Title: Gridtrust: Electricity Grid Root-of-Trust Decentralized Supply Chain Cyber-Security (Final Scientific/Technical Report)

GridTrust represents a departure from reliance on a single organization or a single person to multiple organizations and therefore multiple people across organizational structures. The motivating idea behind involving multiple organizations is the increase in security due to human factors. More specifically, the requirement that distinct people in different organizations sign off on a change or an update makes a cyberattack much less likely due to the inherent requirement that both organizations be penetrated and fooled. GridTrust focuses on the software update process as the primary exemplar for the research and development work. A novel hardware-based technology referred to as a Physical Unclonable Function (PUF) provides a microchip Root-of-Trust (RoT), i.e., a starting point for verifying that the hardware being communicated with is the hardware the control center believes the hardware to be. As a result, staff at power grid control centers can ensure the accurate and reliable identification of hardware devices from the outset. The GridTrust protocol introduces two key innovations, as detailed in this report. Firstly, the utilization of a PUF as a root-of-trust in the initial phase of a software or firmware update. Secondly, the application of multiple cryptographic signatures from two or more organizations to the update binary. These signatures are verified before implementing the update on a power grid device in the field. In terms of GridTrust hardware design, this report outlines two main components. The first is the GridTrust Native Device, integrating PUF technology intrinsically into the hardware device itself. The second is the GridTrust Interfacing Device, which incorporates PUF technology and multiple cryptographic signatures. These signatures are cross-checked within a separate hardware positioned between the power grid control center and the legacy power grid device, functioning as an intermediary. While the GridTrust Interfacing Device offers the advantage of being applicable to existing power grid equipment, it may have reduced security if the intermediary component is targeted. On the other hand, the GridTrust Native Device boasts increased security due to protocol integration within a unified form factor. The effectiveness of GridTrust technology has been extensively demonstrated, with multiple external red-team attackers unable to breach GridTrust's security measures. This was observed both in controlled laboratory settings during Phase 1 of the project and in real-world conditions within a City of Marietta substation during Phase 2 of the project.