Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

A Review of Technologies that can Provide a 'Root of Trust' for Operational Technologies

Technical Report ·
DOI:https://doi.org/10.2172/1861944· OSTI ID:1861944
 [1];  [1]
  1. Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
+ Show Author Affiliations
The supply chain attack pathway is being increasingly used by adversaries to bypass security controls and gain unauthorized access to sensitive networks and equipment (e.g., Critical Digital Assets). Cyber-attacks targeting supply chain generally aim to compromise the environments, products, or services of vendors and suppliers to inject, add, or substitute authentic software and hardware with malicious elements. These malicious elements are deemed to be authentic as they arise from the vendor or supplier (i.e., the supply chain). This research aims at providing a survey of technologies that have the potential to reduce exposure of sensitive networks and equipment to these attacks, thereby improving tamper resistance. The recent advances in the performance and capabilities of these technologies in recent years has increased their potential applications to reduce or mitigate exposure of the supply chain attack pathway. The focus being on providing an analysis of the benefits and disadvantages of smart cards, secure tokens, and elements to provide root of trust. This analysis provides evidence that these roots of trust can increase the technical capability of equipment and networks to authenticate changes to software and configuration thereby increasing resilience to some supply chain attacks, such as those related to logistics and ICT channels, but not development environment attacks.
Research Organization:
Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA); USDOE Office of Nuclear Energy (NE)
DOE Contract Number:
NA0003525
OSTI ID:
1861944
Report Number(s):
SAND2022-3755; 704522
Country of Publication:
United States
Language:
English

Similar Records

Security Evaluation of Smart Cards and Secure Tokens: Benefits and Drawbacks for Reducing Supply Chain Risks of Nuclear Power Plants
Technical Report · Mon Aug 01 00:00:00 EDT 2022 · OSTI ID:1884928
Trusted Computing Technologies, Intel Trusted Execution Technology.
Technical Report · Fri Dec 31 23:00:00 EST 2010 · OSTI ID:1011228
The Nuclear Digital I&C System Supply Chain Cyber-Attack Surface
Conference · Mon Jun 08 00:00:00 EDT 2020 · OSTI ID:1634821

Related Subjects

21 SPECIFIC NUCLEAR REACTORS AND ASSOCIATED PLANTS
42 ENGINEERING
97 MATHEMATICS AND COMPUTING
Cybersecurity