Skip to main content

Electrical Power System’s Shield against complex incidents and extensive cyber and privacy attacks

Periodic Reporting for period 1 - PHOENIX (Electrical Power System’s Shield against complex incidents and extensive cyber and privacy attacks)

Reporting period: 2019-09-01 to 2021-04-30

The strong interconnection of utilities’ IT and OT networks, as well as the high complexity of Electrical Power and Energy System (EPES) systems, being widely dispersed and diverse and the increased penetration of digital services, has extended the attack surface of EPES, rendering them vulnerable. Moreover, consumers’ and prosumers’ ability to gain direct access to the EPES not only increases the risk of cyberattacks but may also incur potential privacy infringements. PHOENIX aims to cyber-secure European EPES infrastructure enabling cooperative attack detection of large scale, guarantee the continuity of operations and minimize cascading effects against the infrastructure itself, the environment and the end-users, at reasonable cost.

PHOENIX will realise 3 strategic goals:

(1) Strengthen EPES cybersecurity preparedness by employing security a) “by design” via novel protective concepts for resilience, survivability, self-healing and accountability, and b) “by innovation” via adapting, upgrading and integrating a number of tools and validating them in real-live large scale pilots (LSPs);
(2) Coordinate European EPES cyber incident discovery, response and recovery, contributing to the implementation of the NIS Directive by developing and validating at national Member States and pan-European level, a fully decentralized inter-DLT-based (Distributed Ledger Technologies), near real-time synchronized cybersecurity information awareness platform, among authorized EPES stakeholders, utilities, CSIRTs, ISACs, CERTs, NRAs and the strategic NIS cooperation group;
(3) Accelerate research and innovation in EPES cybersecurity by offering relevant tools and services including a secure gateway, privacy preserving federated Machine Learning algorithms and establishment of certification methodologies and procedures through a Cybersecurity Certification Centre.
PHOENIX performed identification, analysis and modelling of EPES’ cyber threats, deriving threat scenarios and attack trees related to PHOENIX LSPs. PHOENIX also performed categorization of assets and systems into secure tiers, assisted by a risk assessment methodology and an Excel-based tool automating the calculation of the combined Risk Rate per PHOENIX LSP. Further, the LSP requirements have been considered in the design of the PHOENIX framework architecture.
The Secure and Persistent Communications (SPC) Layer was designed, developed and released in two versions, to achieve cyber-protection of EPES assets and networks. It offers security over legacy protocols as well as data persistence and non-repudiation by adopting DLTs. PHOENIX delivered the first version of the Universal Secure Gateway (USG), as a secure network edge device, directly connected with existing/legacy EPES assets. Furthermore, several “by-design” options to increase the resilience, availability and reliability of EPES systems have been investigated, largely adopting cloud native oriented architectures.

At the level of active cybersecurity, PHOENIX developed AI-based services, which support Situation Awareness, Perception and Comprehension (SAPC) and Incidents Mitigation and Enforcement Countermeasures (IMEC). These include privacy-preserving federated learning techniques for uncovering anomalies, co-simulator approaches and their integration into a decision support system, conducted over data gathered at the trial sites, as well as optimal calculation of Mitigation Strategies to assist the risk management of the EPES.
The Pan-European EPES Incidents’ Information Sharing Platform (I2SP) of PHOENIX has been designed and is being developed mostly targeting at coordinated/cascading attack detection at pan-European level. Focus has been laid on the definition of sharing policies, supporting pan-European collaboration and communication between CERTs and Utilities. PHOENIX has developed the services supporting the PHOENIX Security and Privacy as a Service model, at a close-to-final version.
The privacy requirements of PHOENIX activities have been analysed, relevant technical requirements and policies have been developed and the data management plan has been determined in 2 versions. PHOENIX has developed the first version of Privacy Protection Enforcement (PPE) component, offering services towards uncovering data breaches, leveraging on smart contracts and advanced consent information among parties.
At the level of integration, the PHOENIX DevSecOps lifecycle has been defined and applied, enabling automated Static/Dynamic application security testing in the Continuous Integration and Continuous Delivery processes. Development and integration guidelines have been released to enable graceful and efficient technical cooperation among the partners. The first version of the integrated PHOENIX framework has been released, integration been catalysed via standardized communication protocols and patterns.
With respect to piloting of the PHOENIX framework, preparatory work has been conducted for the pilot execution at the 5 LSPs and the results of initial pilot activities conducted have been made available.

The project has been active in impact creation activities, publishing 5 papers in peer-reviewed journals and conferences (2 are also pending evaluation) and participating in over 20 physical or remote events. PHOENIX is part of the BRIDGE community and has led the establishment of the Cybersecurity Innovation Cluster for EPES, featuring four H2020 projects. PHOENIX has also a notable online presence via its website ( and social media accounts. Furthermore, the project exploitation strategy has been defined, referring to both joint and individual exploitation of the identified Key Exploitable Assets (KEA) by the PHOENIX Consortium.
PHOENIX is expected to deliver a framework to ensure the security of EPES, achieving secure integration of OT and IT processes. PHOENIX will add resilience-, survivability-, self-healing, and privacy-by design features to EPES infrastructures, while delivering tools that will cater for EPES network and data security, AI-based cooperative attack detection and mitigation as well as preservation of end-users' data privacy. At pan-European level, PHOENIX is expected to fill in the communication and cooperation gaps among EPES stakeholders, utilities, CSIRTs, ISACs, CERTs, NRAs and the strategic NIS cooperation group by enabling controlled CTI sharing, as well as coordinated/cascading threat/attack detection and mitigation.
The European society will benefit from more secure EPES operation, in turn increasing grid stability and security of supply and ensuring the desired availability not only of energy, but also, other critical infrastructures.
PHOENIX leverages significant reduction of cybersecurity related expenses for the EPES operators and is expected to nurture new business models related to AI-driven solutions in EPES cybersecurity.
PHOENIX can accelerate the adoption of the EU Cybersecurity strategy and the NIS Directive, while it aligns with the European goals for the Digital Decade, especially towards secure and sustainable digital infrastructures and digitalization.
European citizens will enjoy smooth interaction with demand side management applications and the smart grid in general, which will be less prone to cyberattacks and more privacy-preserving.