At the symposium, the following leading research projects presented their research-driven solutions to smart grid security challenges.
The HyRiM Project
The main objective of this project is to identify and evaluate ‘Hybrid Risk Metrics’ for assessing and categorizing security risks in interconnected utility infrastructure networks in order to provide foundations for novel protection and prevention mechanisms.
The project will provide utility network providers with a risk assessment tool that – in adherence with, e.g., the BSI or ICNC recommendations – supports qualitative risk assessment based on numerical (quantitative) techniques. For that matter, our method will explicitly account for the infrastructure’s two-fold nature in terms of the utility network and the control network alongside it. The expected impact is thus a movement away from best practice only, towards the treatment of risk in utility networks based on a sound and well-understood mathematical foundation. The project will take an explicit step towards considering security in the given context of utility networks, ultimately yielding a specially tailored solution that is optimal for the application at Hand.
Project Website: https://hyrim.net/
The IRENE Project
In the smart city of tomorrow, energy generation and consumption will differ significantly from what we know today. Energy distribution system operators both existing and new, will be enabled to balance demand and supply by using smart grid technology. Much energy demand (heating, cooling and electricity) will be supplied by decentralized renewable energy and most of the new buildings will be able to produce and even store energy.
IRENE aims at evaluating how a decentralized energy generation in urban areas can allocate energy to supply critical infrastructures, should long term power outages occur. Its focus is on power outages caused by cyber-attacks and how dependability of urban electricity grids and their ICT infrastructure can be improved to overcome and mitigate these attacks through both social and technical means.
The main goals are:
Project Website: http://www.ireneproject.eu/
The SALVAGE Project
With the proliferation of smart grid technology, cyber security is becoming an urgent concern. While the complexity of the power grid and its control infrastructure is growing, this infrastructure also becomes more exposed to attacks, in part because formerly closed systems are being connected to public data networks. New tools are needed to identify vulnerabilities in the ICT infrastructure of smart grids, to assess the impact of cyber attacks on the integrity of the physical power grid, and to detect ongoing attacks.
The SALVAGE project aims to develop such tools, demonstrate their usefulness in simulation and experiment, and chart a path towards their integration in existing planning and operational procedures used in the electric power industry.
Project Website: http://www.salvage-project.com/
The SCISSOR Project
In traditional industrial control systems and critical infrastructures, security was based on the reliance on proprietary technologies (security by obscurity), physical access protection and disconnection from the Internet. The move towards open standards and IP connectivity, the growing integration of Internet of Things technologies, and the disruptiveness of targeted cyber-attacks, calls for novel cyber security means.
Taking an holistic approach, SCISSOR designed a new generation SCADA security monitoring framework, comprising four layers: i) a monitoring layer supporting heterogeneous “sensors”: new ultra low cost/energy pervasive sensing technologies, network monitoring, system and software integrity verification, smart camera surveillance solutions; ii) a control and coordination layer adaptively orchestrating remote probes/sensors, providing a uniform representation of monitoring data gathered from heterogeneous sources; iii) a decision and analysis layer in the form of an innovative SIEM fed by both highly heterogeneous monitoring events as well as the native control processes’ signals, and supporting advanced correlation and detection methodologies; iv) a human-machine layer devised to present in real time the system behavior to the human end user in a simple and usable manner.
The implementation of the SCISSOR’s framework leveraged advanced cloud-based technology, integrating traditional data centers clouds with cloud-in-a-box appliances to be deployed in the field near the infrastructures that need to be protected. The reference implementation of the SCISSOR framework has been deployed in: i) an off-field SCADA platform, to highlight its ability to detect and thwart targeted threats, and ii) an on-field, real world deployment within a running operational smart grid, to showcase usability, viability and deployability.
Project Website: https://scissor-project.com/
The SEGRID Project
To manage all changes that occur in the electricity grid, it increasingly will be equipped with intelligent devices for sensing, monitoring, control, automation and communications - the electricity grid evolves to a Smart Grid. The introduction of the Smart Grid in combination with the entrance of many new and inexperienced stakeholders will dramatically increase the threat surface for malicious attacks on the electricity supply.
The SEGRID project, sponsored by the European Framework 7 research and development program, addresses the security challenges that arise with the introduction of the Smart Grid. Because the SEGRID consortium includes scientific partners, applied research organizations, manufactures and DSO’s, the results are scientific sound but also applicable in practice in the near future.
SEGRID’s main objective is to enhance the protection of smart grids against cyber-attacks. Use cases are the foundation of the SEGRID project, on which risk assessments and vulnerability analysis have been conducted. In this process, we have proposed enhancements to these risk- and vulnerability assessment methodologies to increase their effectiveness in smart grid environments. Based on the risk assessment results, SEGRID has designed, evaluated and tested new security measures, where old ones no longer suffice due to the arrival of the smart grid. The experience that is gained has been fed back into standardization and other relevant fora with the aim to enhance existing methodologies and standards.
Project Website: https://segrid.eu/
The SPARKS Project
The future smart grid represents a significant evolution in the way electric grids function. At the core of this change is an increased use of ICT to implement enhanced monitoring and control in the distribution network at medium and low-voltage levels. Ensuring the cybersecurity and resilience of smart grids is of paramount importance. This is the target of the EU-funded SPARKS – Smart Grid Protection Against Cyber Attacks – project.
The project aims to provide innovative solutions in a number of ways, including approaches to risk assessment and reference architectures for secure smart grids. The project will make recommendations regarding the future direction of smart grid security standards. Furthermore, key smart grid technologies will be investigated, such as the use of big data for security analytics in smart grids, and novel hardware-supported approaches for smart meter (gateway) authentication. All of these contributions and technologies will be assessed from a societal and economic impact perspective, and evaluated in real-world demonstrators.
Project Website: https://project-sparks.eu/
The SUCCESS Project
The project aims at designing, developing and validating on small scale field trials a novel holistic adaptable security framework which is able to significantly reduce the risks for additional potential cyber threats and attacks when next generation real time scalable unbundled smart meters are deployed along smart electricity grid, which enable innovative application and value added services within the emerging smart decentralized energy system paradigm.
SUCCESS will achieve this objective by encapsulating the key challenges of Security, Resilience, Survivability and Privacy in 3 use cases which will focus the Research, Implementation and Evaluation concepts. The concepts will drive investigations of threats and vulnerabilities of current and future Smart Meters, devices and networks, the definition and implementations of countermeasures and their use in the SUCCESS field trials which demonstrates the countermeasures at work.
The SUCCESS project addresses both utilities networks and the communications networks and IT capabilities that support them. It considers both of these infrastructures as they are currently used, as they will be used in 2020 with Next Generation functionality and finally as they will be used and designed in the time beyond 2030. SUCCESS examines the interdependencies and exploits the potential interactions between the communications and critical utility infrastructures in order to use them for countermeasures, embedding security, resilience and survivability to Future Smart Grid Networks. Security means security of supply and resilience to all types of threats: not only Cyber-attacks but also weather or any other potential disruptive events such as loss of equipment.
Project Website: http://www.success-energy.eu/