Our colleagues from NTUA managed to publish their article “A Cyber-Security Culture Framework for Assessing Organization Readiness” in the Journal of Computer Information Systems. The abstract is as follows:

This paper presents a cyber-security culture framework for assessing and evaluating the current security readiness of an organization’s workforce. Having conducted a thorough review of the most commonly used security frameworks, we identify core security human-related elements and classify them by constructing a domain agnostic security model. We then proceed by presenting in detail each component of our model and attempt to quantify them in order to achieve a feasible assessment methodology. The paper thereafter presents the application of this methodology for the design and development of a security culture evaluation tool, that offers recommendations and alternative approaches to workforce training programs and techniques. The model has been designed to easily adapt on various application domains while focusing on their unique characteristics. The paper concludes on applications of our instrument on security-critical domains, and its contribution to current research by providing deeper insights regarding the human factor in cybersecurity.

Interested in reading more? You can get the complete paper here.

On November 12, NTUA presented their SBA tool at the Cyberwatching.eu webinar. It was a really nice webinar with some key points and actual project results being showcased during the webinar. We managed to gather 88 live participants (out of 120 registrants) from 16 countries across the globe.

In the webinar DEFeND, EnergyShield, SDN-microSENSE and SealeGRID projects participated. Majority of the attendees came from 16 countries around the globe: 15 EU and 1 Non-EU/global. For the EU, Greece is by far the most represented country (33), followed by Belgium and Italy (8), Spain and Romania (6), and France and Germany (5). The majority of them are educational institutions (36%), followed by Small and Medium Enterprises (SMEs) (25%), Large Enterprises (14%), government and public administrations (10%) and non-profit organisations (8%).

If you did not manage to attend the webinar, you can get the slides here.

Finally, here is a video from the presentations:

On October 22nd, EnergyShield objectives, tools and pilots were presented as part of the final day of the international congress BioBioEnergia https://biobioenergia.com/). The congress is annualy organized by the BioBio Region in Chile and gathers experts, professionals, enterprises and academia from Chile, Latin America and other continents. The consortium was represented by dr. Ana-Maria Dumitrescu (SIMAVI) with her intervention (Smart meters and cybersecurity in energy. European initiatives and examples from Romania (Medidores inteligentes y seguridad cibernética en energía. Iniciativas europeas y ejemplos de Rumania, in Spanish). The Congress was available to the public through several platforms (e.g. tvenerg.com) and had a total audience of almost 675.000 persons in its four days.


On 12th of  November 2020 at 11:00 CET, Cyberwatching.eu will organised a webinar entitled “EPES and Smart GRIDS: practical tools and methods to fight against cyber and privacy attacks, in collaboration with EnergySHIELD, SDN-Microsense, SealedGRID and DEFeND, who will present their solutions to protect EPES and Smart Grids against cyber-threats, and preserve consumers’ privacy.

This 90-minute webinar will zoom in on the main actions required to preserve cybersecurity and be prepared for possible cyberattacks in the energy sector, taking into account the characteristics of the sector such as the real-time requirements, the risk of cascading effects and the combination of legacy systems with new technologies.

EnergyShield’s presentation will focus on one of the 5 cyber-security tools contained within the EnergyShield toolkit, namely Security Behaviour Analysis tool, implemented by the Management & Decision Support Systems Laboratory (DSS Lab) of the National Technical University of Athens. In a 15minute session, they shall walk us through the tool specifics including the cybersecurity need addressed, its main features and challenges. They shall conclude their presentation with a short demo exhibiting a common use case scenario from the EPES sector reality.

You can register yourself following this link: https://www.cyberwatching.eu/epes-and-smart-grids-practical-tools-and-methods-fight-against-cyber-and-privacy-attacks-registration

SIGA publishing article on cyber threats for ICS environments

Notwithstanding the importance of network monitoring in protecting industrial control systems (ICS) in Operational Technology (OT) environments, it is highly essential to understand the importance of monitoring and detecting field and process oriented anomalies at Level 0, the sensors and actuators at the equipment and machinery levels, so to be able to defend the OT system holistically.
This need is taken by our partner SIGA who wrote an article on this issue and how they imagine tackle it. Enjoy the reading: 

Our partners from KTH conducted a study on how persons identify phishing websites and wrote an article called “Why Phishing Works on Smartphones: A Preliminary Study” on it, which has been accepted for presentation at the 54th Hawaii International Conference on System Sciences (HICSS). The abstract is as follows:

Phishing is a form of fraud where an attacker attempts to acquire sensitive information from a target by posing as trustworthy. One strategy to fool the target is spoofing of a legitimate website. But why do people fall for phishing, and what security indicators are utilized or not utilized when deciding the legitimacy of a website? Hitherto, two studies have been conducted in 2006 and 2015. As time has passed since then, we like to check if people are meanwhile more certain in identifying spoofed websites. Therefore, 20 participants were observed when they analyzed and classified websites as legitimate or spoofed. On average participants had a success rate of 69 \%, like previous studies’ results. The URL was used as an indicator by most of the participants (80 \%), indicating user behavior and ease of identifying spoofed and legitimate websites is not very different on a smartphone compared to a desktop. Almost all participants used the content of the website at least once when deciding if a website was spoofed or legitimate. These findings will be used to conduct a bigger study to create more resilient results.

Congratulations to our partners from NTUA to their accepted paper “Towards Assessing Critical Infrastructures’ Cyber-Security Culture during COVID-19 crisis: A Tailor-made Survey” at the 4th International Conference on Networks and Security (NSEC 2020). The abstract is as follows:

This paper outlines the design and development of a survey targeting the cyber-security culture assessment of critical infrastructures during the COVID-19 crisis, when living routine was seriously disturbed and working real-ity fundamentally affected. Its foundations lie on a security culture framework consisted of 10 different security dimensions analyzed into 52 domains exam-ined under two different pillars: organizational and individual. In this paper, a detailed questionnaire building analysis is being presented while revealing the aims, goals and expected outcomes of each question. It concludes with the survey implementation and delivery plan following a number of pre-survey stages each serving a specific methodological purpose.

SIMAVI and NTUA initiated a workshop to bridge communication between all three projects funded under SU-DS04-2018-2020 call. The aim of this workshop was to introduce the projects, identify similarities and explore collaboration opportunities from both technical and dissemination perspectives. EnergyShield, PHOENIX and SDN micro-SENSE projects were introduced by leading partners in terms of objectives, consortium, technical challenges, and next coming activities. In total, 38 representatives of the three projects participated in the workshop.

Project presentations


Anna Georgiadou (NTUA) welcomed workshop participants on behalf of the EnergyShield project and presented the general collaboration concept behind this initiative: Bridging three H2020 EU projects, EnergyShield, PHOENIX and SDN-microSENSE, all funded under the SU-DS04-2018-2020 program and, consequently, sharing the same goals and vision towards Cybersecurity in the Electrical Power and Energy System (EPES).

First, Otilia Bularca (SIMAVI), as the EnergyShield Project Manager, presented the EnergyShield project including (the slides can be found here):

  • General project information including budget, duration and consortium partners
  • Concept and objectives
  • Technical activities progress
  • Toolkit architecture and overall design with details regarding each available tool
  • Pilot use cases along with a comparative analysis
  • Integration approach, perspectives and activities flow
  • Milestones, progress and roadmap
  • Project communication channels


Second, Farhan Sahito (Capgemini), as the Phoenix Project Coordinator, presented the PHOENIX project general information including (the slides can be found here):

  • Project facts and objectives
  • Consortium partners
  • Large scale pilots
  • Progress and expected results

Following, Theodore Zahariadis (Synelixis) proceeded in the technical presentation of the project including:

  • Project approach and main goals
  • Architecture design
  • Core technologies and integration approach
  • Pilot presentation

Closing the project presentation, Elena Sartini (CEL) briefly elaborated on the PRESS (Privacy and Data Protection, Ethics, Social and Security) Framework and its approach while sharing the resources for its analytical presentation.


The presentations of the projects were closed by Fernando Usero Fuentes (AYESA), as the SDN-microSENSE Project Coordinator, presented the SDN-microSENSE project general information including:

  • General project information including budget, duration, and consortium partners
  • Work package progress
  • Objectives, challenges and expected results
  • Milestones and roadmap
  • Pilot use cases

Then, Panos Sarigiannidis (UOWM) proceeded in the technical presentation of the project including:

  • Project approach
  • Architecture design
  • Operation flow
  • Core technologies and implementation approach

Closing the project presentation, Theodoros Rokkas (inCITES) provided several dissemination and collaboration ideas based on previous experience and revealed a few other ongoing collaboration activities with other EU projects.

Discussion on Collaboration between Projects

The project presentations were followed by the project representatives recognizing the common goals, concepts and similar approaches embraced by the three participating projects. Ideas regarding future workshops with a more technical basis open to third parties including BRIDGE representatives or even to the end-users and public were introduced. Sharing and exchanging anonymized EPES datasets, project interconnection via common usage of the same incident report platforms, similar tool testing techniques were a few of the ideas put forward by the participants.

The Outcomes

Project partners attending the workshop agreed on the importance of sharing information and knowledge. A common dissemination approach was discussed, and some activities have been drafted:

  • Join forces on social media communication channels starting from Twitter
  • Create a LinkedIn group (EPES – related projects)
  • Prepare common workshop/conferences involving stakeholders
  • Publish whitepapers
  • Share costs of booth in events
  • Create a “sister projects” section on project webpages

The opportunity of organizing joint technical activities for the outside world was also put forward. Workshops or webinars potential topics:

  • architecture design and integration possibilities
  • data exchange/sharing and interoperability
  • demonstrator and tools capabilities

To go ahead with this initiative, the creation of a board from all three projects was suggested. Thus, SIMAVI would initiate a list with persons that should be contact points for the collaboration activities.

Another proposal was related to the possibility of following up the progress of projects. Thus, from time to time selected partners (field experts) could attend significant project consortium meetings, such as review rehearsals.

As EnergyShield is the first of the participating projects to undergo a review process, it has already scheduled review rehearsal on the 29th of July. Consortium partners will be asked if they have objections against inviting external experts to attend the meeting on the 29th of July.

Next, the project partners will continue to communicate online and align the ideas on a technical workshop that would be scheduled in September – October 2020.

Finally, more than 90 people logged in to listen to the talks of Robert Lagerström (KTH), Erik Ringdahl (foreseeti), and Simon Hacks (KTH) given on July 9.

Robert opened the webinar with explaining the overarching goal of the EnergyShield project and stressing the challenges the EPES sector is facing when it comes to cyber security. Furthermore, he presented actual research conducted at KTH to tackle these challenges. Then, Erik took over and showed the interested audience the capabilities of foreseeti’s tool securiCAD and the way it was used in the past to simulate attacks on the EPES sector. Finally, Simon brought the threads of Robert and Erik together, presenting epesLang, a threat modelling languages that covers the assets needed to successfully conduct attack simulations on power assets. epesLang’s capabilities were demonstrated by modelling the attack on the Ukraine from 2015 and illustrating also alternative attack paths that could have been successful.

The webinar was closed by a panel discussion on the key challenges for the EPES sector, how these challenges can be addressed, and what are the key enablers. In the panel, Chris Few (Ofgem), Johan Söderbom (InnoEnergy), Kimon Nicolaides (MASS), Thomas Olsen (Lagoni Engineering), and Matthias Rohr (PSI Software AG) participated.

The captured presentations and panel discussions can be found here.