The U.S. Department of Homeland Security (DHS) has erroneously released hundreds of documents containing sensitive information, including critical infrastructure points across the United States, in response to a recent Freedom of Information Act (FOIA) request in regards to a cyber-security attack.
Known as ‘Operation Aurora,’ the attack impacted Google, Juniper Networks, Northrop Grumman and numerous other high-profile companies when it was publicized in 2010.
However, DHS responded to the request by releasing more than 800 pages of documents from an experiment detailing how to damage a generator via a cyber-attack. The experiment was conducted several years ago at the Idaho National Laboratory.
The originally requested information revealed the hazards by an attacker disconnecting and reconnecting a generator to the electric grid out of phase.
“What you have is a physical problem that cyber is able to exploit,” commented Joe Weiss from Applied Control Solutions in an interview. “This physical problem affects every single substation everywhere. Period.”
Andrew Ginter, vice president at Waterfall Security Solutions, says the basic principles of the operation have been available in the public domain for a long time now.
“The only thing that is still a mystery about Aurora,” says Ginter, “is the precise mechanics of what commands were send to which device in order to cause the destruction of the generator.”
DHS and the North American Electric Reliability Corporation (NERC) declined to comment on the situation.
Read More Here…