Periodic Reporting for period 1 - CyberSEAS (CyberSEAS: Cyber Securing Energy dAta Services)
Periodo di rendicontazione: 2021-10-01 al 2023-03-31
As reported in the X-Force Threat Intelligence Index of 2023, Energy firms are at the top of the victims' list of cyber attacks in North America, with 20% of all reported cases. Europe is undergoing a similar situation, which is exacerbated by the cyberattacks conducted by the Russian cyber army against the Ukrainian energy sector. This confirms the relevance of enhancing the protection of Energy infrastructures against cyber attacks. A particularly challenging task if we consider the constant evolution of EPES towards more agile, connected, intelligent, and data-driven energy systems, as well as the increasing dependency and the interconnection of EPES with our day-to-day lives. These trends lead to a major increase in cyber exposure of energy systems leading to major safety and privacy incidents.
The main ambition of the EU-funded project CyberSEAS (Cyber Securing Energy dAta Services) is to improve the resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions and extended involvement models of stakeholders and consumers in complex attack scenarios, characterized by the presence of legacy systems and the increasing connectivity of data feeds. It has 3 strategic objectives:
1) countering the cyber risks related to highest impact attacks against EPES
2) protecting consumers against personal data breaches and attacks
3) increasing the security of the Energy Common Data Space
All three objectives are equally important, since cyber-criminals are shifting tactics to favour multi-stage attacks in which stealing sensitive data is a precondition for the real attack, and enables them to maximize damage and profits (while traditionally infrastructure cyber-attacks used to be direct attacks to the machinery and typically targeted control systems, not data). Threat actors, especially large ones such as nation-states, also carry out complex attacks that leverage supply chain dependencies, and this trend continues to grow. Likewise, with the transition to scenarios where users are proactively involved, prosumer data is becoming more and more sensitive.
The main ambition of the EU-funded project CyberSEAS (Cyber Securing Energy dAta Services) is to improve the resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions and extended involvement models of stakeholders and consumers in complex attack scenarios, characterized by the presence of legacy systems and the increasing connectivity of data feeds. It has 3 strategic objectives:
1) countering the cyber risks related to highest impact attacks against EPES
2) protecting consumers against personal data breaches and attacks
3) increasing the security of the Energy Common Data Space
All three objectives are equally important, since cyber-criminals are shifting tactics to favour multi-stage attacks in which stealing sensitive data is a precondition for the real attack, and enables them to maximize damage and profits (while traditionally infrastructure cyber-attacks used to be direct attacks to the machinery and typically targeted control systems, not data). Threat actors, especially large ones such as nation-states, also carry out complex attacks that leverage supply chain dependencies, and this trend continues to grow. Likewise, with the transition to scenarios where users are proactively involved, prosumer data is becoming more and more sensitive.
A total of 36 scenarios has been already defined and investigated, and precisely: 5 with respect to Italian Infrastructure; 3 with respect to Slovenian and Croatian Infrastructures; 9 with respect to Finnish Infrastructure; 16 with respect to Estonian Infrastructure; 3 with respect to Romanian Infrastructure.
The Project Coordinator and Technical Coordinator had fruitful interactions with representatives of DG-ENER within the context of the activities of the CyberEPES project cluster. In one of the CyberEPES meetings, DG-ENER suggested that data privacy setup – i.e. understanding how data is protected and how the consent for its usage is managed – is a topic of high interest in the energy community.
The project has designed an interoperable architecture for increasing the security of the Energy Common Data Space. The architecture has been consolidated in the last Plenary Meeting. It is compliant with FIWARE guidelines and features solutions for the protection of data produced on the field, as well as of data extracted from Digital Twins.
In WP1, the following specific objectives have been achieved for WP1: effective coordination and collaboration tools to the project; proper project Administration and Coordination, as well as the interaction of partners; meeting all the requirements for the treatment of EUCI.
In WP2, and WP3 an interdisciplinary analysis of vulnerabilities and failures related to cyber and privacy attacks and data breaches,and the architecture of the project toolset has been released.
In WP4, and WP5 the project delivered the first version of tools.
In WP6, an analysis of the governance models and best practices has been done with regard to data breaches and their responses.
In WP7, the plan for the validation has been released.
In WP8, the stakeholder community has been created and fed with project results.
In WP9, the project website, the visual identity, as well as the dissemination plan were delivered.
The Project Coordinator and Technical Coordinator had fruitful interactions with representatives of DG-ENER within the context of the activities of the CyberEPES project cluster. In one of the CyberEPES meetings, DG-ENER suggested that data privacy setup – i.e. understanding how data is protected and how the consent for its usage is managed – is a topic of high interest in the energy community.
The project has designed an interoperable architecture for increasing the security of the Energy Common Data Space. The architecture has been consolidated in the last Plenary Meeting. It is compliant with FIWARE guidelines and features solutions for the protection of data produced on the field, as well as of data extracted from Digital Twins.
In WP1, the following specific objectives have been achieved for WP1: effective coordination and collaboration tools to the project; proper project Administration and Coordination, as well as the interaction of partners; meeting all the requirements for the treatment of EUCI.
In WP2, and WP3 an interdisciplinary analysis of vulnerabilities and failures related to cyber and privacy attacks and data breaches,and the architecture of the project toolset has been released.
In WP4, and WP5 the project delivered the first version of tools.
In WP6, an analysis of the governance models and best practices has been done with regard to data breaches and their responses.
In WP7, the plan for the validation has been released.
In WP8, the stakeholder community has been created and fed with project results.
In WP9, the project website, the visual identity, as well as the dissemination plan were delivered.
CyberSEAS is advancing the state of the art of protection technologies with several important contributions, specifically tailored to the resilience improvement of complex EPES infrastructures.
With respect to risk assessment, the project is developing tools with advanced features for (i) vulnerability assessment; (ii) cost-benefit analysis; (iii) integrated risk assessment governance; and (iv) support for decision-making on cost-effective investments and implementation of security measures. The new tools provide a unified view of security and safety, which is a very much lacking feature of current offerings.
In the field of Real-Time Data collection and Security Monitoring, the project is developing a Security Information and Event Management (SIEM) + Security Operations Center (SOC) solution which will bring a significant advancement in real-time security and dependability monitoring technologies, and in particular: 1) It will extend SIEM and other security and dependability monitoring technologies from the infrastructure domain, where it is mostly confined today, to a multi-domain view and high-level processes and services in order to perform security-related event processing and monitoring at the service level; 2) It will extend the evaluation and correlation capabilities of real-time security monitoring systems.
As to secure deployment approaches, the project is advancing the SOTA of secure development and deployment support for Trusted Computing (TC), and particularly, Trusted Execution (TE). What makes CyberSEAS solutions extremely attractive is their ability to protect against attackers with high privileges. CyberSEAS solutions make the superior security features of TE technologies seamlessly available to EPES operators, by integrating them in “core-side” components.
In the fields of Certification, Governance, and Cooperation support, it is developing new features which propagate information about detected threats and alerts and make them available to a wide community of cooperating partners (e.g. the EU-wide MeliCERTes platform), thus enabling coordinated handling of hazardous events.
CyberSEAS increases the resilience against different levels of cyber and privacy attacks and data breaches - including personal data breaches - in the energy sector, by delivering an ecosystem of security measures focused on the protection against cyber threats which have the highest impact on business continuity and consumers’ privacy. Cyber protection is delivered at different levels, and precisely: i) At the supply chain level, across all EPES actors involved; ii) At cross-sectorial level, considering potential cascading effects; and iii) At all phases of targeted cyber-attacks related to complex attack campaigns.
The potential social and economic impact of the project is huge: the social costs of potential events are evident not only in terms of casualties but also in terms of social instability and insecurity; from an economic point of view, protection requires huge investments and resources to be put forward by governments and organizations, posing a strong burden, especially in a historical time of economic crisis.
With respect to risk assessment, the project is developing tools with advanced features for (i) vulnerability assessment; (ii) cost-benefit analysis; (iii) integrated risk assessment governance; and (iv) support for decision-making on cost-effective investments and implementation of security measures. The new tools provide a unified view of security and safety, which is a very much lacking feature of current offerings.
In the field of Real-Time Data collection and Security Monitoring, the project is developing a Security Information and Event Management (SIEM) + Security Operations Center (SOC) solution which will bring a significant advancement in real-time security and dependability monitoring technologies, and in particular: 1) It will extend SIEM and other security and dependability monitoring technologies from the infrastructure domain, where it is mostly confined today, to a multi-domain view and high-level processes and services in order to perform security-related event processing and monitoring at the service level; 2) It will extend the evaluation and correlation capabilities of real-time security monitoring systems.
As to secure deployment approaches, the project is advancing the SOTA of secure development and deployment support for Trusted Computing (TC), and particularly, Trusted Execution (TE). What makes CyberSEAS solutions extremely attractive is their ability to protect against attackers with high privileges. CyberSEAS solutions make the superior security features of TE technologies seamlessly available to EPES operators, by integrating them in “core-side” components.
In the fields of Certification, Governance, and Cooperation support, it is developing new features which propagate information about detected threats and alerts and make them available to a wide community of cooperating partners (e.g. the EU-wide MeliCERTes platform), thus enabling coordinated handling of hazardous events.
CyberSEAS increases the resilience against different levels of cyber and privacy attacks and data breaches - including personal data breaches - in the energy sector, by delivering an ecosystem of security measures focused on the protection against cyber threats which have the highest impact on business continuity and consumers’ privacy. Cyber protection is delivered at different levels, and precisely: i) At the supply chain level, across all EPES actors involved; ii) At cross-sectorial level, considering potential cascading effects; and iii) At all phases of targeted cyber-attacks related to complex attack campaigns.
The potential social and economic impact of the project is huge: the social costs of potential events are evident not only in terms of casualties but also in terms of social instability and insecurity; from an economic point of view, protection requires huge investments and resources to be put forward by governments and organizations, posing a strong burden, especially in a historical time of economic crisis.