One of the primary methods of ensuring the trustworthiness of computers, automation controllers, digital devices, and software code is to make the products in the United States and vet every component used and every person involved in the manufacturing process. That’s what we do at SEL.
SEL manages supply chain security based on cybersecurity first principles that we established at our founding in 1984. Over the past 30+ years, we have consistently emphasized the importance of security in critical infrastructure. We have long employed a comprehensive supply chain diversity and risk evaluation process designed to ensure a safe and dependable supply chain for the products we deliver to customers around the world. To learn more, reference this supply chain best practices guide.
To minimize the risks inherent in a complex, global supply chain, SEL manufactures critical components, like motherboards for our computer systems and automation controllers and circuit boards for all our electronic devices, in our secure, state-of-the-art facilities in Washington and Idaho. This philosophy extends to our software products—whenever possible, we create our software internally, providing a quality control advantage along with the ability to make our own fixes and enhancements. Our vertical integration is one of the reasons we remain confident that malicious code or components will not make their way into SEL products.
When we must integrate commercial or open-source software or third-party libraries within our products, we apply the same rigorous vendor selection process used for physical products. Third-party software vendors undergo a thorough review from SEL’s product development, quality, security, and purchasing teams. We ensure we understand the software’s origin and have access to the source code whenever possible. We obtain components and software from U.S. suppliers whenever feasible to enhance our ability to closely scrutinize all aspects of production, and we avoid suppliers subject to control by potential geopolitical adversaries. Third-party software components are tested with the same rigor we apply to our internally developed code and are continuously monitored through the supplier for the existence of vulnerabilities and continuity of support.
Verification of software authenticity has always been important to us. Each SEL software application can be validated using its digital signature. Software is digitally signed using an extended validation code-signing certificate with a key securely held in a hardware security module. SEL firmware can be authenticated by comparison with a reference hash value available from the SEL website. Most SEL products operate with an embedded software environment that includes safeguards to detect alteration of programming and prevent malware infection or other corruption. SEL automation controllers use an embedded operating system that whitelists applications at the kernel level to prevent alteration, while our automation controllers configured as computers can be set up to run only authorized applications. Refer to this SEL whitepaper for a detailed analysis of the security enhancements whitelisting provides.
Our supply chain evaluation process is continuous and focused on constant improvement. We host an annual conference at our headquarters in Pullman, Washington, for more than 200 suppliers of vital parts, equipment, and services. We use this conference to forge close and collaborative partner relationships with suppliers and to communicate our expectations. Our business intelligence unit analysts and security operations staff monitor an array of public and private intelligence streams to detect and analyze potential threats, fueling our ability to act decisively to mitigate risk. We conduct onsite audits of certain suppliers to verify that their security safeguards and quality processes meet our high expectations and to better understand risks to the suppliers’ business models.
We maintain a detailed record of every product we manufacture and the customers using these products so we can rapidly notify customers about any potential quality or security concerns. We provide a ten-year warranty on every product, which provides a clear incentive for our customers to return products if they encounter a problem. This industry-leading warranty is a worthwhile investment because it provides a unique optic into our products over the long term—and tremendous energy is devoted into drilling down to the root cause of every defect. This analysis, in turn, enables us to identify problems with design processes or suppliers, even when those defects take years to manifest.
SEL views these long-standing security practices not just as compliance obligations, but also as vital components of our mission to make electric power safer, more reliable, and more economical.
On December 23, 2015, Ukraine became ground zero for the first known successful cyber attack targeting a national power grid. Fifty substations were taken offline, and 225,000 people were left without power. This incident served as a vivid reminder that malicious actors are constantly probing for security vulnerabilities and can exploit those weaknesses with significant impacts.
Attacks like these have since become commonplace. Beginning in 2016, attackers launched a coordinated campaign to compromise elements of the electric, nuclear, water, and other critical infrastructure sectors throughout the United States. The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) in 2018 took the unusual step of jointly identifying Russian government-sponsored cyber actors as the source of this multifaceted intrusion operation. The Wall Street Journal in 2019 published a detailed reconstruction of these attacks in an article titled “America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It.”
While these attacks did not cause power outages in North America, they highlight the fact that adversaries will continue to seek clever new ways to establish cyber beachheads within critical systems from which to launch attacks at a time of their choosing. These threats may originate from stateless criminal groups or from an array of geopolitical adversaries with political and economic systems that enable their governments and militaries to influence or direct their industrial organizations. One of the more insidious ways to compromise any system is at the hardware level, where an altered component or subsystem can lie in wait to be weaponized at the time of an adversary’s choosing or to misoperate when it is most needed. The vital importance of supply chain security cannot be overstated in the face of this complex and evolving threat landscape.