Solving the grid defender's dilemma: Tamper protection for distributed cyber-physical systems

Embedded devices installed as part of the smart grid rollout present a major dilemma for grid defenders, because they are soft targets that could allow an attacker to access critical assets (generators, control centers, etc.) deeper in the utility's network. While both physical tampering and intrusion protection are large, well-studied fields, state-of-the-art protection schemes suffer from several flaws: They are not powerful enough to respond properly to different tamper events, their severe responses can lead to reduced grid availability, and they often require more setup resources than a utility operator can provide. To protect these networks, we present TEDDI (Tamper Event Detection on Distributed Infrastructure), a distributed, sensor-based tamper protection architecture for embedded devices on utility networks. TEDDI uses data gathered from across the network to make more-informed and more-accurate tamper decisions, and can customize its response based on the event it sees. It can also be configured and installed quickly, without needing a large base of knowledge beforehand. In this paper, we lay out the TEDDI architecture, and discuss how TEDDI solves the grid defender's dilemma better than current work.