PHOENIX performed identification, analysis and modelling of EPES’ cyber threats, deriving threat scenarios and attack trees related to PHOENIX LSPs. Categorization of assets and systems into secure tiers has been assisted by a risk assessment methodology and an automation tool for calculating the combined Risk Rate per LSP.
The Secure and Persistent Communications (SPC) Layer supports secure communication and persistence of CTI data based on STIX and TAXII, offering security over legacy protocols as well as data persistence and non-repudiation through the inter-Ledger component. PHOENIX has delivered two variants (TRL7) of the Universal Secure Gateway (USG), as a secure network edge device, directly connected with existing/legacy EPES assets.
Active cybersecurity in PHOENIX relies on AI-based Situation Awareness, Perception and Comprehension (SAPC) and Incidents Mitigation and Enforcement Countermeasures (IMEC). These include privacy-preserving federated learning for uncovering anomalies on time series, a multi-step threat detection co-simulator to detect threats and incidents, as well as and their integration with TRT’s Myriad-based Decision Support System and mitigations’ assessment by LSPs. Demonstrations have been conducted in the context of LSPs, calibrating impact assessment of attacks and mitigations.
The Pan-European EPES Incidents’ Information Sharing Platform (I2SP) targets coordinated/cascading attack detection at pan-European level. CTI sharing policies have been implemented, supporting pan-European collaboration and communication between CERTs and Utilities, in line with the NIS Directive.
The privacy requirements of PHOENIX have been covered into PRIMULA, which enables consent-driven management of personal and confidential data and auditing functionalities and reputation mechanisms to assess party’s reputation based on behavior perception, leveraging on smart contracts and advanced consent information among parties.
At the level of integration, the PHOENIX DevSecOps lifecycle includes automated Static/Dynamic application security testing in the Continuous Integration and Continuous Delivery processes. The final PHOENIX framework released based on standardized communication protocols and patterns. PHOENIX adopts cloud-native approach, following the service mesh networking paradigm, and automates deployment to the extent possible, through a simple and fast configuration and installation script.
The PHOENIX framework has been piloted in the 5 LSPs against a wide and representative set of attack scenarios. For all LSPs, PHOENIX has conducted detailed Risk impact assessment and certified penetration testing. The PHOENIX framework capability in managing attack scenarios, as well as the attack detection potential by means of ML techniques and CMS operation, have been exhaustively validated. PHOENIX replication guidelines have been released on how to install the platform in different pilot environments.
The project has been active in impact creation activities, publishing 11 scientific papers and co-organizing or participating in reputable events, such as ENLIT Europe, Cyber4Energy, etc., and has organized a highly attended final PHOENIX workshop. PHOENIX has co-organized two “Standardisation and Dissemination” events and has been presented to stakeholders associations such as CIPRE and ESMIG. PHOENIX is part of BRIDGE and has led the establishment of the Cybersecurity Innovation Cluster for EPES, among four H2020 projects.
PHOENIX has also a notable online presence via its website (
https://phoenix-h2020.eu(öffnet in neuem Fenster)) and social media accounts. Furthermore, the project exploitation strategy has been defined, referring to both joint and individual exploitation of the identified Key Exploitable Assets (KEA) by the PHOENIX Consortium through well-defined business models.
