Abstract
Enterprise-level energy delivery systems (EDSs) depend on different software or hardware vendors to achieve operational efficiency. Critical components of these systems are typically manufactured and integrated by overseas suppliers, which expands the attack surface to adversaries with additional opportunities to infiltrate into EDSs. Due to this reason, the risk management of the EDS supply chain is crucial to ensure that we are knowledgeable about the vulnerabilities in software and hardware components that comprise any critical part, quantifiable risk metrics to assess the severity and exploitability of the attack, and provide remediation solutions that can influence a prioritized mitigation plan. There is a need to realize cyber supply chain risk management for industrial control systems’ hardware, software, and computing and networking services associated with bulk electric system (BES) operations. This article proposes a blockchain-based cyber supply chain provenance platform (“Vind”) for EDSs to realize data provenance in a cyber supply chain ecosystem.
Highlights
To achieve reliable and efficient energy delivery system (EDS) operations, utility companies typically adopt various software/hardware products and solutions developed by third-party vendors
To address the privacy concerns in the blockchain, off-chain storage has been integrated into the blockchain
With Vind, we have introduced a blockchain-based cyber supply chain provenance platform for energy delivery systems
Summary
To achieve reliable and efficient energy delivery system (EDS) operations, utility companies typically adopt various software/hardware products and solutions developed by third-party vendors. The challenges for meeting supply chain risk management requirements (Goff et al, 2014) (Contract, 2020) involve a) timely notification, coordination, and disclosure of vendor-identified incidents; b) software integrity and authenticity; c) vendor remote access; and d) information system planning Realizing these functionalities is critical for BESs, which would allow devising quantifiable risk metrics to assess the severity and exploitability of BESs and develop prioritized risk remediation solutions. In this article, we propose a Blockchain-based cyber supply chain provenance system (“Vind”) for EDSs. At a macro level, the approach followed to build Vind involves 1) the customer outlining the performance and security requirements, 2) the vendor identifying the appropriate hardware and software suppliers that will meet the supply chain provenance requirements, and 3) the suppliers ensuring that they report the desired information that allows the customers to improve auditability, attribution, and provenance of their critical assets.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
