Slashdot Mirror
Staged Hack Causes Generator to Self-Destruct
An anonymous reader writes "It has been revealed that in a U.S. Department of Homeland Security exercise codenamed 'Aurora' conducted in March of this year, researchers were able to cause a power generator to self-destruct remotely via a hack which changed the operating cycle of the generator. 'Government sources said changes are being made to both computer software and physical hardware to protect power generating equipment. And the Nuclear Regulatory Commission said it is conducting inspections to ensure all nuclear plants have made the fix. Industry experts also said the experiment shows large electric systems are vulnerable in ways not previously demonstrated.'"
One time I put my car into reverse while traveling 70 mph on the freeway. It was a very exciting learning experience.
because the automation system controlling the infrastructure is not connected to a public network, like say, the internet - right ?
If it is, then someone should probably do some quick patching asap.
Doolittle :
Bomb no.20 : To explode of course.
"computer software and physical hardware"
How about het NON-computer software and NON-physical hardware?
If Microsoft was mass, stupidity would be gravity.
A program that happens to be called 'Aurora' destroys a generator hundreds of miles away. I happen to know another program named 'Aurora' that could do that same thing.
Did anyone else immediately think of Live Free or Die Hard when reading this?
There is a really simple and quick fix for this problem - don't connect the control equipment to a (public) computer network.
What is more interesting than the fact this was possible is the fact that some numb skull thought it might be a good idea to link critical control systems to a public network. I can see that there is scope for remote control, especially with a nuclear plant, but I hardly think sending the data over the Intertubes is the correct way to do it.
I used to have a better sig but it broke.
Hackers can and will hack into your computer and make it explode. I learned this from the front page of a tabloid last week.
Like 11 and a half years by now. Name Chernobyl rings a bell?
I don't understand why Nuclear power needed to be singled out. The electrical generators are pretty similar regardless of the fuel source. And if it blows up, it's not going to take the nuclear reactor / coal furnace / (insert steam source here) with it, since they tend to be very well separated from each other.
"cause a power generator to self-destruct remotely". This seems unlikely.
/stickler
What probably happened was that they "remotely caused a power generator to self-destruct."
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
My blog
I'm no computer security expert but I do know of the world's most unhackable firewall -- it's called a one inch air gap. Put that gap between the network cable and the NIC and nobody is gaining access.
Yes, I know power plants will require some net access for web, email, etc. But the office worker network and the command and control computers and network for the generators should have nothing to do with each other! Separate systems, no network connectivity, the plant software should be operating in a vacuum bubble. The rest of the world should not exist for it, no way, no how. Oh, need to install a patch for the software? After being thoroughly tested and vetted on a proofing system, the software is then installed the old-fashioned way, off of CD-ROM's. Now if someone can fuck with the CD-ROM's, THAT I can understand. I can buy the plausibility of the NSA printer hack, even if it was a hoax. (NSA puts a virus on printers heading to Iraq, takes down their network.) The story about the CIA sabotaging software for equipment the Russians were buying to use in their pipelines is true. These are secure systems completely cut off from external contact that were sabotaged by the insertion of compromised components that were not detected. That makes perfect sense.
It always bothers me when I see movies showing hackers getting in to some place and gaining access to files on servers that should never have a connection to the outside world. Then again, maybe I'm giving the fictional syadmins of the target systems too much credit. Who knows, maybe next week we'll read about some Korean hackers who were able to compromise a Minuteman silo and add it to their botnet.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
So someone connected a generator to an untrusted network and it was hacked? While they're at it, why not hand your keys and security pass to terrorist?
Whenever this comes up, it's usually some firewall vendor trying to sell people firewalls on their internal control systems. It would be negligent to connect a safety critical system to an open network like that in the real world. At every job I've worked on, it was an instant sacking offence.
So if that was done, and not just a fake demonstration by a firewall vendor, the sysadmin concerned should be dismissed immediately.
I have to wonder about the authenticity and if this is viable in the real world. The term "staged" really does raise a red flag making me curious if this is probable or even possible. It isn't that we shouldn't be defending against these things nor that I am dunking my head in the sand but, well, without more details...
"So long and thanks for all the fish."
2. Complain about lack of funding to solve desperate hole in our nation's security.
3. ???
4. Profit!
I am the system administrator for a large state government agency. Recently I was essentially forced to connect a Windows XP boiler control system for an electrical generation plant to the Internet, so that the vendor can do remote maintenance. If I hadn't found out about it, it would be connected directly without even a firewall... This system had no anti-virus software, and of course it has a popular remote-control software installed for the vendor's access. The only reason I can sleep at night is that the plant is far away from any populated area, and may be shut down due to other reasons soon. I will be sending this video to a number of people in an email today.
Well thaars your problem!
Ya need to turn on windows update!
From TFA "researchers were able to cause a power generator to self-destruct remotely via a hack which changed the operating cycle of the generator"
You mean they upgraded it to Microsoft Windows Vista?
The TV movie Category 6: Day of Destruction went into details that US power plants are vulnerable to remote attacks, and featured such a guy who managed to make generators self-destruct from his home PC (he died when connectivity was cut off, and realising what he did, he went to the power plant to fix things locally, but too late).
:(
And there we go, 3 years later the government wakes up to the threat as well.
Guess my advice to government fellows is: watch more TV, it'll raise your IQ. OMG the irony
You see, man, you're sending me all these crazy signals. I can't take it! It's frying my brain and sucking my will to live!
That's IT! I'm sick of this! I'm going to self destruct - that'll show you. But, just to be tricky, I'm not going to self destruct right here, I'm going to go over to that corner and do it remotely. Ha!
Perhaps only in the US could a report on a vulnerability turn so quickly into dramatic eschatological nonsense.
Also, did I see nixie tubes? How old is your infrastructure?
-1 not first post
Or like that songs says. BOOM BOOM BOOM Out goes the lights.
"I can't say it [the vulnerability] has been eliminated. But I can say a lot of risk has been taken off the table," said Robert Jamison, acting undersecretary of DHS's National Protection and Programs Directorate as he pulled the network cable out of the wall socket.
I have excellent Karma and I am not afraid to Troll it.
Hi! This is Chief Rufus Xavier Sarsaparilla of the Grammar Police. Where do we send your check, Lt. Permaculture?
My blog
You can actually learn how to do this yourself at this course I took:
http://infosecinstitute.com/courses/scada_security_training.html
With a staged hack I can launch an ICBM...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
These post are getting ridiculous. Too many people are saying "why don't they just disconnect it from the network?" and getting modded as "insightful".
It's NOT that simple! If they are connected to the network, there is probably a very good reason for it, and not just cause some engineer wants to check his email and download pr0n while listening to the generators hum.
These generators more than likely are controlled by self-optimizing systems based on a variety of data that is collected. If they're providing power to various remote sites, they need the internet for gathering data from those sites.
The internet is more than just a public free-for-all, it is the communication medium for many business/mission-critical systems (see LehiNephi's response above). They really just need to have the right security in place to keep it safe.
Capitalism: When it uses the carrot, it's called democracy. When it uses the stick, it's called fascism.
We also need to look out for homer Simpson's in the control room to mess things up like the one time he spilled some food on the control panel killing the power at the new york albany power plan and he got off by blaming it on Max Power.
Hasn't any1 seen the new die hard movie? There are advantages to hard wire, or direct control. What's next? Wireless access!
There are easier ways to damage the bulk power grid (or local transmission). Pick up a rifle at your nearest sporting goods store. Go to your nearest transmission substation (or even large generating plant). Take a shot at the porcelain on one of the transformer bushings. Kablam! You just removed a few hundred MW (or perhaps more) or generating capacity or transfer capability and caused millions of dollars in damage. If it's a generating station, the cost of lost revenue could drive the total to 70 or 80 million. Actually, I have seen bushings with bullet holes. Obviously not that common, or something would be done about it, but it does happen. It won't always cause an immediate and catastrophic failure, but it certainly can. Especially if one keeps trying... The bigger danger to this nations power grid is lack of investment and a severe brain drain in engineering personnel.
What a bunch of sad geeks we've become. Instead of crying about how it was connected to the 'net i watched the video.
I'd like to know what they did to make a multi-ton generator JUMP like that thing did. After a few jumps there were a couple chunks of black stuff flying around. If you watch the "full" video it's clear they cut it at least once if not more. I'm guessing it took them quite a long while to get the generator to "blow up".
Anyone have thoughts as to how they did it? I'm going to guess they messed with the fuel/air mix or delivery and caused a massive backfire while under/overloading the alternator side. I'd guess for kicks they also forcibly turned off the cooling fans creating an over-temp in the engine. Assuming i'm right and they cut out 95% of the video length that explains it a bit better. The failure seemed two-fold: A failed main-crankshaft seal spewed out white "smoke" (read over-temp coolant) and something up by the valves making black smoke.
This is probably something you could do to a regular car if you were poking around in the engine management computer.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
It used to be possible to do the same thing with old CRT monitors. A virus could drive the refresh rate high enough to burn them out. All newer CRTs have an automatic cutoff to prevent accidents. A virus could also re-flash the BIOS so that it could not boot. I sure that there are other possible scenerios where hardware could actually be destroyed. I have been waiting for a virus to come along with a serious payload to alert people to the idea that security matters and that a lack of it can be very expensive.
I used to be a developer for a SCADA/HMI software vendor. That stands for Supervisory Control And Data Acquisition / Human Machine Interface.
It is quite common for such software to be used in places where its failure could cause injury or death.
Many of our customers put their SCADA systems on the Internet, so that our support staff could work with their systems, as well as to allow our consultant engineers to remotely upload new releases.
One day my boss told me that a lot of our customers didn't use SSL encryption, either because they couldn't be bothered with it, or because they couldn't figure out how to install the server software or certificate correctly.
Anyone with a packet sniffer running on the path between us and our customers could have easily stolen the passwords.
Our product, BTW, ran on Microsoft Windows.
"researchers were able to cause a power generator to self-destruct remotely via a hack which changed the operating cycle of the generator"
My dad used to make hard drive cabinets walk across the room by doing a slow read in one direction and a fast read in the other. (Sorry if I'm sketchy on the details, but it was something like that. The story was told long ago and the events happened even longer before that. This was back when hard disk platters were 12" across, copper-colored, and held a few MB each.)
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
We know that, because *we* did it to the Soviets. http://www.msnbc.msn.com/id/4394002
And their machines weren't even connected to the internet. So all the people who are saying, "Just disconnect it", well, that's not good enough. We have to engineer systems that are hardened and handle failure gracefully. And don't use stolen software.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
...of ways to implement their terrorism - all they have to do is read Slashdot and follow up on those articles of all the scientists publicly demonstrating how to cause mayhem and destruction on our infrastructure. The terrorists' level of sophistication is directly related to us showing them that certain things are indeed possible. Here's another nice ripe target for them to exploit and one that we practically handed to them as to how to accomplish it. It's one thing to test for vulnerabilities for the purpose of exposing and fixing flaws, but yet another to be so public with the testing of those vulnerabilities that we essentially become the Terrorist Think Tank for the terrorists. Hey guys, looky here - I found a way to poison the water supply of 5 million homes thru just one valve. Wanna take down the power grid of Texas? Here's how!!! They think the terrorists are camel-monkey's with no internet - but they're looking at these reports as much as we are and they're fully capably of getting a nice fat brainstorm thanks to the hard work of our scientists and our tax dollars. Way to go, people. Why not just hand them a gun and bullets and show them where to aim?
As I've said before, it's all about money. There are almost irresistible forces that lead organizations to connect control systems to the Internet. An isolated private internet is extremely expensive and difficult to maintain. It's so much easier, cheaper, and tempting, to plug that cable into the public internet, perhaps with a crappy firewall to provide an illusion of security. Even if an engineer is willing to stick his neck out and say that it's an unacceptable security risk, he isn't being a team player and will be overruled by someone higher up the food chain.
Mea navis aericumbens anguillis abundat
It's worth watching if only for this wonderful bit of dialogue:
Bruce Willis goes to see the dirty fat nerd who lives with his mother.
- smelly nerd: What are you doing in my command center ?
- Willis: It's not a command center, it's a basement.
Back when I was working on the Trident sub program (early 1980's), one of the veteran submariners told me about an incident on a sub. Subs have multiple generators, and the Navy was attached to manual controls. So, the procedure for brining a 2nd generator online, is to spin it up, watch the phase angle meter, and switch it in when there's 0 phase difference. What happened, was a new guy followed the procedure, but threw the switch when the two generators where 180 degress out of phase. The generator just stopped, twisting the armatures and destroying themselves in the process. The thing is, a simple set of lightbulbs wired between phases could tell you if it's safe to switch, or a relay that's powered by the difference could keep the switch from happening.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
... distinctiveness to our own.
FTFA:
"It's equivalent to 40 to 50 large hurricanes striking all at once," Borg said, "resistance is futile."
As someone who as worked in this position in a power station, let me say that this social engineering attack is not likely. You very quickly learn the names, attitudes, and voices of all the people that frequently call asking for changes to the generators. The number of people calling for these changes is usually a handful, 5 or less. If someone odd calls, we would often ask if another guy we knew was on vacation or sick.
If someone we never had heard of called asking for something strange, I would have definitely asked to talk to someone I knew at the independent system operator, emergency or not.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Seen that before, well I've heard of something like this before.
As an undergrad, a fellow student told me about a certain kind of old heavy duty line-printer for mainframe batch processing. It had a hammer for every single character position and a curculating belt with the entire printable character set repeated. A hammer would fire whenever a character coincided with the hammer in the right position. This would let the printer complete a line very quickly. Some bright guy in the shop made up a text file that would cause all of the hammers to fire. BLAM. The hammers all dislocated themselves.
Self Destructing Printer hack.
Maybe the sparking and smoking of a Trek ship panel when under attack isn't so farfetched after all. The Romulans plant stealth viruses on the ship that cause the panel display diodes to overheat during battle. And laptops that burn the captain's nuts.
Table-ized A.I.
Of all the stupid things the government classifies as secret, here they publicise an attack vector and a specific vulnerability? Maybe they should have kept the particulars of this excercise a secret and just pushed for better security measures on networks controlling our physical infrastructre. Hmm
Are engineers all so God damned short sighted, or is it their managers? There should be no connection allowed in! Gees, fellow nerds, some of you are really fucking dense. Yes, it's desirable for your generator to communicate to the corporate (or in Springfield's case, city) network. But the damned thing should have been designed so that only outgoing signals are allowed; a human at the generator end should have to initiate any changes.
I curse some of my fellow nerds whenever I'm in my car; the power windows piss me off to no end. I'm waiting for someone, but I can't roll the windows up or down without turning the key. If the damned bridge I'm crossing collapses (because some dimwit designed the thing badly) and the car goes into the river, there's going to be no way out of the car at all, as I won't be able to open the door (pressure) OR roll the window down! This is just fucking stupid! PLEASE redesign this, mkay? While you're at it, make it so I can roll windows up with the remote!
I'm glad that they started using knobs in car radios again, finally. What fucktard decided that having a volume BUTTON on a car radio was a good idea? From the linked article (mine), "Thank God they invented cell phones so you can call an ambulance after you wreck your car trying to turn the volume down to answer your cell phone!"
But even the digital knob is inferior to the old fashioned potentiometer. Back in the day, I'd turn the volume down before starting the car, bacause if I didn't it would blast me into the back seat (I like to rock). But you can't do that any more; the volume control only works when the damned radio is on!
-mcgrew
PS- get the hell off my lawn. And no, you can't have your balls back!
There is no such thing as an "operating cycle" to change for a generator.
/or human lives at stake, one invests more in safeguards such as electromechanical relays, breakers and other non digital gadgets.
The generator pictured in the video is not the kind used in large power plants. It appears to be a diesel generator similar to the kind that is used for backup power in many buildings. Backup generators are typically 1 MW or lesss, whereas big power plant generators are 1000 MW or more. It is like comparing a RC controlled model airplane with a 747. Besides being bigger, the 747 and the power plant will have much more elaborate systems to protect things from damage and destruction caused by malfunctioning equipment and/or misbehaving control systems. When there are billions of dollars and
The thing that could cause the generator to jump and destroy itself like in the video is to attempt to synchronize it with the grid out of phase or at the wrong speed. Another post in this thread, "This has happened before computer controls" by Maximum Prophet hit on the correct answer. In small, unattended, backup generators synchronization may be automated by computer, but in large power plants nobody trusts the computer enough to allow this critical operation to be automated. It is still typically done by hand with the aid of old fashioned non-digital equipment. Even if one did mis-synchronize a generator (and it does happen) other protective devices shut things down quickly to limit the scope of damage. And yes, mis-synchronization does happen in real life every once in a while, usually in a brand new installation and usually because the instruments are wired up wrong. The result can be damage sometimes, but I never heard of it destroying a whole plant.
That is not to say that cyberwar is not a threat, nor to say that it is not good policy to isolate all critical control computer from the net. Again its a matter of money. If you are running a $5 billion power plant, your budget is big enough to hire real people to come and maintain systems rather than using remote diagnostics. Or, if you do want remote diagnostics, you can afford to use leased private lines rather than the internet. Power plants and the power grid can afford gold standard security and they should be required to do it. I don't oppose the security thrust, but I do oppose the hyped up scare tactics designed to panic us into unwise government spending.
I spent most of my life modeling power plants and their control systems to build operator training simulators. As part of training, we inject myriads of simulated malfunctions. As part of debugging of the models, we get to see just about every detail of the plant and its control and its safeguards working incorrectly before we debug them and make them correct. That gave me and others experiences up to our chinny chin chins about what can go wrong and what the consequences might be.
I'm afraid that what this is about is another naked grab for government money and using scare tactics to get it. Mr. Joe Weiss in the video works for EPRI. He, and the government committee on critical infrastructure protection, were both singing the song in 1999 that no matter what Y2K bugs might exist, they couldn't do any real harm. Get it? Not that the Y2K bugs didn't exist or would be fixed (at proved to be the case) but that they couldn't do any substantial harm no matter what. Now these same people are saying that a few hacks can cause widespread and catastrophic damage. One can not argue both sides of this issue and keep credibility. If a control system misbehaves, it matters not whether the problem is inadvertent or malevolent. Yet these people pooh pooh the risk of inadvertent bugs yet hype the danger of malevolent ones. It's bunk.
EPRI wants $100 billion to automate everything in the power grid as a massive research project. Next they'll want another $250 billion to secure it from cyberwar threats. DOE wants a national DOE control center for the
Whatever the reason's given for connecting any critical infrastructure to the public Internet, it is far too risky of a proposition to seriously consider it. They absolutely should be using private WANs, preferably encrypted eight ways to Sunday.
There is absolutely no excuse whatsoever for making this equipment accessable from the public Internet. None. Zero. Zilch.
Frame Relay T1 lines are cheap nowadays, and they should be using them.
These aren't _that_ old, I was supporting these printers back in production as recently as 1989.
Oh crap, now I've made _myself_ feel old.
My (paranoid?) suspicions are: 1. DHS produced this FUD/PhotoOp (remember, it is CNN) to justify their funding. Their current terrorist prevention accomplishments are in the category of 'See any elephants/terrorists? No? Must mean our elephant/terrorist repellent works' 2. Showing a terrorist target that 'hits closer to home' (no pun intended) for Joe/Jane citizen 3. A reason to let them monitor everything they can on the internet. Their justification would be 'If we see them trying to get in, we can find and stop them.' Seems that a proper firewall / VPN setup would be required/more useful K
V for Vendetta: People should not be afraid of their governments. Governments should be afraid of their people.
But chances are they also have lots of monitoring (local and remote) systems that would send a message out to external person(s) in the event that something unusual/bad started happening.
A former Navy officer tells me of hiring an outside team to test the security of new software for controlling the firing of missiles from a ship. Within a couple of days, they were able to demonstrate to him that they could remotely fire the missiles, but were not able to access the targeting control. I mention this publicly because the officer was able to go back to the major defense firm providing the hackable software and demand revisions to their product. This particular software is not, we can presume, presently installed in our Navy.
But the outside team he'd used was getting into that ship's system from the Internet. This was a few years back. We can hope that's no longer possible.
"with their freedom lost all virtue lose" - Milton
Heh, I read that as "If I had a hammer for every single character position and a curculating belt with the entire printable character set repeated". Not quite as catchy as the original hammer song..
which is totally what she said
... about the fact that one of the guys mentioned in TFA is named Borg?
Have gnu, will travel.
Yeah, if they wanted geek viewers they should have named it Live Free or Bitch on Slashdot
I didn't hit it that hard- it must have had a self-destruct
http://newengland.naisg.org/Archive/2004/05Graphics/computer_bomb.jpg
-- All your booze are belong to us.
No, season four of 24.
Hack a nuclear reactor so it melts down?
Ok, maybe reprogramming a weather satellite [i]to control the weather[/i] is only 99.9% impossible.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Place a tool, preferrably metal on both ends, connecting two of the three phases of the generator. All you have to do is remotely start it up and the tool will be vaporized when the power goes phase to phase. Just sit back and watch the sparks fly.
Pointless FUD...
Did anyone watch this video at all? http://www.cnn.com/video/#/video/us/2007/09/27/meserve.power.at.risk.cnn
They have connected the generator or its controlling software/hardware combo to the internet and then they have run a fake "cyber-attack" (If they only knew...) to make it go PUF!
And then... They start to waive the red "What if..." flags.
What if this happened on the large scale? To a huge part of the country for months, mind you... "Huge part" and "for months".
By day three stores run out of food and emergency generators out of gas.
I guess that the main idea is that all of those electrical engineers are twiddling their thumbs during that time?
Here is a "What if..."
What if all of a sudden "the leaders and innovators of industry in the world start to disappear"? This could mean the end of the civilisation as we know it.
I think that there might be book in there somewhere... hmm...
Further on... "After 10 days with no hope of power being restored..."... Video goes on to babble about no emergency services, fuel, and even NO WHERE TO EVACUATE!!!
Like... when did I miss the news of the large part of US being held in the air above Atlantic Ocean by use of force fields/tractor beams connected to generators, which are connected to the internet?
And, has the modern civilisation really become SO fragile that 10 days without TV and internet porn will cause immediate collapse of society?
And Joe Weiss (of Applied Control Solutions) is A FUCKING IDIOT!
Besides the fact that he assumes (very possible as he says) that Iran has NOT SIMILAR but SAME "systems", people there "absolutely" know how to run them, and "absolutely" know how to bring them down - he goes on to claim that they also have the SAME PASSWORDS!!!
Well damn... Here - I have the solution.
First - STOP CONNECTING CRITICAL SYSTEMS TO THE INTERNET!!!
Second - CHANGE YOUR GOD DAMN PASSWORD!!!!
Mit der Dummheit kämpfen Götter selbst vergebens
I worked as an electrical engineer for a power company for five years. Once, out of curiosity, I started counting the different redundant protection systems around a 180MW generator. I found a total of 49 different circuits, any one of which would be sufficient to trip a circuit breaker in less than 10 milliseconds. The circuit breakers themselves were redundant, in the substation layout there were three different breakers protecting that generator, any one of them tripping would disconnect the current.
And, since you mentioned synchronization, I once saw a failure report for a different power station in the same company. A maintenance technician had made a mistake in connecting the synchronoscope, so it indicated the phase difference with an error of 180 degrees. The first time the operator tried to synchronize that machine, the breaker tripped immediately after being closed.
Let's face it, power stations are designed by engineers who not only have heard about any anecdote you may know, but they also are technically trained and have years to consider all the possible consequences of design errors. Snafus happen, of course, but not with trivial matters such as disconnecting a breaker when an overload occurs.
As someone who has gone through a post-graduate course called "Power System Dynamics and Automatic Generation Control", I can assure you that the first thing Joe would do would be to ask the Engineer (I mean the kind that has a university Engineering degree) in his company to check this.
All the phone lines connected to power control systems are recorded 24/7 in tapes that are never erased, because the conversation often runs like "Hi, Joe, this is Jack, I need an extra 100MW tonight". Look in you power bill how much a kilowatt costs, multiply it by 100000 and you'll understand why the operators in charge of power stations are so closely monitored.
Hi! I'm the cyber security consultant from Unisys! We're doing a test....
i always consider researchers to be geniuses. they can actually find something like this, put up a demo, staged experiment or something and just tell the public( which also includes potential attackers) all about it. genius.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the universe."
Oh, great. Here's another potential terriost act that we openly advertise to would be terriost. "Hey, guys, have you thought of this one?"
Actually by doing this Aurora project can cause injury to the public. But if the project team can apply IT code of conduct in this project, i think this project can give many benefits to public, organization, and project team itself. Below is the several benefits if the Aurora project can apply IT Code of conduct: 1) Can void harm to public 2) Can ensure the good management in the project 3) Can show profesionalism of the organization