Main Programme

The symposium will start at 10:30 on Monday 13th March, 2017 and will run until Tuesday 14th March at 16:30, starting on the Tuesday at 09:00. The programme shown below is subject to change, and will be updated as new information becomes available.

Monday 13th March, 2017

TimeSession
09:30 - 10:30Coffee and Registration
10:30 - 10:40Welcome Message
Wolfgang Hribernik and Paul Smith, AIT Austrian Institute of Technology
10:40 - 11:10An Introduction to the Projects
The HyRiM Project [Slides]
Stefan Schauer, AIT Austrian Institute of Technology
The IRENE Project [Slides]
Oliver Jung, AIT Austrian Institute of Technology
The SALVAGE Project
Oliver Gehrke, Technical University of Denmark (DTU)
The SEGRID Project [Slides]
Reinder Wolthuis, TNO
The SPARKS Project [Slides]
Paul Smith, AIT Austrian Institute of Technology
The SUCCESS Project [Slides]
Panagiotis Paschalidis, P3 Communications
11:10 - 12:10Session: Smart Grid Security Risk Management
Session Chair: Reinder Wolthuis, TNO

An Enhanced Risk Assessment Methodology for Smart Grid [Slides]
Judith Rossebø, ABB Norway and University of Oslo
Identifying and Managing Risks in Interconnected Utility Networks: The HyRiM Risk Management Process [Slides]
Stefan Schauer, AIT Austrian Institute of Technology
Risk Assessment for Cyber-Physical Smart Grid Systems [Slides]
Martin Hutle, Fraunhofer AISEC
12:10 - 13:30Lunch
13:30 - 15:00Session: Security Analytics and Situational Awareness
Session Chair: André Herdeiro Teixeira, TU Delft

Security Analytics for Smart Grid Anomaly Detection [Slides]
Niamh O'Mahony, Dell EMC Research Europe
Integrated Multi-domain Analysis of Smart Grid Cybersecurity
Oliver Gehrke, Technical University of Denmark (DTU)
DSO-oriented Operational Security Capability Model [Slides]
Maarten Hoeve, European Network for Cyber Security (ENCS)
The SCISSOR approach to establishing situational awareness in Industrial Control Systems [Slides]
Stefano Salsano, University of Rome Tor Vergata / CNIT
Intrusion Detection in Smart Grid [Slides]
BooJoong Kang, Queen's University Belfast
15:00 - 15:30Coffee Break
15:30 - 16:30Session: Smart Grid Resilience (I)
Session Chair: Gavin McWilliams, Queen's University Belfast

Is my Grid Bouncing Back? A Cyber-Physical Resilience Metric for Smart Grids [Slides]
Ivo Friedberg, AIT Austrian Institute of Technology
A Collaborative Framework to Improve Urban Grid Resilience [Slides]
Oliver Jung, AIT Austrian Institute of Technology
Protection Against Cyber Attacks: Introducing Resilience for SCADA Networks [Slides]
Antonios Gouglidis, Lancaster University
16:30 - 17:30Panel Session: Data Protection and Privacy for the Smart Grid
Moderator: Paul Smith, AIT Austrian Institute of Technology

Panellists:
Marie-Theres Holzleitner, The Energy Institute at JKU Linz [Slides]
Jaap-Henk Hoepman, Radboud University Nijmegen [Slides]
Nuno Medeiros, EDP Distribuição [Slides]
Peter Fröhlich, AIT Austrian Institute of Technology [Slides]
19:30Poster Session and Social Dinner at the Ottakringer Brauerei

Tuesday 14th March, 2017

TimeSession
09:00 - 09:10Welcome Message
Paul Smith, AIT Austrian Institute of Technology
09:10 - 10:10Keynote Address: Undetectable Attacks on PMU Time Synchronization [Slides]
György Dán, KTH Royal Institute of Technology
10:10 - 10:40Coffee Break
10:40 - 11:20Session: Smart Grid Resilience (II)
Session Chair: Niamh O'Mahony, Dell EMC Research Europe

Intrusion-Tolerant Eclipse SCADA [Slides]
Nuno Neves, University of Lisboa
Resilient Smart Grid Control [Slides]
Henrik Sandberg, KTH Royal Institute of Technology
11:20 - 13:00Smart Grid Security Solutions Demonstrations
13:00 - 14:00Lunch
14:00 - 15:00Social, Legal and Policy Aspects
Session Chair: Oliver Jung, AIT Austrian Institute of Technology

A Tool to Support Data Protection Impact Assessments for the Smart Grid [Slides]
Ewa Piatkowska, AIT Austrian Institute of Technology
A DSO Perspective on Future Cybersecurity and Privacy Policies [Slides]
Nuno Medeiros, EDP
Legal Framework and People's Perspective of Cyber Security [Slides]
Johannes Reichl, The Energy Institute at JKU Linz
15:00 - 15:30Coffee Break
15:30 - 16:30Panel Session: Reflections on the Symposium and Future Directions
Moderator: Friederich Kupzog, AIT Austrian Institute of Technology

Panellists:
Dimitrios Serpanos, University of Patras and Industrial Systems Institute [Slides]
Karl Christoph Ruland, University of Siegen
Panagiotis Paschalidis, P3 group, Berlin [Slides]

Demonstrations

A major highlight of the agenda will be the demonstration of a number of cybersecurity solutions for the smart grid.

Integrated Cyber-attack Intrusion Detection and Resilient Control

BooJoong Kang and Kieran McLaughlin, Queen’s University Belfast; David Umsonst and Henrik Sandberg, KTH Royal Institute of Technology; Mario Faschang and Friederich Kupzog, AIT Austrian Institute of Technology

Summary — Telecontrol of systems in the field, such as photovoltaic inverters, introduces new vulnerabilities that can be exploited by attackers. Attacks could have physical — power systems — consequences, such as voltage violations, congestion or blackouts. In this demonstration, we will present a cyber-attack to a set of photovoltaic inverters, highlighting the impact such an attack could have. Furthermore, we will demonstrate an integrated solution to this challenge, which combines a SCADA intrusion detection system, targeted at detecting attacks that use the IEC 61850 protocol, and resilience control capability. The aim is to make inverters, and the overall power system, resilient to this form of attack. The demonstration will take place in the AIT SmartEST laboratory, using a combination of simulated and real power systems equipment, in order to emulate a low-voltage distribution grid.

A framework for integrated multi-domain hypothesis testing: Proof of concept

Oliver Gehrke and Kai Heussen, Technical University of Denmark (DTU); Matus Korman, KTH Royal Technical Institute Technology

Summary — One of the challenges for future grid operators will be how to combine cybersecurity-related information from domain-specific analysis tools into an overall risk assessment of different scenarios, in order to be able to prioritize and plan actions. The SALVAGE project assumes an operational context in which the risk of several cyber-security breaches are evaluated at the same time, and where there is highly uncertain information about possible security breaches. In such a context only an integrated assessment is meaningful, where a risk-oriented prioritization of potential threats and impacts is required to accommodate probabilistic information.

We will present a concept for the integration of three domain-specific analysis tools – ICT vulnerability analysis, intrusion detection based on physical component models and power system impact analysis, and demonstrate a simple proof-of-concept implementation of this concept.
Our software framework generates a number of attack hypotheses from a template, calculates their risk value by invoking the domain-specific tools, and performs a ranking of the results.

We will conclude with a discussion of the key challenges on the way towards an operational solution.

Denial-of-service attack against the DTLS server

Marco Tiloca, Swedish ICT; Hamid Rahmouni, European Network for Cyber Security (ENCS)

Summary — In many substation automation systems the IEC 60870-5-104 protocol is widely used. This protocol does not natively support data protection. The Datagram Transport Layer Security (DTLS) technology can be used to give data protection against manipulation and eavesdropping. However, the original implementation is vulnerable to different kinds of attacks. Marco Tiloca from Swedish ICT has implemented a new version of the DTLS that mitigates those attacks. This demo will show the working of the IEC 104 protocol over DTLS, and demonstrate the impact of the DDoS attack on both versions of the DTLS.

Smart Security Planner making use of asset-driven risk assessment methodology

Santiago Cáceres, ETRA Investigación y Desarrollo S.A.

Summary — The session will focus on the use of an online tool (Smart SECPLAN) developed in the project HyRiM. It works as a Risk Assessment as a Service targeted to IT and OT security experts. The tool will guide the user in the risk assessment exercise and will go further to existing methods and techniques by providing advanced analytics based on game-theory models. As a result, a prioritized set of mitigation actions will be delivered and a GANTT chart will be proposed for regular maintenance activities.

Blackout Simulator – Cost Impact Simulation of Blackouts in the Electrical Grid

Dr. Gerhard Kleineidam, University of Bayreuth – Energy Field Test Laboratory Northern Bavaria

Summary — A successful attack to the critical infrastructure of utilities or Distribution System Operators (DSO) may cause tremendous societal costs and severe damage to individuals or legal entities. Conversely, there is a financial cost to implementing security technology. Simulation is used to explore costs from power outages, in order to justify investment into reasonable security measures. The Blackout Simulator will help utilities or DSOs to plan and upgrade their grid infrastructure to grant reliability of supply. Municipalities, investors, and insurance companies could perform risk assessments by evaluating attack or blackout scenarios, which provide damage cost figures and potential losses in terms of revenue or taxes.