Supply Chain Security Management

Lead Research Organisation: University of Warwick
Department Name: WMG

Abstract

Research Area: ICT networks and distributed systems, Software engineering

The project is concerned with risk mitigation through the development of knowledge and understanding. The risks associated with information security breaches because of failures of compliance in supplied goods and services are potentially of very high impact on National Grid's operations and network, with severe consequences for customers' energy supply and high costs of recovery.

Publications

10 25 50

Studentship Projects

Project Reference Relationship Related To Start End Student Name
EP/N509401/1 01/10/2015 25/02/2022
1784947 Studentship EP/N509401/1 01/08/2016 31/12/2018 Robert Balmbra
 
Description The research has identified key weaknesses in national infrastructure, components that make up energy systems lack essential cybersecurity features, such systems are at risk for internal and external threats that could terminate energy creation and routing. National infrastructure is becoming more integrated to external networks, e.g the smart grid and the internet are opening these networks to external threats, unexplored threats and supply chain attacks.

I have researched into many ways that the supply chain can be used against such businesses including a range of historic cyber attacks against IT and OT systems using the supply chain, there is a vast array of gateways and paths an attacker may use to exploit his target, their a effectively 4 main types of supply chain models that distinguish the operation and efficiency of a company, therefore enhancing supply and demand including the Integrated Make-to-Stock Model, the Build-to-Order Model, the Continuous Replenishment Model, the Channel Assembly Model as well as a hybrid model that combines multiple models may be used within a supply chain.

Throughout my research I have looked into statistics regarding supply chain attacks and their origins, within the report HM Government Report in 2015 it was found that the majority of breaches were the cause of supply chain attacks, as well as 18% of security breaches originated from internal employees and contractors. Although in 2015 breaches were on the rise, it was shown in the 2016 report that more suppliers are implementing more cyber standards and guidelines however 190 cases within the 2016 report failed to validate external services provided by organisations and businesses.

Procurements of OT components differ hugely against IT systems, due to the differences of the refresh rate ~ 40 years, components are outdated and have no implemented security, although some devices do support basic parity checking against data, this is why Stuxnet was so effective against such systems. It is highly susceptible to such attacks due to the lack of deployment of patches and updates, this will effectively damage the availability of the system, although such systems will transition components and parts over a long period.

Although many organisations may undergo internal procurement checks prior from installing the component into a live environment, though such exploits may be so complex in nature they may not be noticed. A framework to assist such research into component checks would enhance the process to identify threats as well as a web interface and software to test multiple common exploits automatically against a component.
Exploitation Route Supply chains are essential for businesses and organisations to operate. A conglomerate of businesses, suppliers that provide a service to other businesses and customers. More intricate attacks are using the supply chain as a gateway to attack the target, for example a vendor that supplies firmware updates. If an attacker targets the vendors firmware repository and craft a new firmware for deployment, it could be possible to deploy the malicious firmware to each component within the national infrastructure, allowing the attacker to future exploit other systems throughout the OT and IT network.

This is especially dangerous when supply chains span more than one continent, with state funded cyber-attacks on the rise, implementation of an efficient procedure to check and vet supply chain suppliers and businesses to protect from external threats.
Sectors Digital/Communication/Information Technologies (including Software),Energy
 
Title PLC Simulator 
Description Throughout my research I found another project named 'Open PLC' allowing to simulate PLCs within a confined SCADA network, with support of manually programming each component within the environment. The software is freely available and is open source, therefore it allowed me to develop new additional features including support for more commonly used communication protocols. The software allows PLC's to interface with slave devices to realistically emulate a real-life field device, effectively allowing to make a cheap PLC environment without investing in huge amounts of money buying equipment. Therefore, I will be developing a way to interface a Raspberry Pi as a slave board so that sensors, pumps, motors etc, on the GPIO pins on the device can talk to the PLC, imitating a real like slave device. 
Type Of Technology Software 
Year Produced 2018 
Open Source License? Yes  
Impact The environment will allow unit tests to allow to test for vulnerabilities and exploits using various attack frameworks, previous historic attacks including the Stuxnet worm as well as manually exploiting using specialised tools using nmap, sniffer tools, etc I have also examined the contents of the Stuxnet worm that is publicly available to allow myself to craft such an attack that is similar of that against the environment and examine such techniques within the worm to use elsewhere against the PLC environment.