Modeling Supply Chain Attacks in IEC 61850 Substations
- 1 October 2019
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Supply chain attacks, which exploit vulnerabilities deliberately injected into devices either before their shipment or through subsequent firmware updates, represent one of the most insidious security threats in smart grids. The deliberate nature of such vulnerabilities means that they can be more difficult to mitigate, e.g., the attack could be designed to autonomously launch from the inside or to cause invisible physical damages to devices over a long time span. Furthermore, they can result in more severe consequences, e.g., the attack could leak sensitive information like crypto keys, or cause a large scale blackout through coordinated devices from the same malicious or hijacked vendor. In this paper, we take the first step towards a better understanding of the threat of supply chain attacks in IEC 61850 substations. Specifically, we first discuss the general concept and unique aspects of supply chain attacks. We then present concrete models of different supply chain attacks through extending the attack graph model and designing a security metric, namely k-Supply. Lastly, we apply such models to quantitatively study the potential impact of supply chain attacks through simulations.Keywords
This publication has 16 references indexed in Scilit:
- A Detection and Mitigation Model for PTP Delay Attack in an IEC 61850 SubstationIEEE Transactions on Smart Grid, 2016
- Exploring security metrics for electric grid infrastructures leveraging attack graphsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Review on cyber-physical security of the smart grid: Attacks and defense mechanismsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- A Cyber-Physical Modeling and Assessment Framework for Power Grid InfrastructuresIEEE Transactions on Smart Grid, 2015
- Using Software Defined Networking to manage and control IEC 61850-based systemsComputers and Electrical Engineering, 2015
- Power System Reliability Evaluation With SCADA Cybersecurity ConsiderationsIEEE Transactions on Smart Grid, 2015
- SOCCA: A Security-Oriented Cyber-Physical Contingency Analysis in Power InfrastructuresIEEE Transactions on Smart Grid, 2013
- Multiscale approach to the security of hardware supply chains for energy systemsEnvironment Systems and Decisions, 2013
- Cyber security in the Smart Grid: Survey and challengesComputer Networks, 2013
- Cyber–Physical Security of a Smart Grid InfrastructureProceedings of the IEEE, 2011