CyberSEAS: Cyber Securing Energy dAta Services

The main ambition of the EU-funded project CyberSEAS (Cyber Securing Energy dAta Services) is to improve the resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions and extended involvement models of stakeholders and consumers in complex attack scenarios, characterised by the presence of legacy systems and the increasing connectivity of data feeds. The project has 3 strategic objectives:
1) Countering the cyber risks related to highest impact attacks against EPES
2) Protecting consumers against personal data breaches and attacks
3) Increasing the security of the Energy Common Data Space
Cyber-criminals are shifting tactics to favour multi-stage attacks in which stealing sensitive data is a precondition for the real attack and enables them to maximise damage and profits. Threat actors, especially large ones such as nation states, also carry out complex attacks that leverage supply chain dependencies, and this trend continues to grow. Likewise, with the transition to scenarios where users are proactively involved, prosumer data is becoming more and more sensitive.

To achieve these objectives, CyberSEAS delivers an open and extendable ecosystem of customisable security solutions providing effective support for key activities, such as: risk assessment; interaction with end devices; secure development and deployment; real-time security monitoring; skills improvement and awareness; and certification, governance and cooperation.

CyberSEAS solutions are validated through experimental campaigns consisting of 100+ attack scenarios, tested in 3 labs before moving out to 6 piloting infrastructures across 6 European countries to reach TRL7+.

100+ scenarios have been defined and investigated, in the context of the multiple infrastructures contributed by end user partners.
The Project Coordinator and Technical Coordinator had fruitful interactions with representatives of DG-ENER within the context of the activities of the CyberEPES project cluster. In one of the CyberEPES meetings, DG-ENER suggested that data privacy set up – i.e. understanding how data is protected and how the consent for its usage is managed – is a topic of high interest in the energy community.
The project has designed an interoperable architecture for increasing the security of the Energy Common Data Space. It is compliant with FIWARE guidelines and interoperable with FIWARE features for the protection of data produced on the field, as well as of data extracted from Digital Twins.
In WP1, an effective coordination and collaboration toolset were provided, milestones and deliverables (including EUCI) submission was managed.
In WP2, an interdisciplinary analysis of vulnerabilities and failures related to cyber and privacy attacks and data breaches was performed.
In WP3, the architecture of the project toolset was defined and released.
In WP4, and WP5 the project delivered the tools for, Detection of social engineering attacks; Augmented detection of complex cyber-attacks; Real-time cybersecurity monitoring and measures to respond to cyber-attacks and to mitigate their impact across the energy supply chain; Risk management and Threat intelligence; Trusted execution and secure deployment support; Device protection security mechanisms and services; Proactive security for energy operators.
In WP6, an analysis of the governance models and best practices was done.
In WP7, the tools' validation was performed.
In WP8, a stakeholder community was created and made aware of project results.
In WP9, exploitation and dissemination were delivered.

CyberSEAS advanced the state of the art of protection technologies with several important contributions, specifically tailored to resilience improvement of complex EPES infrastructures.
With respect to risk assessment, the project developed tools with advanced features for: (i) vulnerability assessment; (ii) cost-benefit analysis; (iii) integrated risk assessment governance; and (iv) support for decision-making on cost-effective investments and implementation of security measures. The new tools provide a unified view of security and safety, which is a very much lacking feature of current offerings.
Major contributions were made in the field of Real Time Data collection and Security Monitoring. The project developed a Security Information and Event Management (SIEM) + Security Operations Center (SOC) solution which brings a significant advancement in real-time security and dependability monitoring technologies, and in particular: 1) It extends SIEM and other security and dependability monitoring technologies from the infrastructure domain, where it is mostly confined today, to a multi-domain view and high-level processes and services in order to perform security-related event processing and monitoring at the service level; 2) It extends the evaluation and correlation capabilities of real time security monitoring systems.

As to secure deployment approaches, the project has advanced the SOTA of secure development and deployment support for Trusted Computing (TC), and particularly, Trusted Execution (TE). What makes CyberSEAS solutions extremely attractive is their ability to protect against attackers with high privileges. CyberSEAS solutions make the superior security features of TE technologies seamlessly available to EPES operators, by integrating them in “core-side” components.

CyberSEAS has advanced the SOTA in the fields of Certification, Governance, and Cooperation support. As to Governance and Cooperation, it has developed new features which propagate information about detected threats and alerts and make them available to a wide community of cooperating partners (e.g. the EU wide MeliCERTes platform), thus enabling coordinated handling of hazardous events. As to Certification, the project has defined a novel methodological framework which can be used in practice as a reference for certifying a wide class of emerging critical systems, virtually any system for which: (i) the general architecture has already been designed, (ii) business constraints impose that (radical) changes to the architecture be avoided, and (iii) the main COTS components that must be integrated have already been chosen.

CyberSEAS solutions increase the resilience against different levels of cyber and privacy attacks and data breaches - including personal data breaches - in the energy sector, by delivering an ecosystem of security measures focused on the protection against cyber-threats which have the highest impact on business continuity and consumers’ privacy. Cyber protection is delivered at different levels, and precisely: i) At the supply chain level, across all EPES actors involved; ii) At cross sectorial level, considering potential cascading effects; and iii) At all phases of targeted cyber-attacks related to complex attack campaigns.
Protection requires huge investments and resources to be put forward by governments and organizations, posing a strong burden especially in a historical time of economic crisis. By deploying CyberSEAS solutions, not only organizations reduce the likelihood of a successful Social Engineering attack which can cause significant costs in terms of loss of business and/or reputation, but they also implement effective mitigation measures.