A new cybersecurity technology that relies on the unique digital fingerprint of individual semiconductor chips could help protect the equipment of electrical utilities from malicious attacks that exploit software updates on devices controlling the critical infrastructure.
The GridTrust project, which has been successfully tested in a real substation of a U.S. municipal power system, combines the digital fingerprint with cryptographic technology to provide enhanced security for the utilities and other critical industrial systems that must update control device software or firmware.
Led by researchers at the Georgia Institute of Technology (Georgia Tech) in collaboration with the City of Marietta, Georgia the project was supported by the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). GridTrust also included researchers from Sandia National Laboratories, and Protect Our Power, a security-focused not-for-profit organization. The three-year, $3 million project began in 2021.
GridTrust Improves Security for Device Updates
“The security of updates applied to equipment is critical to maintaining operation of the nation’s electricity grid,” said Santiago Grijalva, the project’s principal investigator and Southern Company Distinguished Professor in Georgia Tech’s School of Electrical and Computer Engineering. “We have demonstrated that GridTrust can block direct cyber-attacks through the equipment supply chain in multiple configurations and scenarios, while also preventing a whole array of potential errors. What we have developed and demonstrated will provide multiple layers of additional security to the existing electricity grid.”
The project focused on power system controllers, including sensors, actuators, and protection relays that are normally located in power substations distributed throughout a utility’s service area. Malicious actors may attempt to alter the software controlling the devices to, for instance, turn off power or damage the equipment. The attacks could take place if technicians attempt to use corrupted software to make updates at utility substations or other facilities.
Authentication Uses Semiconductor PUFs, Cryptography
Installed as part of the substation equipment, GridTrust would verify the authenticity of the software before any updates were installed, and it would ensure that the software was being applied to the correct device – by a person authorized to do so. In addition to cryptographic technologies, the system uses a new form of security based on unique physically unclonable functions (PUFs) that exist in certain semiconductor chips. PUFs are a set of unique characteristics created by minor variations that occur during chip fabrication.
“The PUF relies on random behavior based on variations in the manufacturing process, and they cannot be changed after fabrication,” said Vincent Mooney, an associate professor in Georgia Tech’s School of Electrical and Computer Engineering. “During an update, the GridTrust interfacing device first proves its identity using the PUF, then it verifies both utility and vendor signatures using their public RSA keys. Only if all these checks are passed will the firmware update be successfully installed. If the update isn’t installed, the device will continue to operate with its previous firmware version, and the utility’s network operations center will be notified to investigate.”
The GridTrust technology can operate as a standalone device with existing utility equipment or be built into new devices. Utility sensors, actuators, relays and similar control devices are currently produced by multiple manufacturers, and the Georgia Tech researchers have been in contact with an existing supplier that is interested in incorporating the technology, Grijalva said.
GridTrust Evaluated in a Real Utility Substation
Initial testing of the GridTrust system took place in Georgia Tech laboratories, then researchers worked with technical staff at the City of Marietta to evaluate the system in one of the utility’s substations. Located northwest of Atlanta, Marietta’s power network serves approximately 42,000 customers, including several critical electrical loads. The testing was done in a substation circuit isolated from the grid to ensure that the research activity would not affect customers.
“When Georgia Tech approached us about participating in an operational technology security research project, we were excited to participate, especially considering that our mayor and city manager have always supported working with state and local universities to develop new programs and technologies to solve real-world challenges,” said Ronald Barrett, Director of Information Technology for Marietta.
GTRI Cybersecurity “Red Team” Challenges the System
As part of the testing, Grijalva and Mooney involved “red team” cybersecurity researchers from the Georgia Tech Research Institute (GTRI), Georgia Tech’s applied research organization. GTRI researchers Trevor Lewis, David Huggins, Sam Litchfield, and Matt Guinn led an effort to challenge the GridTrust system with sophisticated attempts to install software that simulated the kind of potential malware that could affect utility equipment.
“They pretended to be black-hat hackers who wanted to compromise the system by pushing a malicious configuration file to one of the devices or initiating a firmware update without being authorized to do that,” said Huggins, a GTRI senior research engineer. “They had several attack methods and strategies aimed at multiple components of the system – and were not successful.”
Such third-party validation is important to a broad range of systems, noted Lewis, a senior research engineer who participates in “red team” test scenarios for many critical systems. “We are routinely contracted to perform assessments on a variety of system architectures to emulate the actions of real cyber attackers, and to test and evaluate the security of all components within an architecture under test,” he said.
Next Step: Implementation in Utility Industry
While there are multiple manufacturers of equipment for the utility industry, the devices provide similar functions and have similar needs for periodic updating. The protection system developed by Georgia Tech should be broadly applicable to devices produced by different manufacturers, and could therefore have broad application to the utility industry.
“Georgia Tech is creating technology that makes energy delivery systems safer, and protecting that critical infrastructure is important for national security,” Huggins said. “Reliable electrical power is critical to every aspect of our society today.”
In addition to ensuring the safety of device updates, the GridTrust system will also help utilities inventory the software operating on substation devices. Large utility companies can have hundreds or thousands of substations in their service areas, each with dozens of devices that may need periodic updates.
The three-year GridTrust project is now moving into the commercialization phase where it could be licensed to manufacturers or spun off into a start-up company, Grijalva said. For utilities like Marietta Power that want to be on the cutting edge of cybersecurity, that comes as welcome news.
“We believe the work that Georgia Tech has done is critical to maintaining a safe and secure electrical grid,” said Eric Patten, Marietta Power’s electrical director. “Our goal for this project was to see a system that added another layer of security from attacks, and from what we have seen, we believe this was a success.”