Control system hardware cybersecurity issues continue to be out of the cybersecurity mainstream. Protective relay issues are an example where there are hardware cyber issues that cannot be detected by network security monitoring. These issues include manipulating registers in the relays and remotely opening and closing the relays. Aurora incidents are a good example of such an issue. Aurora is a gap in protection of the electric grid. Aurora is real and network security won’t protect you because network security organizations do not have the technical capabilities to address Aurora. To address the continuing lack of understanding of Aurora, Mike Swearingen, Dr. Bret Michael, and I published an update to the 2013 Power magazine article in the October 2025 issue of IEEE’s Computer magazine, “Physics-based Cyberattacks Against Electric Power Grids and Alternating Current Equipment”. The August 13th CISA OT Asset Inventory guidance document doesn’t address the issues exploited by Aurora. With Chinese-made hardware such as large electric transformers and Battery Energy Storage Systems using Chinese-made protective relays communicating back to China, the probability of Aurora events becomes significantly higher. It isn’t just the electric industry as Chinese protective relays are also used in other sectors such as ship propulsion systems like those used on the Dali that crashed into the Baltimore Key Bridge. Moreover, consider how much more widespread and extensive damage could be done by incorporating Artificial Intelligence (AI) into kinetic cyberattacks.

‍

Source: https://www.controlglobal.com/blogs/unfettered/blog/55321731/why-aurora-is-still-an-existential-threat-to-critical-infrastructures-18-years-after-its-conception