Final Report Summary - SPARKS (Smart Grid Protection Against Cyber Attacks) Executive Summary:The future smart grid represents a significant evolution in the way electric grids function. At the core of this change is an increased use of Information and Communications Technology (ICT) to implement enhanced monitoring and control. This increased use of ICT makes future smart grids vulnerable to cyber-attacks. Ensuring the cyber security and resilience of smart grids was the target of the EU-funded SPARKS – Smart Grid Protection Against Cyber Attacks – project.The project spent significant effort on analysing and providing guidance on how best practice guidelines and standards for smart grid security, from organizations such as NIST, IEC, and CEN-CENELEC-ETSI, can be applied. The result of this activity is a series of documents that enable smart grid stakeholders to contextualize and apply these resources within their organization. A gap analysis has been performed that can be used by organizations to inform and formulate a position on the future direction of standards for smart grid security.Cyber security risk management for the smart grid has some specific challenges that stem from the fact that it is a cyber-physical system. Consequently, cyber-attacks can have operational – power systems – consequences, as was seen in the attack that took place in the Ukraine in December 2015. The SPARKS project has developed guidelines and tools to support cyber security risk assessment for the smart grid. For example, approaches to threat analysis, using attack graphs, have been developed, along with a classification of the consequences of cyber-attacks. To support the implementation of these guidelines, a toolchain has been developed and validated using the SPARKS demonstration sites.Ensuring the resilience of the smart grid, while under attack, is important. This involves detecting and remediating the effects of cyber-attacks. The SPARKS project has developed two cyber-attack detection capabilities that identify malicious activity in Supervisory Control and Data Acquisition (SCADA) communication traffic and in big data that is collected from operational systems. They close an important gap for detecting cyber-attacks to physical systems. These detection capabilities have been coupled with resilient control strategies that rationalize malicious controller input, and mitigate its potential effect on the physical power system. This novel cyber-physical resilience capability was demonstrated in the AIT SmartEST laboratory.Important field devices, such as smart meters, could be subject to physical tampering. To mitigate this threat, and to have a strong anchor for device authentication, the project has investigated the use of Physical Unclonable Functions (PUFs). This involved developing a unique PUF array, in terms of its size, that can be used to test designs under adverse environmental conditions. The outcomes of this research have fed into standardization activities and supported the realization of a spinout company.These scientific and technology advances need to be considered in the context of important social, legal, and economic aspects. An outcome of the project is an exploration of issues regarding the implementation of the Network and Information Security (NIS) Directive for the smart grid. Furthermore, a study of consumer attitudes towards smart grid cyber security was implemented, which provides useful insights when making strategic investments in security technology. Moreover, the project has developed economic case studies that clearly show the socio-economic impact of not implementing cyber security for the smart grid – the aim is to stimulate investment.All the public deliverables, which summarize these findings, are available on the SPARKS project website (https://project-sparks.eu) including references to the stakeholder engagement events that were organized by the project. Project Context and Objectives:To improve its efficiency and resilience, the smart grid initiative is transforming the traditional power grid into an intelligent utility. A smart grid has been defined as “an electricity network that can cost-efficiently integrate the behaviour and actions of all users connected to it – generators, consumers, and those that are both – to ensure an economically efficient, sustainable power system with low losses and high levels of quality and security of supply and safety.” This will be achieved by capitalising on highly distributed energy sources, and introducing enhanced monitoring and fine-grain control capabilities. As a result, the smart grid concept depends heavily on increased use of Information and Communications Technology (ICT) systems and pervasive interconnectivity to realise its objectives. The significantly increased level of connectivity and use of ICT systems introduces a much-heightened risk from cyber-attack.These risks became manifest in a major power blackout, which was caused by a cyber-attack, that happened in December 2015 in the Ukraine. In general, threats from cyber-attacks have undergone a dramatic increase recently. For instance, a seventeen-fold upturn in cyber-attacks on US infrastructure was reported in between 2009 and 2011. Even our most critical and sensitive energy facilities have been identified as potentially vulnerable – nuclear power plants are secure to cyber-attacks only against attackers whose competence and resources are limited. Even the smallest entity in a smart grid – the smart meter – is far from secure. Demonstrations have shown a smart meter can be used to spread a worm between meters that, if unnoticed by system operators, may result in substantial outages in distribution networks. Moreover, because of the increased use of near real-time monitoring data from the power grid for billing and control purposes, privacy concerns are acutely felt Nevertheless, despite these threats, the transformation of Europe’s power network into a smarter grid is well underway. To meet the smart grid vision of improved efficiency and resilience, it is crucial that present and future cyber security threats are effectively dealt with. Therefore, to improve the cyber-readiness of manufacturers, policymakers and system operators, the SPARKS project has addressed several pressing and urgent challenges in the smart grid domain.The key objectives of SPARKS were to provide an analysis of the current and future grid system in terms of risks, vulnerabilities, and social and legislative concerns; to develop key innovative tools and technologies that provide real-time cyber-protection and monitoring of the grid; and to influence stakeholders through an active programme of engagement, workshops and practical demonstrations. To achieve these objectives, SPARKS brought together a cross-section of leading European and internationally prominent stakeholders in the smart grid community, to deliver a comprehensive work programme that significantly advance European expertise, technologies and awareness in this strategically important area. In more detail, the SPARKS project focused on several important objectives: Objective 1: Engage Stakeholders & Perform DemonstrationsA core objective of SPARKS has been to raise the awareness of stakeholders in the European smart grid community to cyber security concerns and effective protective mechanisms. SPARKS achieved this via the demonstration of attacks, mitigation measures and technologies, using the range of test bed facilities it had at its disposal. This and other activities were facilitated through the comprehensive SPARKS users group. To further foster the attention of policy makers, SPARKS implemented a workshop that was held at the European Parliament. Objective 2: Analyse Smart Grid Security and RiskTo make informed decisions about how to use security mechanisms for smart grid, SPARKS undertook a rigorous cyber security analysis, focusing on the development of a novel risk assessment approach. This is not straightforward: in comparison to existing power grids, the attack surface is far larger and the complexity of the overall system – comprised of heterogeneous ICT, Supervisory Control and Data Acquisition (SCADA) and physical systems – makes vulnerability analysis difficult. Current security and safety standards and methodologies do not address the specific vulnerabilities and risks that are characteristic of smart grid systems. Therefore, SPARKS extended proven security and safety methodologies to the smart grid, in order to integrate safety and security requirements. Objective 3: Analyse and Provide Guidance on the Use of Best Practice GuidelinesOrganizations such as NIST, ENISA, CEN-CENELEC-ETSI, and the German BSI have done a great deal of work specifying architectures and best practices for securing smart grids. The project received early feedback that is should focus on providing context and application guidance for these materials. Therefore, a significant objective of the project was to analyse and provide guidance on how best practice guidelines and standards for smart grid security can be applied. Furthermore, a gap analysis was performed that can be used by organizations to inform and formulate a position on the future direction of standards for smart grid security.Objective 4: Develop Security Measures & ProceduresSPARKS identified several critical gaps in smart grid security technologies and processes that were directly addressed via technology development: (i) current cyber security data analysis approaches are unable to operate on voluminous and heterogeneous data, in order to detect sophisticated cyber-attacks; (ii) there is a gap in detection capabilities for cyber-attacks that target field devices using SCADA protocols; (iii) the resilience of SCADA control systems to attacks is of key concern; and (iv) there is a lack of cost-effective technology to mitigate physical attacks to key devices, such as smart meters. With an understanding of these gaps, a major objective of the SPARKS project was to close these gaps by developing key innovative technologies.Objective 5: Investigate Financial, Social & Legal IssuesThe scientific and technology advances, which were addressed to address the previously mentioned objectives, need to be considered in the context of important social, legal, and economic aspects. To address this issue, the SPARKS project implemented a programme of work that aimed to examine key legislative frameworks from the European Commission, such as the Network and Information Security (NIS) Directive and General Data Protection Regulation (GDPR). Moreover, the project set a goal to examine consumer attitudes to security technologies, which can be used to inform investment decisions in security. Finally, the project targeted the development of economic cases for investing in security technology, based on the potential socio-economic costs of power disruptions that are caused by cyber-attacks.Project Results:The main scientific and technology results and foregrounds from the SPARKS project are aligned to its main objectives. They can be summarized, as follows:Objective: Analyse Smart Grid Security and RiskTo deploy suitable security and resilience solutions for smart grid it is important to analyse the cybersecurity risks. To this end, the project identified the specific challenges associated with risk assessment for smart grid, which includes understanding cyber-physical risks, the interplay between legacy systems and novel smart grid systems, and so on. With a general understanding of these challenges, the project has evaluated the suitability of a widely-advocated risk assessment method for smart grid, namely the Smart Grid Information Security (SGIS) Toolbox, which was proposed by the SGIS working group as part of CEN-CENELEC-ETSI’s response to the EU Mandate 490. This has involved the development of a smart grid use case, including the definition of its information assets.Based on these experiences, the SPARKS risk management process has been developed. The process refers on the one hand to established standards, i.e. it is using the ISO/IEC 27005 information security risk management framework and reused elements from the SGIS Toolbox, and on the other hand makes use of novel SPARKS-specific techniques. A structured approach for threat and likelihood analysis aims at providing better results for analysing multi-stage attacks. A modelling technique based on the SGAM (Smart Grid Architecture Model) provides hereto an appropriate input. The other aspect of risk – the impact side – is analysed by techniques such as event tree analysis and by using simulation (see below).In addition to these activities, partners have investigated modelling approaches that can be used to assess the vulnerability of new control loops that will be required, for example, for Volt-VAR management in the medium and low voltage regions of the smart grid. As mentioned earlier, a specific challenge of risk assessment for smart grid is understanding the physical risk associated with a cyber-attack. To be able to shed light on this challenge, the project developed a co-simulation environment that couples a network simulator (OMNeT++) with a power grid simulator (GridLAB-D). Finally, models have been developed that were used in a second round of risk assessment activity to determine the impact of a cyber-attack to the NIMBUS microgrid. This includes models of both the ICT and power infrastructure, along with detailed stochastic models of the behaviour of specific energy system components, such as a battery storage system. The aim was to try and understand the longitudinal impact of a cyber-attack, such as an Advanced Persistent Threat (APT), on a microgrid.In summary, the main results and foregrounds associated with this objective include:• A risk assessment process that provides guidance on how to conduct cyber security risk assessment for smart grids.• Novel threat analysis techniques that make use of machine-based reasoning and attack graphs to analyse how a smart grid could be attacked using an APT.• A co-simulation framework and models that can be used to analyse the power system consequences of cyber-attacks to smart grids.• Insights into the application of these processes and tools for smart grid use cases, namely a medium-to-low voltage distribution network and a microgrid.These results are described in the following public SPARKS deliverables:• D2.2: Threat and Risk Assessment Methodology• D2.3: Tools for Smart Grid Cyber Security• D2.4: Smart Grid Cyber Security Simulation EnvironmentObjective: Propose Smart Grid Security StandardsSeveral standards for smart grid security and resilience already exist. The SPARKS project has examined and consolidated these existing standards and best practice guidelines, and proposed directions for future work in this area. To this end, the project has investigated the existing security reference architectures that have been proposed by standards bodies, such as the IEC and NIST, and commercial offerings from organisations, such as Cisco and Sandia Labs. To focus this analysis, the project examined these reference architectures and recommendations through the lens of a set of NESCOR cybersecurity failure scenarios – the primary question that was asked is whether these architectures provide meaningful solutions for stakeholders to address these well-understood threats. The outcomes of this analysis are reported in a white paper. In addition, when examining existing best practice guidelines and recommendations, it was observed there is a strong focus on defensive security measures for the ICT components of the smart grid. Whilst these recommendations have a significant part to play in ensuring the safe operation of the smart grid, they omit important operational aspects. These include the need for security analytics tools and approaches for ensuring the operational resilience of the smart grid as a cyber-physical system. These observations form the basis of further recommendations that have been elaborated in deliverables.In summary, the main results and foregrounds associated with this objective include:• An identification of essential resources related to smart grid reference (and security-related) architectures; for each of these resources a brief overview of what it is, any major gaps that or limitations that exist, and recommendations on how they can be used most effectively are provided.• Security-related guidance for the smart grid across four aspects of solution development: (i) establishing an effective secure architecture; (ii) establishing a secure design; (iii) employing modeling and simulation to validate architecture, design and implementation; and (iv) establishing a secure implementation.• An examination of standards related to the major areas covered in the SPARKS work programme; for each area, an identification of the most significant gaps in the relevant standards, focusing on those aspects that have not been explored adequately.These results are described in the following public SPARKS deliverables:• SPARKS Whitepaper: An Assessment of Smart Grid Reference Architectures• D3.2: Smart Grid Security Guidance• D3.3: Smart Grid Security Standards RecommendationsObjective: Develop Security Measures and ProceduresSPARKS identified several critical gaps in smart grid security technologies and processes that were directly addressed via technology development: (i) current cyber security data analysis approaches are unable to operate on voluminous and heterogeneous data, in order to detect sophisticated cyber-attacks; (ii) there is a gap in detection capabilities for cyber-attacks that target field devices using Supervisory Control and Data Acquisition (SCADA) protocols; (iii) the resilience of SCADA control systems to attacks is of key concern; and (iv) there is a lack of cost-effective technology to mitigate physical attacks to key devices, such as smart meters. With an understanding of these gaps, a major objective of the SPARKS project was to close these gaps by developing key innovative technologies. A short summary of these scientific and technology contributions is presented below.Technology: Security Information AnalyticsThe purpose of this technology is to provide agile analytics capabilities through tools that make detailed information available to investigators, for purposes of both incident detection and incident forensics, in the quickest, simplest way possible. The Security Information Analytics (SIA) tool has been successfully demonstrated using data relating to the NIMBUS microgrid in Cork, Ireland. In effect, a big data approach was taken to the numerous sensors and data sources streaming from NIMBUS and a suite of analytics algorithms used this data to train microgrid behavioural models. Both expert knowledge and data-driven machine learning approaches are encoded within the SIA tool. SIA can be thought of as a virtual sensor capable of detecting anomalous and potentially malicious activity taking place within the microgrid, in close to real-time.Technology: Multi-Attribute SCADA Intrusion Detection SystemA multi-attribute SCADA Intrusion Detection System (IDS) has been developed. The IDS is based on Suricata – a high-performance, fully re-architected version of the classic SNORT intrusion detection system, and the ELK open-source toolkit, i.e. Elastic-search, Log-stash, and Kibana (a visualisation tool). The SPARKS IDS can be used in two deployment scenarios:1. Continuous monitoring of internal communications within a substation control network; and2. Analysis of incoming communications emanating from individual substation networks into a centralised control centre.Within the context of the SPARKS demonstrator, which explores power control and resilience in a set of interconnected but distributed photovoltaic (PV) arrays and inverters, the IDS is capable of detecting four primary anomalies:1. Suspicious set point values sent from a controller to a PV inverter;2. Suspicious commands send to an Intelligent Electronic Device (IED);3. Suspicious measurement values generated by a PV inverter; and4. Suspicious responses generated by an IED.The integration of a specialised network IDS, which has a detailed understanding of the ISO/IEC 61850 sub-station automation protocol, enabled SPARKS to successfully demonstrate a true cyber-physical security scenario. This scenario was realized over a smart grid infrastructure that will become increasingly prevalent in years to come. The IEC 61850 protocol is a contemporary SCADA protocol designed to facilitate automation of a wide range of substation equipment. Likewise, the market penetration of PV systems is increasing rapidly, given the improved price/performance ratio of arrays. Technology: Smart Meter Authentication and Key Management using Hardware PUFsA state-of-the-art analysis has been conducted to identify candidate Physical Unclonable Function (PUF) designs that are suitable for use in smart meter applications. A part of this analysis it was identified that PUFs the need to be protected from side channel analysis. A PUF test and evaluation regime was proposed and the architecture of a large-scale PUF testbed has been published. This large-scale PUF testbed has been realised and an automated test acquisition suite was implemented. This is the first publicly available large-scale testbed for testing the statistical properties of PUF designs proposed in the literature. A full evaluation of two PUF designs has been carried out and documented.Technology: Cyber Attack Resilient Control SystemsThe objective of this activity was to design distributed fault monitoring and attack detectors, based on dynamical models of smart grid operations. This involves identifying key control loops that are sensitive to cyber-attacks, and then analysing the relationships between control loops in order to design hierarchies and meshes of overlapping control domains that can operate semi-autonomously and maintain stability (albeit at reduced system performance) in the face of attack or disruption. The original scope of this activity was extended to engage with the cyber-attack detection techniques that were developed in the project. The aim was to explore the possibility of linkage between the cyber domain and attack mitigation activity in the physical domain. That is, anomalies identified in network-based SCADA traffic, or via security information analysis of microgrid information; could be used to trigger resilience measures. This activity resulted in novel approaches to integrating these cyber-physical components and a demonstration of the benefits of this approach in the AIT SmartEST laboratory.In summary, the main results and foregrounds associated with this objective include:• A Security Information Analytics (SIA) tool that can be used to identify anomalous behaviour found in operation data.• An intrusion detection system that is targeted at detecting the misuse of the ISO/IEC 61850 protocol to manipulate field devices, such as PV inverters.• An analysis of PUF designs that are suitable for use in smart meters, along with the specification of a large-scale PUF testbed facility.• Novel approaches to resilient control that can mitigate the manipulation of cyber-attacks to important control systems in the smart grid.• An evaluation and demonstration of the benefits of integrating attack detection capabilities, which detect malicious activities in the cyber domain, and resilient control that aims to mitigate the physical consequences of an attack.These results are described in the following public SPARKS deliverables:• D4.1: High-level design documentation and deployment architecture for Multi-Attribute SCADA Intrusion Detection System• D4.2: PUF enhanced smart meter hardware architecture and an authentication/key management deployment architecture (interim)• D4.3: High-level design documentation and deployment architecture for security information analytics)• D4.4: High-level design documentation (for grid control system) and a deployment architecture for the monitoring solution• D4.5: PUF enhanced smart meter hardware architecture and an authentication/key management deployment architecture• D6.4: SPARKS Cyber Security Demonstration OutcomesObjective: Investigate Financial, Social & Legal IssuesThe aim of these activities was twofold: (i) to inform decision makers from smart grid operators about the costs and benefits of investing in measures for improving cyber security; (ii) inform policy makers on a national and EU level about existing legal requirements for the protection of smart grids, and identify potential shortcomings. Additionally, awareness about possible conflict areas between the aim for a comprehensive security and the society’s concerns of an over boarding security and privacy deficits were addressed.To this end, a report was prepared that discusses the societal costs of smart grids and measures for their protection, from a research perspective. A part of this report presents a scenario-based analysis of the economic welfare losses of successful cyber-attacks to power systems. This assessment estimates the costs of power outages in four geographical regions in the EU, and considers smart grids of three different sizes. For each of these synthetic smart grids, which we refer to as economic testbeds, power outages are simulated and their economic impact is tabulated. This is done to allow smart grid operators to get an approximate understanding of the economic impact that a successful cyber-attack can have to their service area. Building on this activity, two important reports provide a cost-benefit analysis and elaborate on the financial costs of cyber security in certain business cases and levels that will encourage their use by stakeholders, e.g. equipment vendors and network providers, costing models for three economic test beds, which define exemplary smart grid architectures including costings. Recent EU provisions address cyber security and data protection in an increasingly digital world (e.g. the Network and Information Security (NIS) Directive and the General Data Protection Regulation (GDPR)). To provide guidance to national bodies and relevant industry, an analysis of directives and regulations concerning legal issues about cyber security for smart grids was prepared. In addition to the legal analyses, an economic survey experiment was carried out to identify the urgency of digital security of energy consumption data to households. Together, these analyses provide a deep understanding of the legal and societal aspects of cyber security, and inform policy makers which issues deserve further attention.In summary, the main results and foregrounds associated with this objective include:• An analysis of the economic cost of cyber-attacks to smart grids, which can be used by operators to understand potential impacts in their service area.• A cost-benefit analysis that motivates investment in cyber security technologies for the smart grid.• An assessment and guidance on the implementation on important new European legal frameworks, i.e. the NIS Directive and GDPR, for the smart grid.• The results of a study that examines attitudes toward cyber security for the smart grid, which can be used to inform strategic decision making.These results are described in the following public SPARKS deliverables:• D5.1 and D5.2: Business Cases for SPARKS Smart Grid Cyber Security Measures• D5.3: Understanding the Societal Cost of Smart Grid Cyber Attacks• D5.4: Smart Grid Cyber Security: Advice to Policy Makers on European Level - Legal and Social IssuesPotential Impact:Impact During the Project PeriodThroughout the SPARKS project, there has been a strong focus on stakeholder engagement, with the aim of raising awareness about cyber security issues for the smart grid and creating impact. A major part of the engagement programme has been a series of events that have demonstrated, in the first instance, a credible threat to smart grid systems, and, at a later stage, technologies and scientific contributions that can be used to address this threat. Because of this stakeholder engagement programme, it is arguable that the project has had impact on several key smart grid stakeholder groups, including:1. Policy makers: during the project lifetime, major new European legislation emerged in the form of the Network and Information Security (NIS) Directive and General Data Protection Regulation (GDPR). There are key open questions regarding the implementation of these new stipulations by Member States for the smart grid. The SPARKS project organized a workshop at the European Parliament to demonstrate the nature of the cyber security threat for the smart grid, as an awareness raising exercise, and to raise and discuss important questions about the implementation of the NIS Directive and GDPR. A report on these questions and the outcomes of the discussions were socialized within the Commission, helping to inform policy-level decision making.2. Scientific research community: the SPARKS project has implemented a strong scientific engagement and dissemination programme. In addition to stakeholder engagement events that were implemented as part of the core work programme, the project has published widely in high quality scientific conferences and journals; organized two workshops and a special session on smart grid cyber security (producing published proceedings); held several panel sessions at academic conferences; and supported several Post-Graduate students with their research. The project has written a book on smart grid cyber security, which can be used by researchers. In addition to these activities, the SPARKS project has maintained a strong liaison programme with closely-related national and European research projects, such as the SEGRID, SALVAGE, and HyRiM projects. 3. Utilities and solutions providers: through the SPARKS stakeholder events, the project has influenced the mindset and raised awareness of cyber security issues in the smart grid with industry stakeholders. Feedback from the multi-stage cyber-attack demonstrated that was shown at the stakeholder events regularly indicated that participants have a better understanding of the nature of the challenge, including the potential impact such an attack could have on operational infrastructures. Furthermore, the project has been presented at numerous industry-related events, including European Utility Week, as part of an industry-oriented awareness raising programme. As well as strong industry interest from smart grid stakeholders, there has been interest from industry players in closely-related markets, such as the Internet of Things (IoT).4. Standards bodies: as part of the project’s research on consolidating best practice guidelines and standards, the project has engaged with key organizations in this context, to provide feedback. For example, in the early stages of the project, feedback was given to the U.S. National Institute for Standards and Technology (NIST) and the Electric Power Research Institute (EPRI) on the utility and future directions of their guidance material. In Europe, the project has engaged with the European Network and Information Security Agency (ENISA) about future directions for smart grid guidance, leveraging the analysis that was conducted on smart grid security standards. Moreover, the project has contributed to the delivery of material at the Council of European Energy Regulators (CEER) training events, raising awareness within the regulator community. Also, the project has made a noteworthy contribution to ISO/IEC JTC 1/SC 27 N15362 on security requirements and test methods for Physical Unclonable Functions (PUF) for generating non-store security parameters.Collectively, these engagement activities have undoubtedly had significant impact of the various stakeholder communities that have been targeted. Exploitable ResultsAfter performing an analysis of the scientific and technology outcomes from the SPARKS project, it has been identified that the exploitable results from the project can be organized into five main categories:1. Risk Analysis and Management Solutions: including risk assessment guidelines, techniques and tools for addressing the specific challenges of risk management for the smart grid.2. Integrated Attack Detection and Resilient Control Capabilities: including a Security Information Analytics (SIA) tool; Supervisory Control and Data Acquisition (SCADA)-specific intrusion detection system; resilient control strategies for centralized and decentralized mitigation of cyber-attacks that target operational consequences; and research insights that have emerged from integrating these capabilities.3. Physical Unclonable Functions: including foreground on the suitability of PUF designs for application in smart meters; approaches to testing these designs, including how to construct large-scale PUF testbed facilities; datasets that have been produced during the evaluation of PUF designs; and novel approaches to key distribution.4. Standards Consolidation: including guidance on the context and application of well-established best practice guidelines and standards from bodies such as NIST, ENIA, CEN-CENELEC-ETSI, and IEC; and pointers to key areas where standards and guidelines need to be extended to address emerging sophisticated threats and novel smart grid architectures.5. Financial, Legal and Social Analyses: including guidance on the implementation of the NIS Directive and GDPR for the smart grid; finding from a macro-economic analysis of socio-economic costs that emerge from a cyber security induced power outage to a service region; insights from a unique study on consumer attitudes toward cyber security in the smart grid; and the findings from a detailed analysis of the costs of a cyber-attack.Based on these results, the project consortium has identified two main pathways that enable them to be exploited: (i) through research and education; and (ii) towards commercialization. In general, the academic and research institutions in the project are focused on the former pathways, whereas the industry partners have a primary interest in commercialization. A summary of how the project results have already been exploited and are planned to be, using these pathways, follows.Research and Education ExploitationThe outcomes from the SPARKS project have formed the basis for and informed the research in several closely-related research projects. For example, the results that are related to risk analysis and management solutions have been used to inform approaches to risk assessment in two national projects that AIT lead: the hybrid-VPP4DSO and RASSA projects. In both cases, the risk management guidelines have been used to inform how these projects should determine the risks associated with the introduction of novel energy services and architectures. Additionally, several new projects have been awarded that leverage the insights and technology outcomes from SPARKS. For example, the SEREN project, which will start in October 2017, builds on the analytics activities that have been realised by DELL EMC to develop a versatile plug-and-play platform enabling remote predictive maintenance. Similarly, UTRC have made use of SPARKS project results to inform their research in the ANASTACIA project, which is investigating advanced networked agents for security and trust assessment in CPS / IOT architectures. Meanwhile, AIT will build on their research in the SPARKS project in a Cooperative Research Project (CRP), which is support by the IAEA, on enhancing computer security incident analysis at nuclear facilities (CRP J02008). Similar activities have been realized by other SPARKS partners, including Fraunhofer AISEC, Queen’s University Belfast, KTH Royal Institute of Technology, and the Energie Insitut at JKU. These activities show how the results from SPARKS can be applied to smart grid problems and in other domains, such CPS, IoT and nuclear facilities. In terms of using the SPARKS outputs for education, several activities can be highlighted. Queen’s University Belfast apply the findings from the project in their MSc in “Applied Cyber Security Cyber Attack & Defence Strategies”, which has 50% industry-based students. Similarly, KTH have exploited the research findings from SPARKS to develop a PhD course on “Cyber-Physical Security of Networked Control Systems”. AIT will use the results from SPARKS, including the cyber-attack demonstration capability, to develop a workshop on incident response for combined Information Technology (IT) and OT (Operational Technology) environments, which is being supported by the Austrian KSÖ. Furthermore, there are plans to use the findings from the project as a basis for a tutorial series that is associated with the Österreichische Verband für Elektrotechnik (ÖVE).Commercial ExploitationSeveral commercial activities are planned that make use of the SPARKS results. For example, DELL EMC are investigating how the findings from the project can be incorporated into their product offerings. Landis+Gyr are using the SPARKS project results on PUFs to inform their innovation pipeline, and the outcomes from the standards analysis activities to focus internal awareness and educate customer-facing teams. Similarly, UTRC are investigating how the findings from the project, especially those related to security analytics and resilient control, can be leveraged. The results from project can be directly tied to the creation of two spin-out companies: Sirona Technologies Ltd. will commercialize the PUF technology investigated in the project, with applications in the aerospace and defence sector, and a spin-out called DITACA will leverage results on intrusion detection to support an offering that aims to secure distributed critical systems via the cloud.Based on this summary, it can be seen the results from the SPARKS project have already been exploited in various ways by project partners, and will continue to form the basis of exploitation activities in the future. Dissemination ActivitiesThroughout the lifetime of the SPARKS project, an ambitious stakeholder engagement programme has been implemented. The overall objective of the project’s stakeholder engagement activities was to disseminate the project results among the scientific community, key industry players, potential end-users, and the public. Throughout the project, the SPARKS stakeholder group was used a primary source of requirements and a dissemination channel. The size of the group has grown throughout the lifetime of the project. There are 95 individual stakeholders, which represent a diverse set of organization types. The primary means of engagement with the stakeholder group has been via the SPARKS stakeholder events. Additionally, emails have been sent to the stakeholder group, highlighting new project results and relevant news items.The SPARKS project has published numerous journal and conference papers – twenty-seven, in total – in high quality outlets, indicating the quality of the research produced in the project. Complementary to these publications, a book on smart grid security was produced. The chapters of the book were almost exclusively (except for one chapter) written by members of the SPARKS consortium. The target audience of the book includes forward-looking practitioners (e.g. DSOs and solutions providers) and researchers that wish to gain a broad insight into the challenges and solutions for securing the smart grid. Moreover, members of the SPARKS consortium have presented the project’s research at several academic and industry forums, such as the European Utility Week and IoT Solutions World Congress. In total, four PhD students have been supported by the SPARKS project.The project has maintained an active online presence, primarily through its website (https://project-sparks.eu). The website contains details about the project’s objectives, publications and results. Moreover, the details and results from the events that have been organized by the project are available on the project website. Twitter has been used to communicate with the stakeholder community – at the end of the project, 118 people are following the SPARKS Twitter account. A video is available on the SPARKS project website that aims to summarize the major findings from the project. An active liaison programme has been implemented with closely-related research projects. The aim of these activities was to improve the impact of the project, via the organization of shared events and publications, and to ensure the project’s research activities are well-aligned with other initiatives. More specifically, the project has closely interacted with the European SEGRID, SALVAGE, HyRiM, SUCCESS, and Nobel Grid projects. Moreover, engagement with national initiatives has occurred, including the RCUK-funded CAPRICA project. Throughout the lifetime of the SPARKS project, several stakeholder engagement events have been organized. In the earlier stages of the project, these events served as a platform for gathering requirements. In the later stages of the project, meanwhile, the primary aim of these events was to raise awareness of the smart grid security challenge, and to disseminate the project’s findings to the stakeholder community. A recurring component of the SPARKS events has been the demonstration of a multi-stage cyber-physical attack to smart grid systems. Furthermore, as the project developed demonstrable solutions to the cyber-attack, they were presented at these events. This culminated in the demonstration of an integrated cyber-physical solution for attacks to smart grids, which was presented at the SPARKS final event. The project organized two workshops that aimed to examine the socio-legal aspects of smart grid cybersecurity. Specifically, an MEP workshop was held at the European Parliament in 2016 and an end-user stakeholder workshop was held in Vienna, hosted by AIT.In addition to these events, the project organized workshops at the Cyber-Physical Systems (CPS) Week event in 2016 and 2017. The workshop was called Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG) and solicited papers on topics related to smart grid security and privacy. Submissions were subjected to a peer review process, with those accepted being published by the IEEE (2016) and ACM (2017). The workshops were co-organized with the EU-funded SEGRID and ERA-Net Smart Grid+-funded SALVAGE projects. Furthermore, a special session was organized on smart grid security at the Industrial Control Systems Cyber-Security Research (ICS-CSR) symposium in 2016.List of Websites:Project Website: https://project-sparks.euProject coordinator contact details:Dr Paul SmithCenter for Digital Safety & SecurityAIT Austrian Institute of Technology GmbHDonau-City-Straße 11220 Vienna, AustriaT +43 50550-4007M +43 664 88390031E paul.smith@ait.ac.at
