Energy Shield

View this email online

We are happy to deliver the nextEnergyShield newsletter. This time, we show the different activities, we participated in since the last newsletter. Furthermore, we give insights to the contribution of L7 Defense and SIGA and list the deliverables that we provided up till our first review.

Events with EnergyShield participation

PSI presents EnergyShield at the E-world
EnergyShield is part of
EnergyShield project was accepted in project hub. is the European observatory of research and innovation in the field of cybersecurity and privacy.
EnergyShield webinar a complete success
Finally, more than 90 people logged in to listen to the talks of Robert Lagerström (KTH), Erik Ringdahl (foreseeti), and Simon Hacks (KTH) given on July 9.
EPES Projects decide to collaborate
SIMAVI and NTUA initiated a workshop to bridge communication between all three projects funded under SU-DS04-2018-2020 call. The aim of this workshop was to introduce the projects, identify similarities and explore collaboration opportunities. EnergyShield, PHOENIX and SDN micro-SENSE projects were introduced by leading partners. In total, 38 representatives of the three projects participated in the workshop.

Partner Presentations

We have started to give a more detailed description of the contribution of each of our consortium partners:

L7 Defense
L7 Defense Israel LTD contributes to the Energy Shield project with their tool Ammune™. Ammune is a state-of-the-art AI (Artificial intelligent) and ML (Machine learning) cyber-security solution to be applied to the identified scenarios to defend the smart grid against DDoS attacks.
SIGA OT Solutions
The anomaly detection tool in EnergyShield is based on the solution and technology developed by SIGA OT Solutions, a company which provides OT monitoring and anomaly detection for ICS\SCADA in industrial and critical infrastructure applications. SIGA offers a unique and innovative approach to monitor critical assets and process at level 0 of any cyber-attack that affects the operation, malfunctions, system failures or deficiencies of the critical asset.

Provided Deliverables

Since the last time, we have provided different deliverables:

D1.4 System architecture v1
The key objective of this task will be to create the overall architecture of the EnergyShield toolkit. Towards this scope, the specification of the various components of the system and the system as a whole will be designed to fulfil the existing requirements of stakeholders, but also being extensible to future demands. The architecture will be modular, so that each individual component can be upgraded independently by the relevant technology provider. The architecture will also be integrated, meaning that the different EnergyShield modules will be able to exchange information, therefore providing significant value-add in comparison with independent cybersecurity solutions operating in silos.
D2.1 Socio-cyber-physical threat model
In practice, enterprise decision-makers consult experts, e.g., network penetration testers. While consulting experts certainly is valuable, resulting estimates come with three significant limitations: they are only valid for 1) the time that they were carried out, 2) the parts of the enterprise architecture that were studied by the expert, and 3) the competence of the consulted expert. These limitations are especially problematic given the dynamic nature of enterprise IT systems and the lack of resources available for analyses. We will therefore implement an easy to use socio-cyber-physical threat model reflecting the needs of the EPES sector.
D2.2 Updated security culture framework and tool
The aim of this deliverable is to present the underlying Security Culture Framework which shall allow automated planning and implementation of security culture programmes.
VA tool release incl. usability and performance report
We will implement an easy to use Vulnerability Assessment (VA) tool for the EPES sector, allowing security analysis by attack simulations, testing the cyber security resilience over time, holistically and in a low-bias manner.
Anomaly detection tool release
We’ve extended the SIGA anomaly detection engine to use various new approaches to timeseries analysis. We developed a new additional planned algorithmic layer focusing on phase detection and transitions. We improved significantly the informative linkage between the anomaly and the raw data generating it. We created a new low footprint agent intended to run on selected new models of PLC, either solely or in parallel to operational functionality. We have added new raw I/O data sources to process analysis and anomaly detection. We have used the same algorithmic abilities to be applied on the process information from higher levels above the existing level 0/1 connection (in parallel or instead the low-level data).
DDoS mitigation tool release
The tool has been extended to consider smart meter botnets and attacks using the AMI as a vector. In parallel to this, analytical models have been developed to better understand attack parameters and to explore new dynamics unique to the smart grid context. Both were explored using realistic network simulations to validate the approach. These simulations also provide a means to begin defining how DDoS information can be defined, captured, and measured for sharing with other tools.
SIEM tool release
The current document describes the Security Information and Event Management tool. This deliverable provides detailed definition of SIEM’S components, such as Event Logging, Secure Authorization with role based access, Monitoring, Alerting, Visualization and System Diagnostics
Data privacy and data security report
This task aims at developing a searchable encryption tool that can allow the security analyst to anonymise and search data in the encrypted domain using the state-of-the-art homomorphic encryption techniques. It can extract any type of security event data and can provide the necessary levels of access control for multiple parties to search based on policies. It can also help the analysts to develop threat graphs on the anonymised data so that the privacy on the nodes and devices are protected. The tool is GDPR compliant and is scalable and can handle single, multiple key words and string queries. In addition, it can also do ranked searching in the encrypted data providing a list of most frequently occurring threats to the security analysts.
Integration and test plan
This task will plan the activities in tasks 5.2, 5.3 and task 5.4 and will create the corresponding deliverable (Integration and Testing Plan). The plan will be based on the architectural document since it relies on dependencies among components. The test plan will contain the testing strategy, testing setup and test cases (preconditions, test execution and expected results). The test cases will be marked passed or failed during task 5.4 and acceptance criteria will be set based on priority and percentage of passed test cases. This testing specification documentation will also aim to stress out platform capabilities (functional and non-functional) in relation with all the defined use cases.
Communication report v1
This report presents the activities of the consortium partners during the first year of the project.
Dissemination report v1
This report analysis the activities of the consortium partners on a quantitative basis.



Bildergebnis für twitter Follow us in Twitter: @EnergyShield_
Bildergebnis für linkedin Join our LinkedIn Group: Energy Shield
Das aktuelle YouTube-Logo See our project video:
To change your subscription, click here.
This project has received funding from the European Union’s H2020 research and innovation programme under the Grant Agreement No. 832907