Energy

Introduction

The Energy cluster is focused on cybersecurity applied to the electrical power and energy systems (EPES). EPES, is of key importance to the economy, as all other domains rely on the availability of electricity. Being a sector in deep transformation with digitization, the IoT and the new role of consumers, it is necessary to ensure the proper functioning and resilience of existing infrastructures that can be considered essential, taking into account the installed equipment and legacy systems and analyzing how to minimize associated risks. At the same time, the new facilities and equipment that are developed and installed must be done under cybersecurity and privacy principles from the design and throughout the entire supply chain, as well as its life cycle. In this sense, it is essential to define and follow clear standards and a certification framework that provides security to users, manufacturers and operators. Cybersecurity and its challenges are evolving at a rapid pace, which is why the European Commission has taken a series of measures to tackle it, such as the establishment of a comprehensive legislative framework that builds on:

Cluster Objectives

Main objectives of the cluster are:
  • Increase awareness and preparedness in the energy sector under guidance SWD(2019)1240 to implement horizontal cybersecurity rules.
  • Help transform Europe’s energy systems while also maintaining a high level of security, not least in terms of reinforcing cybersecurity of the digital transformation in the energy sector under The Clean Energy for all Europeans package.
  • Support Member States’ efforts to mandatory include measures on cybersecurity in their national risk assessment plans.
  • Develop a network code on cybersecurity in the electricity sector.
  • Raise awareness and promote broad discussions in the energy sector, since cooperation and trust among stakeholders and among Member States is key when it comes to cybersecurity, due to the potential cascading and cross-border effects.
  • Exchange best practices between Member States on identification, mitigation and management of cyber risks under the NIS Directive.

Who benefits?

  • Energy Producers
  • Power Grid operators
  • Energy Distributors (wholesalers & resellers)
  • Cyber Security Services Providers
  • End Users (Industry, Commercial, Residential)
  • Academia

Challenges

The energy sector presents certain particularities that require particular attention:

  • Real-time requirements. Some energy systems need to react so fast that standard security measures such as authentication of a command or verification of a digital signature can simply not be introduced due to the delay these measures impose.
  • Cascading effects. Electricity grids and gas pipelines are strongly interconnected across Europe and well beyond the EU. An outage in one country might trigger blackouts or shortages of supply in other areas and countries.
  • Combined legacy systems with new technologies. Many elements of the energy system were built well before cybersecurity considerations came into play and now needs to interact with the most recent state-of-the-art equipment for automation and control, such as smart meters or connected appliances and devices (IoT) without being exposed to cyber-threats.
  • Protect operators’ and users’, private and sensitive data transferred over various networks.

Innovations and solutions

1. SDN-microSENSE

SDN-microSENSE aims at providing and demonstrating a secure, resilient to cyber-attacks, privacy-enabled, and protected against data breaches solution for decentralised EPES. All designed, developed, and tested technologies should consider the latest related research findings and maintain high compliance with current industrial standards (e.g., IEC standards). SDN-microSENSE project intends to provide a set of secure, privacy-enabled and resilient to cyberattacks tools to ensure the normal operation of EPES as well as the integrity and the confidentiality of communications.

2. EnergyShield

EnergyShield will develop an integrated toolkit that combines the latest technologies for vulnerability assessment, monitoring and protection, as well as learning and sharing tailored to meet the needs of EPES operators. Objectives of the project will be:

  • Adapt and improve available building tools (assessment, monitoring & protection, remediation) in order to support the needs of the EPES sector.
  • Integrate the improved cybersecurity tools in a holistic solution with assessment, monitoring/protection and learning/sharing capabilities that work synergistically.
  • Develop best practices, guidelines and methodologies supporting the deployment of the solution and encourage widespread adoption of the project results in the EPES sector.

3. SealedGRID

The power grid is exposed to security threats inherited from the ICT sector, while privacy issues and new vulnerabilities, related to the specific characteristics of the SG infrastructure, will emerge. The project will develop a security platform tailored to the SG, that

  • can efficiently manage the plethora of SG nodes,
  • deal with potential malicious hardware or software modifications due to the physical access of the customers to the SG nodes, and
  • operate over heterogeneous systems.

The platform will combine, for the very first time, technologies like Blockchain, Distributed Hash Tables, Trusted Execution Environments, and OpenID Connect.

4. DeFEND

Driven by the lack of appropriate products in the market, DEFeND will deliver a platform which empowers organisations in different sectors to assess the compliance status, plan the achievement of the GDPR compliance and increase their competences in different aspects of GDPR. DEFeND exploitation strategy is based on commercialisation of project results at three levels:

  • DEFeND platform-as-a-whole,
  • and 4 different inter-organizational secure information and heavy images sharing,
  • partners’ individual components.

DEFeND platform enables building and analysing models following a Privacy-by-Design approach spanning over two levels, the Planning Level and the Operational Level, and across three management areas:

  • Data Scope,
  • Data Process, and
  • Data Breach

Impacts

1. SDN-microSENSE project will contribute towards

  • Preventing and addressing disruptions to the underlying infrastructures of EPES microgrids
  • Achieving resilient and secure operations in the face of various cyberthreats, data breaches and failures
  • Realizing secure and flexible trading management
  • Distributed and effective IT cyber-defence systems for large-scale EPESs
  • Privacy-preserving information sharing among energy operators and actors
  • Formulating recommendations for standardisation and certification of EPESs

2. EnergyShield project will:

  • Fill the gap between cybersecurity general requirements and EPES specific requirements to protect the power grid against cyber attacks.
  • Address requirements of EPES operators such as:
    • Provide a broad set of tools to address different levels of cyberattacks, privacy attacks and data breaches (assessment, monitoring and management of security threats and insights).
    • Provide solutions against disruption attacks aimed to threaten the continuity of energy operations via an innovative and adaptive toolkit designed to secure critical infrastructures and provide a set of functionalities that could be implemented domain-agnostic.
    • Enable critical infrastructure operators to share early warning on cybersecurity risks and incidents as well as to report major security incidents on their core services.

3. SealedGrid project will contribute:

  • To the effort of the European Union to push towards realising a sustainable development of the SG, with the minimum vulnerability to external attacks or to malicious SG nodes.
  • To providing an innovative platform that will abide by the existing standardisation work and will be directly utilised by the shareholders providing new tools towards a scalable, highly trusted, and interoperable SG security platform.
  • To the ambitious goal posed by European regulations that requires member nations to ensure that 80% of residential households are fitted with a smart meter by 2020 [Zho13].
  • In the efforts for crewing a European research and development community with expertise in the security systems for the SG that may combine cross- sectorial (industry and academia) backgrounds.

4. DEFeND projects will impact EPES organizations and individual EPES users by:

  • Improving transparency regarding the handled information in terms of privacy and security requirements.
  • Providing an in-depth processing analysis based on a structured visual methodology.
  • Providing tools and methods from the security and privacy requirements area that support elicitation, modelling and analysis of privacy concerns from the early stages of the service/system development process (at the service/system planning level).
  • Providing analysis techniques and tools that implement privacy-by-design (PbD) specifications (at the operational level).
  • Delivering a Privacy Data Consent (PDC) to users, which acts as a contract among the data controller and data subject, encapsulating all the necessary information regarding the consent of the processing to their personal data.
  • Apart from the practical contributions, the project also makes significant contributions to the PbD state-of-the-art by extending work in the PbD methodologies to operate within the context of the GDPR.

Join the Energy Project Cluster                   Joint Webinar                     Joint Recommendations Report 

News

On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.