Modeling Supply Chain Attacks in IEC 61850 Substations

Abstract

Supply chain attacks, which exploit vulnerabilities deliberately injected into devices either before their shipment or through subsequent firmware updates, represent one of the most insidious security threats in smart grids. The deliberate nature of such vulnerabilities means that they can be more difficult to mitigate, e.g., the attack could be designed to autonomously launch from the inside or to cause invisible physical damages to devices over a long time span. Furthermore, they can result in more severe consequences, e.g., the attack could leak sensitive information like crypto keys, or cause a large scale blackout through coordinated devices from the same malicious or hijacked vendor. In this paper, we take the first step towards a better understanding of the threat of supply chain attacks in IEC 61850 substations. Specifically, we first discuss the general concept and unique aspects of supply chain attacks. We then present concrete models of different supply chain attacks through extending the attack graph model and designing a security metric, namely k-Supply. Lastly, we apply such models to quantitatively study the potential impact of supply chain attacks through simulations.