Biblio

Supply chain cyberattacks that exploit insecure third-party software are a growing concern for the security of the electric power grid. These attacks seek to deploy malicious software in grid control devices during the fabrication, shipment, installation, and maintenance stages, or as part of routine software updates. Malicious software on grid control devices may inject bad data or execute bad commands, which can cause blackouts and damage power equipment. This paper describes an experimental setup to simulate the software update process of a commercial power relay as part of a hardware-in-the-loop simulation for grid supply chain cyber-security assessment. The laboratory setup was successfully utilized to study three supply chain cyber-security use cases.

Critical infrastructures such as the electricity grid can be severely impacted by cyber-attacks on its supply chain. Hence, having a robust cybersecurity infrastructure and management system for the electricity grid is a high priority. This paper proposes a cyber-security protocol for defense against man-in-the-middle (MiTM) attacks to the supply chain, which uses encryption and cryptographic multi-party authentication. A cyber-physical simulator is utilized to simulate the power system, control system, and security layers. The correctness of the attack modeling and the cryptographic security protocol against this MiTM attack is demonstrated in four different attack scenarios.