Leveraging Hardware Reverse Engineering to Improve the Cyber Security and Resilience of the Smart Grid.

Abstract

Cyber-attacks on digital supply chains are rising, and Critical Infrastructures (CIs) such as the Smart Grid are prime targets. There is increasing evidence that vendors, service providers, and outsourced IT -providers are at equal risk of being used by malicious actors to gain a foothold in the power grid - delivering exploits that can disrupt electric power delivery and severely damage our economy. Long digital supply chains with components from different manufacturers require a new approach and methods to ensure the needed security in Critical Infrastructures. Hardware Reverse Engineering (HRE), commonly used for verifying the security of an embedded system, includes disassembling to analyse, test, and document the functionality and vulnerability of the target system. This paper proposes leveraging HRE for improving both the security and the resilience of the power infrastructure against cyber-attacks enabled through the digital supply chain, by organising HRE activities, and how this can be organized within the equipment procurement process in a Distribution System Operator (DSO).