Measuring and Improving the Security Posture of IEC 61850 Substations Against Supply Chain Attacks.

The measurement of security is essential for defending critical infrastructures like smart grid substations against emerging threats of supply chain attacks. However, security measurement in general is still in its infancy and especially lacks tool support. In particular, supply chain attacks exploit vulnerabilities injected into devices before their shipment or during firmware updates, and represent a significant security threat to substations. Preventing such attacks through the naïve solution of purchasing devices only from trusted vendors may not always be feasible (e.g., due to operational constraints of an operator being bound to particular vendors). Furthermore, in many cases, the effectiveness of applying ad-hoc hardening options can be limited, while it may not be feasible to deploy all possible security mechanisms due to budget constraints. Finally, manually assessing and applying different hardening options while respecting a given budget is usually very challenging for system operators and can be prone to human error. In this paper, we develop a hardening system, namely Hardening Framework for Substations (HFS), to measure and optimally improve the security posture of substations against supply chain attacks. First, HFS provides a hardening mechanism for securing substations while considering the budget and operational constraints. Second, HFS provides a visual framework that allows operators to generate attack graphs and manually experiment with various hardening options. We validate the effectiveness of HFS based on several scenarios including the case in which supply chain attacks are mitigated by fixing non-supply chain vulnerabilities. Our simulation results demonstrate that HFS improves the security postures of substations against supply chain attacks even with limited supply chain-related hardening options by reducing the number of successful supply chain attackers. Finally, we discuss how our work may be improved through leveraging existing concepts and techniques from instrumentation and measurement.