/POWER/power-may-2017
https://www.nxtbook.com/accessintelligence/POWER/power-april-2017
https://www.nxtbook.com/accessintelligence/POWER/power-march-2017
https://www.nxtbook.com/accessintelligence/POWER/power-february-2017
https://www.nxtbook.com/accessintelligence/POWER/power-january-2017
https://www.nxtbook.com/accessintelligence/POWER/power-december-2016
https://www.nxtbook.com/accessintelligence/POWER/power-november-2016
https://www.nxtbook.com/accessintelligence/POWER/power-october-2016
https://www.nxtbook.com/accessintelligence/POWER/power-september-2016
https://www.nxtbook.com/accessintelligence/POWER/power-august-2016
https://www.nxtbook.com/accessintelligence/POWER/power-july-2016
https://www.nxtbook.com/accessintelligence/POWER/power-june-2016
https://www.nxtbook.com/accessintelligence/POWER/power-may-2016
https://www.nxtbook.com/accessintelligence/POWER/power-april-2016
https://www.nxtbook.com/accessintelligence/POWER/power-march-2016
https://www.nxtbook.com/accessintelligence/POWER/power-february-2016
https://www.nxtbook.com/accessintelligence/POWER/power-january-2016
https://www.nxtbook.com/accessintelligence/POWER/power-december-2015
https://www.nxtbook.com/accessintelligence/POWER/power-november-2015
https://www.nxtbook.com/accessintelligence/POWER/power-october-2015
https://www.nxtbook.com/accessintelligence/POWER/power-september-2015
https://www.nxtbook.com/accessintelligence/POWER/power-august-2015
https://www.nxtbook.com/accessintelligence/POWER/power-july-2015
https://www.nxtbook.com/accessintelligence/POWER/power-june-2015
https://www.nxtbook.com/accessintelligence/POWER/power-may-2015
https://www.nxtbook.com/accessintelligence/POWER/power-april-2015
https://www.nxtbook.com/accessintelligence/POWER/power-march-2015
https://www.nxtbook.com/accessintelligence/POWER/power-february-2015
https://www.nxtbook.com/accessintelligence/POWER/power-january-2015
https://www.nxtbook.com/accessintelligence/POWER/power-december-2014
https://www.nxtbook.com/accessintelligence/POWER/power-november-2014
https://www.nxtbook.com/accessintelligence/POWER/power-october-2014
https://www.nxtbook.com/accessintelligence/POWER/power-september-2014
https://www.nxtbook.com/accessintelligence/POWER/power-august-2014
https://www.nxtbook.com/accessintelligence/POWER/power-july-2014
https://www.nxtbook.com/accessintelligence/POWER/power-june-2014
https://www.nxtbook.com/accessintelligence/POWER/power-may-2014
https://www.nxtbook.com/accessintelligence/POWER/power-april-2014
https://www.nxtbook.com/accessintelligence/POWER/power-march-2014
https://www.nxtbook.com/accessintelligence/POWER/power-february-2014
https://www.nxtbook.com/accessintelligence/POWER/power-january-2014
https://www.nxtbook.com/accessintelligence/POWER/power-december-2013
https://www.nxtbook.com/accessintelligence/POWER/power-november-2013
https://www.nxtbook.com/accessintelligence/POWER/power-october-2013
https://www.nxtbook.com/accessintelligence/POWER/power-september-2013
https://www.nxtbook.com/accessintelligence/POWER/power-august-2013
https://www.nxtbook.com/accessintelligence/POWER/power-july-2013
https://www.nxtbook.com/accessintelligence/POWER/power-june-2013
https://www.nxtbook.com/accessintelligence/POWER/power-may-2013
https://www.nxtbook.com/accessintelligence/POWER/power-april-2013
https://www.nxtbook.com/accessintelligence/POWER/power-march-2013
https://www.nxtbook.com/accessintelligence/POWER/power-february-2013
https://www.nxtbook.com/accessintelligence/POWER/power-january-2013
https://www.nxtbook.com/accessintelligence/POWER/power-december-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2012
https://www.nxtbook.com/accessintelligence/POWER/power-october-2012
https://www.nxtbook.com/accessintelligence/POWER/power-september-2012
https://www.nxtbook.com/accessintelligence/POWER/power-august-2012
https://www.nxtbook.com/accessintelligence/POWER/power-july-2012
https://www.nxtbook.com/accessintelligence/POWER/power-june-2012
https://www.nxtbook.com/accessintelligence/POWER/power-may-2012
https://www.nxtbook.com/accessintelligence/POWER/power-april-2012
https://www.nxtbook.com/accessintelligence/POWER/power-march-2012
https://www.nxtbook.com/accessintelligence/POWER/power-february-2012
https://www.nxtbook.com/accessintelligence/POWER/power-january-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2011
https://www.nxtbook.com/accessintelligence/POWER/power-october-2011
https://www.nxtbook.com/accessintelligence/POWER/power-september-2011
https://www.nxtbook.com/accessintelligence/POWER/power-august-2011
https://www.nxtbook.com/accessintelligence/POWER/power-july-2011
https://www.nxtbook.com/accessintelligence/POWER/power-june-2011
https://www.nxtbook.com/accessintelligence/POWER/power-may-2011
https://www.nxtbook.com/accessintelligence/POWER/power-april-2011
https://www.nxtbook.com/accessintelligence/POWER/power-march-2011
https://www.nxtbook.com/accessintelligence/POWER/power-february-2011
https://www.nxtbook.com/accessintelligence/POWER/power-january-2011
https://www.nxtbook.com/accessintelligence/POWER/power-december-2010
https://www.nxtbook.com/accessintelligence/POWER/power-november-2010
https://www.nxtbook.com/accessintelligence/POWER/power-october-2010
https://www.nxtbook.com/accessintelligence/POWER/power-september-2010
https://www.nxtbook.com/accessintelligence/POWER/power-august-2010
https://www.nxtbook.com/accessintelligence/POWER/power-july-2010
https://www.nxtbook.com/accessintelligence/POWER/power-june-2010
https://www.nxtbook.com/accessintelligence/POWER/power-may-2010
https://www.nxtbookmedia.com