3rd International Workshop on Electrical Power and Energy Systems Safety, Security and Resilience (EPESec 2022)

As a participant, we gladly invite you to attend this event: the 3rd International Workshop on Electrical Power and Energy Systems Safety, Security, and Resilience (EPESec 2022). The event will take place from August 23–August 26, 2022, in Vienna, Austria.


The forthcoming smart energy ecosystem is considered as the next-generation power system, which promises self-healing, resilience, sustainability, and efficiency to the critical energy infrastructure. However, due to the increasing digitization of the energy infrastructure, the risk of cyberattacks has risen dramatically, while as the smart energy and power grid is reaching every house and building, the potential of attracting cyber-attackers is magnified. Additionally, legacy systems constitute weak points of failure since they were designed in times when cybersecurity and remote monitoring and control was not part of the technical specifications for the system design.

From this perspective, the EPESec 2022 workshop aims at collecting the most relevant ongoing research efforts in the EPES digital security field. It also serves as a forum for relevant projects in order to disseminate their security-related results, boost cooperation, knowledge sharing and follow-up synergies, and foster the development of the EPES Security Community, composed of security experts and practitioners.


Important Dates
Submission Deadline May 13, 2022
Author Notification June 05, 2022
Proceedings Version June 19, 2022
ARES EU Symposium August 23, 2022
Conference August 23 – August 26, 2022


Click here for more information: https://www.ares-conference.eu/workshops-eu-symposium/epesec-2022/

We would like to express our congratulations to our KTH colleagues, who have published their article entitled “Two Decades of Cyberattack Simulations: A Systematic Literature Review” in the Computers & Security (2022) journal.


The abstract is as follows:

Cyberattack simulations appear across multiple computer security domains and are interpreted in many different but equally viable ways. However, this makes the topic appear fragmented and inconsistent, making it challenging to identify and communicate relevant research. Therefore, this article contributes to a unified baseline by presenting the results of a systematic literature review. The review targeted attack simulations published between 1999 and 2019, specifically those exploring which specific steps result in successful attacks. The search initially produced 647 articles, later reduced to 11 key contributions. Despite being scattered across application domains, their general aims, contributions, and problem statements were remarkably similar. This was despite them generally not citing each other or a common body of work. However, the attack simulations differed in implementation details, such as modeling techniques, attacker decision-making, and how time is incorporated. How to construct a fully unified view of the entire topic is still somewhat unclear, particularly from the 11 articles. However, the results presented here should help orient practitioners and researchers interested in attack simulations regarding both present and future work. Particularly since, despite the seemingly implausible sample, the cumulative evidence suggests that attack simulations have yet to be pursued as a distinct research topic.


The complete article can be reviewed and found at the following link: https://doi.org/10.1016/j.cose.2022.102681


As a participant in the 2nd ECSCI Workshop on Critical Infrastructure Protection, we cordially invite you to attend this event:

This workshop will present the different approaches to integrated cyber and physical security in different industrial sectors, such as energy, transport, drinking and wastewater, health, digital infrastructure, banking and financial market, space and public administration. The peculiarities of critical infrastructure protection in each one of these sectors will be discussed and addressed by the different projects of the ECSCI cluster that will present their outcomes, discussing the technical, ethical, and societal aspects as well as the underlying technologies.

Specifically, novel techniques will be presented for integrated security modelling, IoT security, artificial intelligence for securing critical infrastructures, distributed ledger technologies for security information sharing and increased automation for detection, prevention and mitigation measures.

The workshop will include keynote speeches, 23 projects presentations, roundtable and panel discussions, and thematic presentations. It is intended for scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing the different sectors and policymakers for critical infrastructure protection.

Click here for more information: https://www.finsec-project.eu/second-ecsci-virtual-workshop


Our colleagues from NTUA published their article entitled “A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures” in the MDPI’s Healthcare journal which can be found at the link: www.mdpi.com/2227-9032/10/2/327

The abstract is as follows:

Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel’s cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centers, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defense, while reducing the risk surface.


Our colleagues from CITY managed to publish their article entitled “Modelling Smart Grid IT-OT Dependencies for DDoS Impact Propagation”) in the Elsevier’s Computers & Security journal which can be found at the link: https://www.sciencedirect.com/science/article/pii/S0167404821003527

The abstract is as follows:

The traditional power network has now evolved into the smart grid, where cyber technology enables automated control, greater efficiency, and improved stability. However, this integration of information technology exposes critical infrastructure to potential cyber-attacks. Furthermore, the interdependent nature of the grid’s composite information and operational technology networks means that vulnerability extends across interconnected devices and systems. Therefore, a DDoS (Distributed Denial-of-Service) attack, which is relatively easy to deploy but potentially highly disruptive, can be used strategically against the smart grid with particularly egregious results. In this paper, we take inspiration from epidemiological modelling to propose a compromise propagation model, alongside a behavioural DDoS model, to explore how dependencies between the grid’s networks might influence the scale and impact of DDoS attacks. We found that the internal connectedness of a network amplifies the received impact of failures in an external network on which it is dependent. Furthermore, testing showed that alongside attack force, attack duration influences recovery times, due to both the quantity of resources consumed and the time needed to accumulate recoveries. The models were validated against simulations conducted with cyber-security providers L7 Defense, showing our approach to be a viable companion or alternative to traditional graph-based dependency models.


An example of corporate and industrial network integration.

Our partners from KTH got another publication, the chapter titled “Early detection and recovery measures for smart-grid cyber-resilience” is published in the book “Decision Support Systems and Industrial IoT in Smart Grid, Factories, and Cities” by IGI. The chapter discusses the vulnerabilities of smart grid and EPES systems. Since these need to be protected against cyberattacks, therefore, robust algorithms are needed for the efficient intrusion detection system (IDS). This chapter presents the classification of IDSs according to the source of audit data and detection methodologies. It also proposes a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. Moreover, security techniques such as anomaly detection, threat investigation through a highly automated DSS as well as incident response and recovery for smart grid systems are introduced. The proposed framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents. With respect to these classification methods, an overview and problems of existing schemes are presented. Industry best practices are also provided as part of Security information and event management (SIEM). The abstract is as follows:

The internet of things (IoT) has recently brought major technological advances in many domains, including the smart grid. Despite the simplicity and efficiency that IoT brings, there are also underlying risks that are slowing down its adoption. These risks are caused by the presence of legacy systems inside existing infrastructures that were built with no security in mind. In this chapter, the authors propose a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. This chapter introduces security techniques such as anomaly detection, threat investigation through a highly automated decision support system (DSS), as well as incident response and recovery for smart grid systems. The introduced framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters, etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents.

Our academic and industrial partners were very productive again resulting in two articles which are published at a journal (the 1st one) and presented at an IEEE conference.

The first article (journal article) Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework is written by NTUA and elaborates on the MITRE ATT&CK framework from which a comprehensive set of organizational and individual culture factors used (with security vulnerabilities) and mapped to specific adversary behavior in the SBA tool. The abstract is as following: 

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK’s possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.

The second article (conference proceeding) “Enhancing SIEM Technology for protecting Electrical Power and Energy Sector” is written by Konnektable Technologies Ltd. and elaborates on the method used in the SIEM tool and links it to the outsider threats. The abstract is as following:

In the last couple of years, the evolution, the rate and the variety of cyberattacks have increased rapidly causing many unexpected and harmful issues. These attacks do not only target single individuals, but also firms, critical infrastructure as long as a whole government. The most common solutions like firewalls, antivirus, NIDS and NIPS are no longer sufficient as they were the old days. Malicious users and attackers change their behavior, adjust to new methods and “invisible” ways to infect the system.