Hardware Reverse Engineering for Secure Smart Grids

Arne Roar Nygård; Arvind Sharma; Sokratis Katsikas

doi:10.5772/intechopen.115018

Erratum to: Hardware Reverse Engineering for Secure Smart Grids

Abstract

Industry 5.0 and smart grid technologies are mutually dependent and synergistic. They complement each other by leveraging advanced digital capabilities to enhance energy efficiency, integrate renewable energy sources, and improve the resilience and reliability of industrial operations and electricity distribution systems. With the mounting threat of cyberattacks targeting digital supply chains, including those of the smart grid, it is evident that vendors, service providers, and outsourced Information and Communication Technology (ICT) providers face equal susceptibility to exploitation by malicious actors. Since all security measures hinge on dependable hardware, comprehending the origins of hardware vulnerabilities in Intelligent Electronic Devices (IEDs), a key component in smart grid systems, is imperative. Given the extended nature of digital supply chains, often involving components from various manufacturers, it is equally important to adopt novel approaches and methodologies to verify that IEDs are as secure as required. Integrating a Hardware Reverse Engineering business subprocess into the equipment procurement process offers a promising avenue for enhancing the cybersecurity and the cyber resilience of the digital supply chain of smart grid operators. This chapter proposes such a process and outlines a use case involving a specific IED commonly employed in digital substations in the smart grid.

Keywords

hardware reverse engineering
digital supply chain
smart grid
industrial control systems security
cyber resilience

Author Information

Show +

Arne Roar Nygård
- Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway
Arvind Sharma
- Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway
Sokratis Katsikas*
- Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway

*Address all correspondence to: sokratis.katsikas@ntnu.no

1. Introduction

Industry 5.0 marks the evolution of industrial progression, centered on the synergy between human operators and robots and the incorporation of cutting-edge technologies such as artificial intelligence, robotics, the Internet of Things (IoT), and big data analytics. In contrast to the emphasis on automation and machine-to-machine communication in Industry 4.0, Industry 5.0 prioritizes the seamless collaboration between humans and machines to foster the development of adaptable, flexible, and highly productive industrial ecosystems.

A smart grid refers to a sophisticated electrical grid infrastructure incorporating digital communication technology, sensors, and automation to oversee, regulate, and enhance the generation, transmission, and distribution of electricity. These grids facilitate two-way communication between utility providers and consumers, enabling real-time monitoring of energy consumption, integration of renewable energy resources, and effective electricity distribution management.

Industry 5.0 technologies, such as IoT sensors and data analytics, can be employed in industrial facilities to monitor energy consumption patterns, identify inefficiencies, and optimize energy usage. Smart grid technologies provide the infrastructure necessary to support these energy optimization efforts by offering real-time data on electricity availability, pricing, and demand.

Industry 5.0 emphasizes sustainability and environmental consciousness. Smart grid technologies facilitate the integration of renewable energy sources, such as solar and wind power, into the electricity grid. Industrial facilities adopting Industry 5.0 principles can leverage smart grid infrastructure to incorporate renewable energy into their operations, reducing reliance on fossil fuels and lowering carbon emissions.

Industry 5.0 technologies enhance the resilience and reliability of industrial systems through predictive maintenance, fault detection, and adaptive control mechanisms. Similarly, smart grid technologies improve the electricity grid’s reliability by enabling proactive maintenance, rapid fault identification, and dynamic load balancing. The synergy between Industry 5.0 and smart grid technologies enhances overall system resilience and reduces the risk of disruptions in industrial operations and electricity supply.

Therefore, Industry 5.0 and smart grid technologies complement each other by leveraging advanced digital capabilities to enhance energy efficiency, integrate renewable energy sources, and improve the resilience and reliability of industrial operations and electricity distribution systems. Moreover, this symbiotic relationship extends to the supply chain of the components crucial for the smart grid’s functionality.

The concept of supply chain embodies the intricate network of procedures, individuals, entities, and suppliers engaged in the production and delivery of a finished product or service. In pivotal sectors like the smart grid, the digital supply chain encompasses a diverse array of Information and Communication Technology (ICT) components, encompassing hardware, software, storage solutions (cloud-based or local), distribution platforms (such as web applications and online stores), and management software [1]. While the integration of ICT and Operational Technology (OT) offers evident advantages for advancing the smart grid, it also expands the vulnerability to cyber threats.

Potential risks within the digital supply chain encompass various issues such as the infiltration of counterfeit goods, unauthorized manufacturing, tampering, theft, introduction of malicious software and hardware, and subpar manufacturing and development standards. These risks stem from organizations lacking comprehensive insight into the development, integration, and deployment of the technology they procure, as well as the processes and practices employed to ensure the integrity, security, resilience, and quality of products and services. Moreover, threats and vulnerabilities originating from malicious actors, including individuals, entities, or even nation-states, are often highly sophisticated and elusive, posing significant challenges for detection and thereby presenting substantial risks to organization.

Building entirely secure systems is almost impossible; the smart grid and its components may be vulnerable to cyberattacks, and existing cybersecurity techniques may not satisfy cybersecurity requirements [2]. Regarding software, it is generally understood that purchasers expect comprehensive support agreements from suppliers, ensuring timely software updates to rectify programming flaws as they emerge. Nevertheless, vulnerabilities are not confined to software alone; they can also extend to hardware components. Many embedded systems and devices incorporate diverse hardware elements sourced from various vendors across the power infrastructure, spanning from generic IT products to specialized industry-specific components. This diversity amplifies the potential actions a deceitful vendor within the supply chain could undertake. While the specific capabilities may vary based on the attacker’s motives, malicious actors might seek to obtain sensitive operational data from businesses, individuals, or even nation-states or perform permanent or temporary equipment damage [3].

A digital supply chain attack can breach even the most sophisticated security defenses through legitimate third-party vendors. Over the past year, significant cyberattacks have occurred against critical infrastructure and digital supply chains. Adversaries may manipulate hardware components in products before receipt by the end user. Through alterations to hardware or firmware within the supply chain, adversaries possess the ability to embed backdoors into consumer networks. These backdoors, challenging to identify, afford the adversary significant control over the system. Furthermore, hardware backdoors could potentially infiltrate a wide array of devices, including servers, workstations, network infrastructure, or peripherals [4]. A single attack may have a widely propagated impact on Industrial Control Systems (ICS) in critical infrastructures. These attacks can lead to disruption, destabilization, chaos, and even physical harm [5]. Given the critical importance of the smart grid, it is essential to understand such attacks and attack vectors, the security challenges thereof, and measures to mitigate these [6].

The ICT devices used in critical sector applications contribute to the integrity of the digital supply chain. The components of the ICT devices are manufactured, owned, and operated by different entities across the globe. Therefore, they need a long-term trustworthy relationship between the end users and the companies who developed and produced it. The relationship between makers and buyers of ICT devices is thus very different from most other buyer–vendor relationships. Nevertheless, vendors continue to exhibit a deficiency in grasping the concept of secure-by-design. In addition to common implementation errors like plaintext and hardcoded credentials, various recurring design flaws underscore the insufficient grasp of fundamental security control design principles among numerous OT vendors. Moreover, the superficial nature of many identified vulnerabilities raises concerns regarding the efficacy of the security testing procedures employed by these vendors for their products [7].

Hardware Reverse Engineering (HRE) can significantly enhance digital supply chain security in OT systems in the smart grid. Potential vulnerabilities, counterfeit components, or security weaknesses can be identified by applying reverse engineering techniques to electronic components and devices. This encompasses a range of techniques, methodologies, tools, procedures, and a systematic approach for their application. Such measures are designed to aid the power industry, critical infrastructure operators, and relevant authorities in verifying the security of currently deployed products, even in the absence of prior knowledge regarding their potential vulnerabilities.

This chapter builds upon the technical process of HRE at three levels, namely, system level, printed circuit board (PCB) level, and chip level proposed in [8], and upon an ethical framework for HRE use in critical infrastructure, particularly smart grid operators [9], to propose an HRE business subprocess embedded into the procurement process of such operators. A use case to demonstrate how the process works is also outlined.

The remainder of this chapter is structured as follows: Section 2 presents the necessary background on the smart grid and some of its components. Section 3 provides an overview of the relevant literature. Section 4 offers our proposal for introducing an HRE business process into the procurement process of a critical infrastructure operator and outlines the use case with a specific IED. Finally, Section 5 summarizes our conclusions and suggests pathways for further research.

2. Background

This section delves into the transformation of the power grid into a Cyber-Physical System (CPS) through the integration of computing and communication. It discusses the evolution to smart grids, driven by IoT, and the significance of DG(DS) and Intelligent Electronic Devices (IEDs) in enhancing real-time functionalities and information access in power systems. However, ensuring the cybersecurity of these intelligent embedded systems and their components is essential for maintaining the reliability of the power infrastructure.

The incorporation of computing and communication functionalities has transformed the power grid into a vast CPS. CPS serves as a collective term for systems wherein cyber components, Internet of Things (IoT) elements encompassing computing and communication, and physical components are closely intertwined, both during the design phase and throughout operation. These systems leverage embedded computations and communication, intricately interwoven with other processes, to introduce novel capabilities to physical systems [10]. Power grids have also heavily adopted information and communication technology (ICT) to perform real-time control, monitoring, and maintenance tasks through IEDs, turning into smart grids [11]. The IoT-based smart grid is the empowered form of conventional power lines with IoT technologies.

A Digital Substation (DS) is an electrical substation where operational management occurs through interconnected IEDs, facilitated by communication networks. A typical design of a DS is shown in Figure 1, where HMI stands for “Human Machine Interface” and MU stands for “Measurement Unit.” It is possible to use microprocessors and computing technology in the substation environment [12]. DS offers essential functionalities for industrial power operations, providing real-time capabilities and access to critical information. A novel approach, aligned with the IEC 61850 standard, involves the adoption of process bus technology over fiber cabling to replace traditional hardware copper connections within the substation. The evolution of DS enhances real-time functionality and access to valuable information essential for optimizing the efficiency of power infrastructure operations. DS encompasses a combination of physical and cyber infrastructures located within switchyard and substation buildings. Ensuring the security, availability, and reliability of power systems, akin to conventional methods, alongside ensuring interoperability among different vendors, poses a significant challenge in DS implementation [13]. These components are embedded systems susceptible to cybersecurity risks and necessitate protection measures to prevent, mitigate, and manage cyberattacks, thereby safeguarding the availability and reliability of the power system.

IEDs are microprocessor-based controllers that provide advanced monitoring, control, and automation functions to the power systems equipment, such as circuit breakers, transformers, and capacitor banks. A typical architectural design of an IED is shown in Figure 2 [14].

Figure 2.
Block diagram of a typical IED.

IEDs are more cutting-edge substitutions for typical remote terminal units (RTU) [15]. They offer several advantages, including robust communication capacities, flexibility, adaptability, and multipurposeness. They gather information from sensors and other equipment, process it, and then send commands or change the tap positions to maintain the proper voltage level and avoid failures [16]. Because of its multiport communication capability, an IED can connect simultaneously with a substation and several other IEDs in the network. The typical IED functions can be divided into five categories: protection, control, monitoring, metering, and communications [17]. The IED can be used as a protection device circuit from basic overcurrent and earth fault protection to more complex functionalities, which can be integrated at the generation, transmission, and distribution levels. One of the essential functionalities of IEDs is event recording and fault diagnosis. With the help of IEDs, events can be reported in the order in which they occurred. Once events are correctly time-tagged, the need for additional sequencing in the control room is eliminated. Even after a blackout, faults are easily diagnosed, as the values are recorded in the IED and can be recovered later. IEDs are crucial components of the power system. Therefore, they must have built-in cyber security protection.

3. Related work

As operators of critical infrastructure integrate technology into their operations, adopting a holistic approach to their supply chain resilience strategy becomes imperative. This involves implementing prudent procurement practices, understanding the composition of their extended supply chains, and adhering to fundamental cybersecurity hygiene principles [18]. Numerous strategies have been suggested to enhance the security of the digital supply chain. Certification stands out as a particularly effective method for guaranteeing the security of components sourced from various vendors. Nonetheless, challenges arise when third-party vendors and suppliers neglect to implement proper cybersecurity practices or adhere to industry standards aimed at safeguarding sensitive data and functionalities [5]. Additionally, there is a risk that some third-party vendors may have ulterior motives and could be affiliated with state-sponsored adversaries. As a result, these vendors might produce parts or components in regions where laws or standards prohibit access to their supply chains, rendering certification unattainable.

When evaluating vendor security practices, the National Cyber Security Centre (NCSC) advises operators against solely depending on vendor documentation to assess vendor security [19]. Rather than relying solely on vendor documentation, security assessments should be grounded in the observed security practices implemented by the vendor. This entails conducting product-line-specific spot checks and gathering objective evidence derived directly from the product. Reverse engineering serves as a robust approach in this regard, allowing for the extraction of insights from artificial constructs to comprehend their internal structures and functionalities [20].

Traditional cybersecurity efforts predominantly targeted software vulnerabilities. However, the rise of custom hardware applications has underscored the importance of addressing hardware-based threats. Securing an entire system now demands a holistic approach beyond software alone. Therefore, comprehensive analysis of each layer of the computing stack is imperative, recognizing hardware as the cornerstone of system security [21]. Thus, hardware security is of the utmost importance, just like the house’s foundation: if it is terrible, it may collapse at some point [22]. If an attacker breaks the security of a hardware interface, everything is at risk, and hardware weaknesses often lead to exploitation at the operating system level. As pinpointed in [13], “Neglecting the early detection and mitigation of hardware vulnerabilities can lead to significant consequences, surpassing the complexity and expenses involved in addressing software incidents.” Therefore, leveraging different security testing techniques to identify hardware vulnerabilities is crucial. In the context of the smart grid or, more generally, critical infrastructure, collaboration with vendors and suppliers at an industry-wide level is an essential element of defense and imperative [22].

In the realm of software, reverse engineering entails analyzing an existing program when its source code or comprehensive documentation is unavailable, aiming to uncover details related to its design, security mechanisms, and implementation. However, since software operates on chipsets within systems, even the most sophisticated software-level defenses can be circumvented if the underlying hardware lacks security measures. To enhance security and resilience at the hardware level, it is crucial to understand the vulnerabilities inherent in these devices and identify pertinent attack vectors. Given that most technology-enabled products are developed through collaborations among multiple supply chain partners, Hardware Reverse Engineering (HRE) involves analyzing a subject system to discern its components and their interrelationships, thereby creating representations of the system in a different form or at a higher level of abstraction [22]. HRE for uncovering vulnerabilities introduced through the digital supply chain in ICSs in critical infrastructure can be achieved by disassembling the target system to analyze, test, and document its functionality. An HRE approach for generic IoT-based electronic devices has been proposed in [8] and is shown in Figure 3.

Figure 3.
A hardware reverse engineering approach.

System-level reverse engineering involves analyzing and assessing the security vulnerabilities in the IED that attackers could exploit. This analysis helps understand the overall security posture and identify areas for improvement regarding secure architecture, interfaces, and communication protocols to identify potential attack vectors, weak security controls, or misconfigurations. PCB-level reverse engineering focuses on the analysis of the PCB to identify security vulnerabilities, for example, the integrity of the components, backdoors or unauthorized modifications, physical security features such as tamper-evident seals, and so forth. Chip-level reverse engineering focuses on the IC’s design verification, which covers analyzing the design and functionality of the IC, chip decapsulation, tamper protection, optical fault injection technique for tampering with ICs, and so on. Combining the three HRE approaches can contribute to a comprehensive understanding of the entire system’s security posture. The system-level analysis identifies high-level security risks, PCB-level investigation uncovers vulnerabilities specific to the board, and chip-level study reveals detailed insights into the security measures and potential weaknesses of the IC level [8].

HRE is a complex process in which semiautomated steps are interwoven with human sense-making processes. It is usually the tool of choice to detect fabrication faults, copyright infringements, counterfeit products, or malicious manipulations. Even though initially, HRE was employed to understand a product’s physical and functional details to replicate or redesign the original, it has, from our perspective, evolved to enable the understanding of increasingly complex systems [20]. Although Hardware Reverse Engineering (HRE) is a versatile and intricate tool commonly used for legitimate purposes, it can also be misused for nefarious activities. This misuse includes tampering with the integrity of integrated circuits through piracy, compromising security functions, or clandestinely inserting hardware Trojans [22]. Hence, an ethical framework for its use in identifying vulnerabilities is necessary [6]; such a framework has been proposed in [9]. One component of this framework is an operational HRE process to guide all HRE-related activities, which will be embedded within the equipment procurement process [23]. Note that this is in line with the CISA ICS Recommended Practices for Supply Chain Management [24], where it is recommended to “Adjust the ICS procurement process to weigh cybersecurity heavily as part of the scoring and evaluation methodology.”

To the best of our knowledge, and according to the findings in [6], the literature still lacks a proposal for such a process. Such a proposal is presented in the next section.

4. A business process for HRE in smart grid operators

The method proposed in this section is of the “operational” type, which focuses on adequately executing the operational tasks of an entity; this is where personnel “get the things done” [25]. Additionally, according to the business process classification of [26], it is a “supporting” process.

Procurement within the power industry’s digital supply chain involves sourcing equipment, software, and services from various suppliers. In [27], procurement knowledge was identified as critical in managing risks and making informed decisions regarding services and suppliers. The results presented in [27] align well with CISA’s recommended practices for supply chain management [24]. This is why we propose embedding the HRE process into the procurement process. Still, it is essential to include the rights to verify and test in the procurement process. To this end, we propose following an approach consistent with that described in ISO 27001 for handling third parties. The ISO approach can be modified to improve cybersecurity and resilience by introducing a “reverse engineering” subprocess, as shown in Figure 4. In this context, this must be already agreed upon in the procurement files and the vendor contracts [28].

Figure 4.
Proposed inclusion of an HRE business process into the equipment procurement process [28].

A business process consists of a series of interconnected tasks or activities that collectively aim to achieve a specific business goal. The main elements that define the proposed HRE business process are the following:

Inputs: Inputs are the resources or materials needed to initiate and complete a business process. For the HRE process, these include data, information, documents, and materials.
Activities/Tasks: Activities or tasks are the individual steps or actions that comprise the business process. The following are graphically depicted for the HRE process using the ANSI workflow standard in Figure 5 [29].
- Define Objectives and Scope: Clearly outline the goals of the HRE project. Specify the project’s scope, that is, what aspects of the hardware will be analyzed, such as functionality, components, or security features.
- Legal and Ethical Considerations: Before starting the HRE process, ensure compliance with relevant laws and regulations and the rules specified in the procurement files. Identify intellectual property rights, patents, and other legal constraints. Obtain necessary permissions from the device manufacturer and fill in the project ethical checklist [9].
- Resource and Skill Assessment: Evaluate the resources required for the HRE project, including specialized tools, equipment, and personnel with expertise in hardware design, electronics, and HRE techniques. Confirm that all necessary resources are available.
- Acquire Hardware Samples: Obtain one or more physical hardware samples to be reverse engineered. This involves collaboration with the hardware vendor.
- HRE technical steps: Follow the steps of the HRE approach described in [8]. These are graphically depicted in Figure 6.
- Documentation and Reporting: The report should describe the test method, environmental conditions, equipment details, software, and other important information for testing purposes.
- Quality Assurance: Verify the accuracy and completeness of the HRE results. Conduct tests to ensure that the identified vulnerabilities accurately reflect the original device.
- Ethical Disclosure: If security vulnerabilities are identified, follow responsible disclosure practices, for instance, those described in the CISA Coordinated Vulnerability Disclosure Process [30], and follow the pertinent stipulations of the EU NIS2 directive. Provide the manufacturer/vendor with sufficient information to address the vulnerabilities and improve the security of their product.
- Post-Analysis Actions: Decide on the appropriate actions based on the project’s goals. This may include considering an alternative product, requesting improving an existing product, enhancing security, or conducting further research.
- Continuous Improvement: Learn from the HRE process and incorporate insights into future security practices. Continuously update processes and methodologies to stay abreast of evolving hardware technologies.
Roles and Responsibilities: Clearly defined roles and responsibilities outline who performs each activity within the business process. This ensures accountability and helps in the efficient execution of tasks.
Resources: Resources encompass the people, tools, equipment, technology, and facilities required to carry out the activities of the business process. Proper allocation and management of resources are crucial for the smooth functioning of the process.
Decision Points: Decision points are junctures in the process where a decision must be made. These decisions can be automated or require human judgment. They influence the flow of the process and may lead to different paths or outcomes.
Outputs: Outputs are the results or deliverables from completing the business process. This includes reports and any other tangible or intangible outcomes that meet the objectives of the process.
Controls and Checks: Controls and checks monitor and ensure the process’s quality, accuracy, and compliance. This may involve validation checks, reviews, approvals, or audits at various stages to maintain the desired standards.
Metrics and Key Performance Indicators (KPIs): Metrics and KPIs are used to measure the performance and effectiveness of the business process. They provide quantitative data that helps assess whether the process meets its goals and allows continuous improvement. PKIs that can be used in the HRE process include time taken to complete the project; total cost incurred during the project; clarity and completeness of documentation for the reverse-engineered hardware; effectiveness of the team’s skills in utilizing hardware reverse engineering tools and techniques; feedback from stakeholders, including the manufacturer and end-users; adherence to relevant laws, regulations, ethical codes, and standards during the reverse engineering process; number of vulnerabilities discovered over a specific time period; percentage of reported vulnerabilities that are later identified as false positives; percentage of the system covered by the project; and number of vulnerabilities that were discovered before any public disclosure or exploitation.
Feedback Mechanisms: Feedback mechanisms enable continuous improvement by gathering information on the performance of the process. This feedback can come from employees involved in the process, manufacturers, stakeholders, or through performance analytics.
Technology and Tools: Technology and tools refer to the software, hardware, and other technological solutions that support and automate the business process. This includes instruments, tools, and techniques for HRE, such as those described in [8]; workflow tools; and collaboration platforms.
Documentation: Documentation includes written guidelines, procedures, manuals, and other documentation that outline how the HRE process should be executed. It serves as a reference for employees and contributes to process consistency.
Timeline and Sequencing: Timeline and sequencing define the chronological order in which activities should be performed. They provide a temporal structure to the process, helping to manage time efficiently and meet deadlines.
Communication Plan: A communication plan outlines how information is communicated within and outside the process. Effective communication is crucial for collaboration and ensuring that all stakeholders are informed about the progress and changes in the process.
Integration with Other Processes: Integration with other processes ensures a seamless flow of information and activities across different parts of the organization, promoting overall efficiency. The HRE process is interconnected with the procurement process.

4.1 A use case

DS in the smart grid provides industrial operation, real-time functionalities, and information access. The main challenge in DSs is ensuring power systems’ security, availability, and reliability as in conventional systems and interoperability capability for different vendors. The evolution from traditional to DS entails the substitution of conventional devices with process interfaces and the adoption of process bus technology to replace the majority of hardwired copper connections within the substation. Our study specifically delves into the aspects of the DS concerning the process bay and station levels. While hardware forms the foundation of trust in supply chain security, it is crucial to acknowledge that analyzing hardware in isolation does not assure system-level security. The integration of disparate system components can introduce vulnerabilities stemming from incorrect assumptions about the overall system’s security posture.

IEDs are deployed within DS to enable sophisticated automation and control of critical equipment. The hardware integrity of these devices serves as the basis of trust. However, unauthorized access to the DS-fenced area by engineers, technical personnel, or malicious individuals poses a significant risk. For instance, if an individual gains physical access to IEDs within substations, they could potentially disrupt the normal operation of switch devices, sabotage primary equipment, and manipulate measurements, thereby jeopardizing the stability of the power supply. That also includes obtaining a similar product, exploring it offline outside the operating environment, weaponizing any findings, and bringing them into the working environment [31]. Alternatively, an intruder may remotely infiltrate an IED by acquiring login credentials, often through tactics like spear-phishing attacks. Once accessed, the perpetrator could manipulate the device’s programming, access sensitive data, or alter its functionalities. It is plausible to identify IEDs, along with their models and known vulnerabilities, as well as potential network-related risks stemming from outdated protocols and weak authentication mechanisms. In certain instances, determining the physical location of IEDs is feasible with some effort. To fortify embedded systems, a layered defense approach is typically adopted, ensuring protection through role-based access control, site zoning, or communication conduit management [32]. However, identifying vulnerabilities does not always necessitate specialized training. It does, however, require a basic understanding of system functionality, software design principles, and sometimes even investigative skills. Proficiency in systems engineering, programming, and cybersecurity can expedite the process of vulnerability discovery [33].

The system in focus is a SIPROTEC 5 protection IED, specifically the SIEMENS model 7SJ85, designed for feeder and overcurrent protection, along with other auxiliary functions. Equipped with robust microprocessors, the digital multifunctional protection and bay controllers within the SIPROTEC 5 series handle all tasks digitally, from acquiring measurements to executing commands in the circuit breaker. Measuring inputs receive currents and voltages from instrument transformers, adjusting them to the device’s internal processing standards. The SIPROTEC 5 device features inputs for both current and voltage measurements, with current inputs detecting phase and ground currents and voltage inputs capturing measurement voltage for relevant device functions. These analogue values are digitized within the microprocessor for further data processing [34].

The IED will be tested in the HRE laboratory environment at the authors’ University. Vulnerabilities affecting Confidentiality (Unauthorized access to execute IED functionalities), Integrity (Unauthorized control and modification of data used in IEDs), and Availability (Disruption or loss of data during communication) will be sought.

The impact of any vulnerabilities detected on the power system operation will be assessed in terms of:

Availability of the protection and monitoring functions.
Delay in the measurement and control signals.
Security features of IEDs: Built-in security mechanisms might be different across vendors.
Downtime in the power system (loss of power): considering intentional tripping of breakers.

The proposed HRE process as shown in Figure 6 will be established and followed for the use case project. The HRE methodology will investigate security vulnerabilities in IEDs deployed within the smart grid infrastructure. This methodical approach encompasses several critical steps, including initial visual screening to detect any visible irregularities, followed by the implementation of tamper protection mechanisms at both system and Printed Circuit Board (PCB) levels. Subsequent stages involve conducting comprehensive fault injection tests, spanning from the PCB to the chip level, aimed at identifying potential weaknesses susceptible to cyberattacks or unauthorized access.

Moreover, the methodology integrates advanced chip-level reverse engineering techniques, allowing for a deep dive into the intricate workings of the integrated circuits to uncover potential vulnerabilities. Complementing these efforts, cutting-edge optical fault injection techniques will be employed to assess the hardware’s resilience against sophisticated attack vectors. By employing the HRE methodology within the research context of smart grid IEDs, this study aims to contribute valuable insights into the landscape of security vulnerabilities inherent in critical infrastructure systems. Ultimately, the findings of this research endeavor will inform the development of proactive measures aimed at mitigating risks and enhancing the overall security and reliability of smart grid deployments.

5. Conclusion

This chapter proposed an HRE business process for smart grid operators. This process is instrumental in unveiling vulnerabilities in vendors’ hardware equipment, thus allowing us to evaluate and mitigate relevant risks in the digital supply chain objectively. The insight gained from the HRE process can benefit various stakeholders, including security professionals, engineers, manufacturers, researchers, regulatory bodies, and standards organizations. They can apply this knowledge to enhance security practices, improve designs, assess product security, advance research, and make informed decisions.

We will further develop the work presented herein by establishing, following, and evaluating the proposed process’s effectiveness and efficiency to investigate the IED’s potential hardware security vulnerabilities described in the use case in Section 4, in the HRE lab at the Norwegian University of Science and Technology. Additionally, we plan to design, develop, and pilot test training and education programs in HRE and develop the remaining elements of the ethical framework proposed in [9].

Acknowledgments

Funding for this research has been provided by the Research Council of Norway. Specifically, it has been supported by Project No. 320932, entitled “Reverse Engineering som metodikk for verifikasjon av. sikkerhet i digitale verdikjeder i en kritisk infrastruktur,” and Project No. 310105, titled “Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS).”

References

1. Boyens JM. Cybersecurity Supply Chain Risk Management for Systems and Organizations. Gaithersburg, MD: National Institute of Standards and Technology; 2022
2. Gunduz M, Das R. Cyber-security on the smart grid: Threats and potential solutions. Computer Networks. 2022;169:107094. DOI: /10.1016/j.comnet.2019.107094
3. Lysne O. The Huawei and Snowden Questions: Can Electronic Equipment from Untrusted Vendors be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment? Vol. XIV, 116 p. Cham: SpringerOpen; 2018. DOI: 10.1007/978-3-319-74950-1
4. The MITRE Corporation. Supply Chain Compromise [Internet]. 2015-2023. Available from: https://attack.mitre.org/techniques/T1195/ [Accessed: February 25, 2024]
5. Gajanan L, Kirar M, Raju M. Cyber-attacks on smart grid system: A review. In: Proceedings of the 2022 IEEE 10th Power India International Conference (PIICON); New Delhi. New York: IEEE; 2022. pp. 1-6
6. Nygård AR, Sharma A, Katsikas S. Reverse engineering for thwarting digital supply chain attacks in critical infrastructures: Ethical considerations. In: Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022), Lisbon, Portugal. Lisbon: SCITEPRESS; 2022. pp. 461-468
7. Wetzels J, Hassanien A. Concluding OT: ICEFALL. In: New Vulnerabilities and a Retrospect on OT Security Design and Patching. Forescout Research/Vedere Labs; 2023. 16 p. Available from: https://www.forescout.com/resources/concluding-ot-icefall-report/
8. Sharma A, Dyrkolbotn GO, Øverlier L, Waltoft-Olsen AJ, Franke K, Katsikas S. A state-of- the-art reverse engineering approach for combating hardware security vulnerabilities at the system and PCB level in IoT devices. In: Proceedings of the IEEE Physical Assurance and Inspection of Electronics (PAINE); Huntsville, AL. New York: IEEE; 2022. pp. 1-7
9. Nygård AR, Katsikas S. Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure. Information and Computer Security. 2024. DOI: /10.1108/ICS-10-2023-0182 [Ahead-of-print]
10. Keerthi CK, Jabbar MA, Seetharamulu B. Cyber-physical systems(CPS): Security issues, challenges and solutions. In: Proceedings of the 2017 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC); Coimbatore, India. New York: IEEE; 2017. pp. 1-4
11. Cao Y, Li X, Liu J, Li C, Yan J, Zhao J. Research on intelligent cyber security protection for electric power dispatching and control system. In: Proceedings of the 2nd International Conference on Machine Learning, Big Data and Business Intelligence (MLBDBI), Taiyuan, China. New York: IEEE; 2020. pp. 540-543
12. Csanyi E. What Is the Digital Substation and What Makes it Digital? [Internet]. EEP-Electrical Engineering Portal; 2023. Available from: https://electrical-engineering-portal.com/digital-substation [Accessed: February 25, 2024]
13. Khodabakhsh A, Yildirim YS, Houmb SH, Hurzuk N, Føros J, Istad M. Cyber-security gaps in a digital substation: From sensors to SCADA. In: Proceedings of the 9th Mediterranean Conference on Embedded Computing (MECO), Budva, Montenegro. New York: IEEE; 2020. pp. 1-4
14. Kumar S, Kumar SA, Kalam MA. Intelligent electronic device functionality and interfacing: An experimental examination of smart grid. International Journal of Recent Technology and Engineering (IJRTE). 2019;8:3922-3926
15. Torres BS, Borges da Silva LE, Salomon CP, de Moraes CHV. Integrating smart grid devices into the traditional protection of distribution networks. Energies. 2022;15:2518. DOI: 10.3390/en15072518
16. Laaksonen H, Suomi F. New functionalities and features of IEDs to realise active control and protection of smart grids. In: Proceedings of the 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013), Stockholm, Sweden. New York: IEEE; 2013. pp. 1-4
17. Csanyi E. IED (Intelligent Electronic Device) Advanced Functions That Make our Live Better. EEP-Electrical Engineering Portal [Internet]. Available from: https://electrical-engineering-portal.com/ied-intelligent-electronic-device-advanced-functions [Accessed: February 25, 2024]
18. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency. CISA and Partners Launch National Supply Chain Integrity Month [Internet]. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency; 2023. Available from: https://www.cisa.gov/news-events/news/cisa-and-partners-launch-national-supply-chain-integrity-month [Accessed: February 25, 2024]
19. Jacobs N, Hossain-McKenzie S, Vugrin E. Measurement and analysis of cyber resilience for control systems: An illustrative example. In: Proceedings of the 2018 Resilience Week (RWS), Denver, CO, US. New York: IEEE; 2018. pp. 38-46
20. Cycuity. Cybersecurity is a Journey. Secure Hardware is the Starting Line [Internet]. Available from: https://semiengineering.com/cybersecurity-is-a-journey/ [Accessed: February 25, 2024]
21. Cycuity. Detect and Prevent Security Vulnerabilities in your Hardware Root of Trust [Internet]. Available from: https://cycuity.com/wp-content/uploads/2022/06/Cycuity_White-Paper_Detect-Security-Vulnerabilities-HRoT.pdf [Accessed: February 25, 2024]
22. Witteman M, Goncharov K. The roots of Riscure, device security, and pre-silicon [Internet]. Available from: https://www.riscure.com/security-highlight-marc-witteman-on-the-roots-of-riscure-device-security-and-pre-silicon/ [Accessed: February 25, 2024]
23. Nygård AR, Katsikas S. SoK: Combating threats in the digital supply chain. In: Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES22); Vienna. New York, NY, USA, Article 128: Association for Computing Machinery; 2022. pp. 1-8
24. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency. Recommended Cybersecurity Practices for Industrial Control Systems [Internet]. 2023. Available from: www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf [Accessed: February 25, 2024]
25. Kirchmer M. Business process management: What is it and why do you need it? In: Kirchmer M, editor. High-Performance through Business Process Management: Strategy Execution in a Digital World. Cham: Springer; 2017. DOI: 10.1007/978-3-319-51259-4_1
26. von Rosing M, Kemp N, Hove M, Ross J. Process tagging—A process classification and categorization concept. In: von Rosing M, Scheer A-W, von Scheel H. The Complete Business Process Handbook. Burlington, MA: Morgan Kaufmann; 2015. pp. 123-171. DOI: 10.1016/B978-0-12-799959-3.00008-2
27. Aarland M. Enhancing Cybersecurity in the Power Industry’s Digital Supply Chain: Exploring Procurement Strategies [Interview]; 2023
28. Nygård A, Katsikas S. Leveraging hardware reverse engineering to improve the cyber security and resilience of the smart grid. In: Proceedings of the 20th International Conference on Security and Cryptography, Rome, Italy. Lisbon: SCITEPRESS; 2023. pp. 610-616
29. Chapin N. Flowcharting with the ANSI standard: A tutorial. ACM Computing Surveys. 1970;2:119-146
30. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency. Coordinated Vulnerability Disclosure Process [Internet]. Available from: https://www.cisa.gov/coordinated-vulnerability-disclosure-process [Accessed: February 25, 2024]
31. Brash R. Protecting embedded systems. Verve [Internet]. Available from: https://verveindustrial.com/resources/protecting-embedded-systems-white-paper/ [Accessed: February 25, 2024]
32. Norwegian Ministries. National Cyber Security Strategy for Norway [Internet]. Available from: https://www.regjeringen.no/contentassets/c57a0733652f47688294934ffd93fc53/national-cyber-security-strategy-for-norway.pdf [Accessed: February 25, 2024]
33. George T. Cyber Resilience: The New Strategy to Cope With Increased Threats. Security Week, 16 November 2022 [Internet]. Available from: https://www.securityweek.com/cyber-resilience-new-strategy-cope-increased-threats/ [Accessed: February 25, 2024]
34. Siemens. SIPROTEC 5 7SJ82/7SJ85 Overcurrent Protection - Manual. Siemens [Internet]. 2023. Available from: https://support.industry.siemens.com/cs/document/109742384/siprotec-5-7sj82-7sj85-overcurrent-protection-manual?dti=0lc=en-AE [Accessed: February 25, 2024]

[1] 1. Boyens JM. Cybersecurity Supply Chain Risk Management for Systems and Organizations. Gaithersburg, MD: National Institute of Standards and Technology; 2022

[2] 2. Gunduz M, Das R. Cyber-security on the smart grid: Threats and potential solutions. Computer Networks. 2022;169:107094. DOI: /10.1016/j.comnet.2019.107094

[3] 3. Lysne O. The Huawei and Snowden Questions: Can Electronic Equipment from Untrusted Vendors be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment? Vol. XIV, 116 p. Cham: SpringerOpen; 2018. DOI: 10.1007/978-3-319-74950-1

[4] 4. The MITRE Corporation. Supply Chain Compromise [Internet]. 2015-2023. Available from: https://attack.mitre.org/techniques/T1195/ [Accessed: February 25, 2024]

[5] 5. Gajanan L, Kirar M, Raju M. Cyber-attacks on smart grid system: A review. In: Proceedings of the 2022 IEEE 10th Power India International Conference (PIICON); New Delhi. New York: IEEE; 2022. pp. 1-6

[6] 6. Nygård AR, Sharma A, Katsikas S. Reverse engineering for thwarting digital supply chain attacks in critical infrastructures: Ethical considerations. In: Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022), Lisbon, Portugal. Lisbon: SCITEPRESS; 2022. pp. 461-468

[7] 7. Wetzels J, Hassanien A. Concluding OT: ICEFALL. In: New Vulnerabilities and a Retrospect on OT Security Design and Patching. Forescout Research/Vedere Labs; 2023. 16 p. Available from: https://www.forescout.com/resources/concluding-ot-icefall-report/

[8] 8. Sharma A, Dyrkolbotn GO, Øverlier L, Waltoft-Olsen AJ, Franke K, Katsikas S. A state-of- the-art reverse engineering approach for combating hardware security vulnerabilities at the system and PCB level in IoT devices. In: Proceedings of the IEEE Physical Assurance and Inspection of Electronics (PAINE); Huntsville, AL. New York: IEEE; 2022. pp. 1-7

[9] 9. Nygård AR, Katsikas S. Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure. Information and Computer Security. 2024. DOI: /10.1108/ICS-10-2023-0182 [Ahead-of-print]

[10] 10. Keerthi CK, Jabbar MA, Seetharamulu B. Cyber-physical systems(CPS): Security issues, challenges and solutions. In: Proceedings of the 2017 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC); Coimbatore, India. New York: IEEE; 2017. pp. 1-4

[11] 11. Cao Y, Li X, Liu J, Li C, Yan J, Zhao J. Research on intelligent cyber security protection for electric power dispatching and control system. In: Proceedings of the 2nd International Conference on Machine Learning, Big Data and Business Intelligence (MLBDBI), Taiyuan, China. New York: IEEE; 2020. pp. 540-543

[12] 12. Csanyi E. What Is the Digital Substation and What Makes it Digital? [Internet]. EEP-Electrical Engineering Portal; 2023. Available from: https://electrical-engineering-portal.com/digital-substation [Accessed: February 25, 2024]

[13] 13. Khodabakhsh A, Yildirim YS, Houmb SH, Hurzuk N, Føros J, Istad M. Cyber-security gaps in a digital substation: From sensors to SCADA. In: Proceedings of the 9th Mediterranean Conference on Embedded Computing (MECO), Budva, Montenegro. New York: IEEE; 2020. pp. 1-4

[14] 14. Kumar S, Kumar SA, Kalam MA. Intelligent electronic device functionality and interfacing: An experimental examination of smart grid. International Journal of Recent Technology and Engineering (IJRTE). 2019;8:3922-3926

[15] 15. Torres BS, Borges da Silva LE, Salomon CP, de Moraes CHV. Integrating smart grid devices into the traditional protection of distribution networks. Energies. 2022;15:2518. DOI: 10.3390/en15072518

[16] 16. Laaksonen H, Suomi F. New functionalities and features of IEDs to realise active control and protection of smart grids. In: Proceedings of the 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013), Stockholm, Sweden. New York: IEEE; 2013. pp. 1-4

[17] 17. Csanyi E. IED (Intelligent Electronic Device) Advanced Functions That Make our Live Better. EEP-Electrical Engineering Portal [Internet]. Available from: https://electrical-engineering-portal.com/ied-intelligent-electronic-device-advanced-functions [Accessed: February 25, 2024]

[18] 18. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency. CISA and Partners Launch National Supply Chain Integrity Month [Internet]. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency; 2023. Available from: https://www.cisa.gov/news-events/news/cisa-and-partners-launch-national-supply-chain-integrity-month [Accessed: February 25, 2024]

[19] 19. Jacobs N, Hossain-McKenzie S, Vugrin E. Measurement and analysis of cyber resilience for control systems: An illustrative example. In: Proceedings of the 2018 Resilience Week (RWS), Denver, CO, US. New York: IEEE; 2018. pp. 38-46

[20] 20. Cycuity. Cybersecurity is a Journey. Secure Hardware is the Starting Line [Internet]. Available from: https://semiengineering.com/cybersecurity-is-a-journey/ [Accessed: February 25, 2024]

[21] 21. Cycuity. Detect and Prevent Security Vulnerabilities in your Hardware Root of Trust [Internet]. Available from: https://cycuity.com/wp-content/uploads/2022/06/Cycuity_White-Paper_Detect-Security-Vulnerabilities-HRoT.pdf [Accessed: February 25, 2024]

[22] 22. Witteman M, Goncharov K. The roots of Riscure, device security, and pre-silicon [Internet]. Available from: https://www.riscure.com/security-highlight-marc-witteman-on-the-roots-of-riscure-device-security-and-pre-silicon/ [Accessed: February 25, 2024]

[23] 23. Nygård AR, Katsikas S. SoK: Combating threats in the digital supply chain. In: Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES22); Vienna. New York, NY, USA, Article 128: Association for Computing Machinery; 2022. pp. 1-8

[24] 24. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency. Recommended Cybersecurity Practices for Industrial Control Systems [Internet]. 2023. Available from: www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf [Accessed: February 25, 2024]

[25] 25. Kirchmer M. Business process management: What is it and why do you need it? In: Kirchmer M, editor. High-Performance through Business Process Management: Strategy Execution in a Digital World. Cham: Springer; 2017. DOI: 10.1007/978-3-319-51259-4_1

[26] 26. von Rosing M, Kemp N, Hove M, Ross J. Process tagging—A process classification and categorization concept. In: von Rosing M, Scheer A-W, von Scheel H. The Complete Business Process Handbook. Burlington, MA: Morgan Kaufmann; 2015. pp. 123-171. DOI: 10.1016/B978-0-12-799959-3.00008-2

[27] 27. Aarland M. Enhancing Cybersecurity in the Power Industry’s Digital Supply Chain: Exploring Procurement Strategies [Interview]; 2023

[28] 28. Nygård A, Katsikas S. Leveraging hardware reverse engineering to improve the cyber security and resilience of the smart grid. In: Proceedings of the 20th International Conference on Security and Cryptography, Rome, Italy. Lisbon: SCITEPRESS; 2023. pp. 610-616

[29] 29. Chapin N. Flowcharting with the ANSI standard: A tutorial. ACM Computing Surveys. 1970;2:119-146

[30] 30. U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency. Coordinated Vulnerability Disclosure Process [Internet]. Available from: https://www.cisa.gov/coordinated-vulnerability-disclosure-process [Accessed: February 25, 2024]

[31] 31. Brash R. Protecting embedded systems. Verve [Internet]. Available from: https://verveindustrial.com/resources/protecting-embedded-systems-white-paper/ [Accessed: February 25, 2024]

[32] 32. Norwegian Ministries. National Cyber Security Strategy for Norway [Internet]. Available from: https://www.regjeringen.no/contentassets/c57a0733652f47688294934ffd93fc53/national-cyber-security-strategy-for-norway.pdf [Accessed: February 25, 2024]

[33] 33. George T. Cyber Resilience: The New Strategy to Cope With Increased Threats. Security Week, 16 November 2022 [Internet]. Available from: https://www.securityweek.com/cyber-resilience-new-strategy-cope-increased-threats/ [Accessed: February 25, 2024]

[34] 34. Siemens. SIPROTEC 5 7SJ82/7SJ85 Overcurrent Protection - Manual. Siemens [Internet]. 2023. Available from: https://support.industry.siemens.com/cs/document/109742384/siprotec-5-7sj82-7sj85-overcurrent-protection-manual?dti=0lc=en-AE [Accessed: February 25, 2024]

Hardware Reverse Engineering for Secure Smart Grids

The Role of Cybersecurity in the Industry 5.0 Era [Working Title]

Abstract

Keywords

Author Information

Arne Roar Nygård

Arvind Sharma

Sokratis Katsikas*

1. Introduction

2. Background

Figure 1.

Figure 2.

3. Related work

Figure 3.

4. A business process for HRE in smart grid operators

Figure 4.

Figure 5.

Figure 6.

4.1 A use case

5. Conclusion

Acknowledgments

References

Your cart