CySCPro - Cyber Supply Chain Provenance Framework for Risk Management of Energy Delivery Systems

Abstract

For operational efficiency, enterprise-level Energy Delivery Systems (EDS) rely on a number of software or hardware providers. Overseas suppliers generally manufacture and integrate critical EDS components, increasing the attack surface for adversaries looking to enter EDS (e.g., the recent SolarWinds supply chain attack). The EDS supply chain requires cyber risk management that can track cyber vulnerabilities, establish quantifiable mechanisms to understand the severity and exploitability of EDS applications while providing a remediation plan to effectively mitigate such risks. In this work, we propose a Cyber Supply Chain Provenance platform for EDS by leveraging distributed ledger technology for enabling cyber risk management capability to defend and respond to cyber supply-chain attacks (e.g., SolarWinds) and establish data provenance in a cyber supply chain ecosystem.