SPEAR: Secure and PrivatE smArt gRid

The Smart Grid (SG) paradigm is the next technological leap of the conventional electrical grid, contributing to the protection of the physical environment and providing multiple advantages such as increased reliability, better service quality, and efficient utilization of the existing infrastructure. Despite the fact that it brings beneficial environmental, economic, and social changes, the current SG infrastructure possesses important security and privacy challenges. In particular, the heterogeneity of the devices used in the SG and the communication protocols, as they adopted from the legacy grid, present severe security gaps. Furthermore, the existence of legacy technologies, such as the Supervisory Control and Data Acquisition (SCADA) systems, increase the potential risks, since these systems seem unable to integrate modernised security solutions. The security threats in SG mainly target on the availability, integrity, and confidentiality of individual entities, including Denial of Service (DoS) attacks that aim to disrupt the network services and cause significant damages, such as a power outage, false data injection attacks that can modify the data of smart meters, and Man in the Middle (MiTM) attackcs that may violate the systema data privacy. Apart from these threats, the Advanced Persistent Threat (APT) attacks are even more dangerous. APTs specifiy a set of organized and long duration attacks by security specialists against a particular target, e.g. a power generator. The latest cybersecurity incidents against critical infrastructures, such as the Stuxnet worm against Ukrainian substations, indicate the high impact of the sophisticated attacks against critical infrastructure.

As society is becoming increasingly dependent on SG, new technologies are required to address modern cybersecurity incidents. In the light of the aforementioned remarks, Secure and Private Smart Grid (SPEAR) project aims at:

(1) To define a robust system architecture for providing situational awareness in relation to cyber security threats.
(2) To build attack detection mechanisms and promote operational resilience in SG.
(3) To increase the situational awareness in SG networks.
(4) To create and maintain an anonymous repository of SG incidents.
(5) To provide smart network forensics subject to data protection and privacy.
(6) To empower EU-wide consensus of cybersecurity in SG systems.
(7) To validate the SPEAR architecture capabilities in proof-of-concept use cases.
(8) To design an innovative business model and conduct a techno-economic analysis to strengthen the role of European smart grid and cybersecurity industry in the global market.

SPEAR is a research programme funded by the H2020 framework of the European Union (EU) under the Grant Agreement (GA) 78701. The purpose of SPEAR is threefold: (a) to detect timely potential intrusions and anomalies against the smart electrical grid, (b) to provide a Forensic Readiness Framework (FRF) and (c) to increase cybersecurity-related situational awareness. Based on the aforementioned remarks, the SPEAR platform consists of three main architectural systems: (a) SPEAR SIEM, (b) SPEAR FRF and (c) SPEAR Cyber Hygiene Framework (SPEAR CHF). Each system includes several components collaborating with each other in order to detect and mitigate cyberattacks against the smart electrical grid in a timely manner. During the final reporting period, all the SPEAR components were implemented and demonstrated successfully in four use cases/pilot, namely (a) Hydropower Plant Scenario, (b) Substation Scenario, (c) Combined IAN and HAN Scenario (d) Smart Home Scenario. Therefore, all the SPEAR objectives, as described in the Grant Agreement (GA), were accomplished. For each use case/pilot, the expected target values for each Key Performance Indicator (KPI) were achieved. Based on the SPEAR components and their services and algorithms, 33 research papers were published in international scientific journals, conferences and workshops, such as, for instance, IEEE Communications Surveys and Tutorials (IF: 25.25) IEEE Transactions on Network and Service Management (IF: 4.195) and Computer Networks (4.474). Moreover, SPEAR received two best paper awards. With respect to the exploitation activities, it is noteworthy that based on the SPEAR outcomes, MetaMind Innovations, the first spin-off of the University of Western Macedonia, was created in May 2021. In a similar manner, three business-to-business agreements are prepared between (a) SCHN ES and TEC, (b) SCHN ES and UOWM and (c) PPC and UOWM. Furthermore, all the technical partners are planning to exploit their SPEAR-related outcomes. Finally, all the dissemination KPIs, as described in the Grant Agreement (GA) (Table 2.1) were accomplished and SPEAR was interconnected with pan-European communities, such as EE-ISAC.

The innovative points of each SPEAR component reflect how SPEAR goes beyond the State-of-The-Art (SoTA). More specifically, in contrast to current Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) platforms, the SPEAR SIEM is capable of detecting a wide range of cyberattacks and anomalies against the smart electrical grid. In particular, SPEAR SIEM can recognise a wide range of cyberattacks and anomalies against industrial protocols, such as Modbus, Distributed Network Protocol 3 (DNP3), Bacnet, IEC 61850 (Manufacturing Message Specification (MMS)), MQTT and IEC 60870-5-104. To this end, custom Deep Learning (DL) models and datasets were implemented. Moreover, SPEAR SIEM adopts advanced visual analytics that automatically discriminate potential electricity-related anomalies and disturbances. Finally, based on the various security events, SPEAR SIEM can recalculate the trust value of each asset through fuzzy logic rules. In a similar manner, the SPEAR honeypots can emulate any industrial protocol, taking full advantage of Artificial Intelligence (AI) techniques, such as Generative Adversarial Networks (GANs). Finally, the SPEAR Repository of Incidents (SPEAR RI) allows the various energy stakeholders to communicate with each other, exchanging cybersecurity events, without affecting their reputation since advanced anonymisation mechanisms protect the sensitive aspects.