Posted on

UBITECH kicks off the SDN-microSENSE Innovation Action on Electrical Energy Systems cybersecurity management and resilience

UBITECH is participating at the kick-off meeting, in Seville, Spain (June 4-5, 2019), of the SDN-microSENSE Innovation Action, officially started on May 1st, 2019. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 833955) and spans on the period May 2019 – April 2022. The SDN-microSENSE project intends to provide a set of secure, privacy-enabled and resilient to cyberattacks tools, thus ensuring the normal operation of Electrical Power and Energy Systems (EPES) as well as the integrity and the confidentiality of communications.

In particular, adopting an SDN-based technology, SDN-microSENSE will develop a three-layer security architecture, by deploying and implementing risk assessment processes, self-healing capabilities, large-scale distributed detection and prevention mechanisms, as well as an overlay privacy protection framework. Firstly, the risk assessment framework will identify the risk level of each component of EPES, identifying the possible threats and vulnerabilities. Accordingly, in the context of self-healing, islanding schemes and energy management processes will be deployed, isolating the critical parts of the network in the case of emergency. Furthermore, collaborative intrusion detection tools will be capable of detecting and preventing possible threats and anomalies timely. Finally, the overlay privacy protection framework will focus on the privacy issues, including homomorphic encryption and anonymity processes.

In this context, UBITECH will drive the implementation of the SDN-microSENSE Risk Assessment Framework (S-RAF) which includes iterative risk and vulnerability assessments on existing energy value chain assets including processes and personnel. Risk analyses and management will be expanded and strengthened to incorporate the evolved cyber threats and attacks, especially the Advanced Persistent Threat (APTs) which constitute a set of stealthy and continuous hacking processes such as the Distributed DoS (DDoS) against multiple domains of the power grid – introducing the concept of Advanced Metering Infrastructure (AMI) honeypots towards risk analysis and management. S-RAF, as one of the most critical components of the proposed solution, will conduct a risk analysis process of EPES, by identifying assets, threats, vulnerabilities privacy issues, calculating the threat probability and identifying the impact of possible attacks.

In particular, UBITECH will introduce a methodology and a software suite for collaborative risk assessment on the operation of EPES. The suggested artifacts will be based on existing methodologies that are commonly used by security practitioners and consultants for risk assessment (i.e. Asset Audit, Pipeline Model, Attack Tree) and map them to the field of EPES and energy chain, based on the identified requirements about security and privacy, incorporating standards and models related to Risk Assessment (i.e. ISO/IEC 27001 and ISO 22301), and Security on the fields of Power Systems (i.e. IEC 62351, ISO/IEC TR 27019), Information Systems (ISO/IEC 27001, ISO/IEC 27002), Industrial Cybersecurity standards (i.e. ISA/IEC 62443) and NIST Cybersecurity Framework. Due to the distributed nature of the decentralised energy system, the developed artifacts shall take under account the collaborative aspects needed in order to involve all stakeholders (i.e. personnel at different places or task roles) of the energy components provision supply chain – assessing the level of risk in all the involved EPES devices and systems. More specifically, S-RAF is going to analyse a) current smart & IoT devices, b) legacy SCADA & ICS devices, c) smart meters d) other software/hardware devices connected to EPES network and e) all the energy-related personnel and stakeholders (energy operators, consumers, prosumers, energy utilities, energy generators, energy actors & agents and energy retailers).