European critical energy infrastructure is a complex patchwork of technologies and providers, making cyber-physical protection from attack challenging. DEFENDER has developed a security platform that harmonises threat detection, monitoring, mitigation and response.

Security

Today’s critical energy infrastructure (CEI) is a mix of power generation plants and distributed renewable energy systems. These vast, dispersed, diverse systems and assets form multifaceted operational environments requiring interoperable IT management platforms and communication protocols. Current solutions offer only a fragmented range of stand-alone innovations, increasing security risks. The EU-supported DEFENDER project developed a security platform to quickly identify, evaluate and mitigate cyber-physical attacks against CEI. The system exploits several technologies ranging from artificial intelligence to semi-automated countermeasures. The project also set up a pan-European centre for the exchange of threat intelligence. “DEFENDER offers solutions for a really wide range of contexts, helping accelerate cyber-physical security innovation in the EU,” says project coordinator Gabriele Giunta from Engineering Group, the project host. “EU support through the Horizon Results Booster really helped us bring the results closer to the market.”

Security, resilience and self-healing by design

As the range of energy provision options proliferates, so more security risks are introduced into the networks, making an overarching approach to protect them difficult. CEI organisations often operate within technical and operational silos. Multiple players are involved along the energy value chain, from generation to consumption, with little coordination between them. The team identified the main cyber and physical threats, with help from potential system end users. DEFENDER’s subsequent threat detection and mitigation tools were then developed, falling into two categories: those ensuring resilience and those to monitor and protect CEI in real time. A range of state-of-the-art solutions was integrated into the system. Fixed sensors and mobile devices, such as drones and video surveillance, record potential threats. Machine learning techniques are then used to assess threat levels. A complex event processing and game-theoretic toolbox then helps operators make decisions from a range of mitigation and emergency response options. “These smart technologies create a well-orchestrated security platform able not only to perceive its environment, but also to evolve with it,” summarises Giunta. Building a ‘culture of security in society’ was central to the project’s approach. The system enables security guards equipped with smartphones to alert, and be alerted by, authorities regarding security concerns. Blockchain keeps this communication both secure and private. “People become ‘virtual sensors’ empowered to provide security intelligence, just as cyber-physical sensors would,” Giunta explains. During the DEFENDER trials, a modular version of the platform installed in each of four pilots in France, Italy and Slovenia, was evaluated by participant end users. ENGIE (Generation), ASM (Distribution), BFP (Renewable Energy) and ELES (Transmission) assessed the system’s ability to cope with several realistic attack scenarios against various CEIs. “The platform’s services were positively evaluated, with DEFENDER’s responses keeping pace with the realistic simulated cyber-physical attacks,” concludes Giunta.

Towards an integrated Europe-wide system

DEFENDER’s results contribute to a number of areas of the EU’s security ambitions, such as Council Directive 2008/114 specifically regarding Critical Infrastructure Protection (CIP), the Directive on security of network and information systems, and drone regulations. An ongoing challenge will be the different legal frameworks of directives, sometimes with inconsistent terminology and approaches. “We have offered solutions to help harmonise terminology and processes across the entire CIP environment – essential for integrated physical, cyber and human security systems,” adds Giunta. “DEFENDER’s proposed framework offers a baseline for the future integration of technologies to create common decision-making tools for enhanced security. Adopting the human in the loop paradigm substantially strengthens the protection of CIP.”

Keywords

DEFENDER, energy, security, infrastructure, cyber-physical attack, power generation plant, machine learning, drone