Preliminary results of EnergyShield project were presented on 27 of April at the  2nd ECSCI Workshop on Critical Infrastructure Protection CIP.  The focus of the presentation  was on how could stakeholders shield the power grid from cyberattacks.  EnergyShield project the tools and pilots were introduced and policy contributiions were shared alongside  with some lessons learned and ways to reachout the project. 

The relevance of a toolkit for Critical Infrastructures (CI) / EPES – like the proposed by EnergyShield – was evaluated during project implementation. Supply chain for CI has gotten recently and software supply chain risks become additionally very visible (e.g Solar Winds incident). To this end the need for complex systems that are fully flexible and ensure different deployment possibilities and easy adoption of new technologies is highly relevant. Moreover, the current market shows the existence of many cross-sector tools and a limited offer for the energy sector. The latest incidents however provide good arguments for the exploitation of a toolkit like EnergyShield. 

Building an online identity as well as creatin flexible systems are essential. Starting from a plethora of technologies and use case functionalities the EnergyShield system needs to provide full flexibility. In adapting and integrating technologies the technology providers have improved and adapted the tools making them ready for integration through the overall EnergyShield system and interacted with Practitioners to collect feedback (testing and evaluation of tools. Also, a flexible integration concept was designed and is being implemented to ease the accommodation of tools and a Portal to securely access the toolkit. Technology providers have collaborated towards preparing and accommodating tools using different technologies in a common environment (EnergyShield toolkit) and using a data fusion mechanism combined with machine learning to create a global view.

About the event. This workshop presented the different approaches on integrated (i.e., cyber and physical) security in several different industrial sectors, such as finance, healthcare, energy, air transport, communications, industrial plants, gas, and water. The peculiarities of critical infrastructure protection in each one of these sectors have been discussed and addressed by the different projects of the ECSCI cluster that presented their outcomes, discussing the technical, ethical and societal aspects and the underlying technologies. The workshop included three opening remarks, three keynote speeches, 21 projects presentations, 2 roundtable and panel discussions,  21 thematic presentations, and closing remarks. The audience included scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing different sectors and policy makers for critical infrastructure protection. https://www.finsec-project.eu/second-ecsci-virtual-workshop 

3rd International Workshop on Electrical Power and Energy Systems Safety, Security and Resilience (EPESec 2022)

As a participant, we gladly invite you to attend this event: the 3rd International Workshop on Electrical Power and Energy Systems Safety, Security, and Resilience (EPESec 2022). The event will take place from August 23–August 26, 2022, in Vienna, Austria.

 

The forthcoming smart energy ecosystem is considered as the next-generation power system, which promises self-healing, resilience, sustainability, and efficiency to the critical energy infrastructure. However, due to the increasing digitization of the energy infrastructure, the risk of cyberattacks has risen dramatically, while as the smart energy and power grid is reaching every house and building, the potential of attracting cyber-attackers is magnified. Additionally, legacy systems constitute weak points of failure since they were designed in times when cybersecurity and remote monitoring and control was not part of the technical specifications for the system design.

From this perspective, the EPESec 2022 workshop aims at collecting the most relevant ongoing research efforts in the EPES digital security field. It also serves as a forum for relevant projects in order to disseminate their security-related results, boost cooperation, knowledge sharing and follow-up synergies, and foster the development of the EPES Security Community, composed of security experts and practitioners.

 

Important Dates
Submission Deadline May 13, 2022
Author Notification June 05, 2022
Proceedings Version June 19, 2022
ARES EU Symposium August 23, 2022
Conference August 23 – August 26, 2022

 

Click here for more information: https://www.ares-conference.eu/workshops-eu-symposium/epesec-2022/

We would like to express our congratulations to our KTH colleagues, who have published their article entitled “Two Decades of Cyberattack Simulations: A Systematic Literature Review” in the Computers & Security (2022) journal.

 

The abstract is as follows:

Cyberattack simulations appear across multiple computer security domains and are interpreted in many different but equally viable ways. However, this makes the topic appear fragmented and inconsistent, making it challenging to identify and communicate relevant research. Therefore, this article contributes to a unified baseline by presenting the results of a systematic literature review. The review targeted attack simulations published between 1999 and 2019, specifically those exploring which specific steps result in successful attacks. The search initially produced 647 articles, later reduced to 11 key contributions. Despite being scattered across application domains, their general aims, contributions, and problem statements were remarkably similar. This was despite them generally not citing each other or a common body of work. However, the attack simulations differed in implementation details, such as modeling techniques, attacker decision-making, and how time is incorporated. How to construct a fully unified view of the entire topic is still somewhat unclear, particularly from the 11 articles. However, the results presented here should help orient practitioners and researchers interested in attack simulations regarding both present and future work. Particularly since, despite the seemingly implausible sample, the cumulative evidence suggests that attack simulations have yet to be pursued as a distinct research topic.

 

The complete article can be reviewed and found at the following link: https://doi.org/10.1016/j.cose.2022.102681

Workshop

As a participant in the 2nd ECSCI Workshop on Critical Infrastructure Protection, we cordially invite you to attend this event:

This workshop will present the different approaches to integrated cyber and physical security in different industrial sectors, such as energy, transport, drinking and wastewater, health, digital infrastructure, banking and financial market, space and public administration. The peculiarities of critical infrastructure protection in each one of these sectors will be discussed and addressed by the different projects of the ECSCI cluster that will present their outcomes, discussing the technical, ethical, and societal aspects as well as the underlying technologies.

Specifically, novel techniques will be presented for integrated security modelling, IoT security, artificial intelligence for securing critical infrastructures, distributed ledger technologies for security information sharing and increased automation for detection, prevention and mitigation measures.

The workshop will include keynote speeches, 23 projects presentations, roundtable and panel discussions, and thematic presentations. It is intended for scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing the different sectors and policymakers for critical infrastructure protection.

Click here for more information: https://www.finsec-project.eu/second-ecsci-virtual-workshop

Heathcare

Our colleagues from NTUA published their article entitled “A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures” in the MDPI’s Healthcare journal which can be found at the link: www.mdpi.com/2227-9032/10/2/327

The abstract is as follows:

Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel’s cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centers, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defense, while reducing the risk surface.

Congrats!

Our colleagues from CITY managed to publish their article entitled “Modelling Smart Grid IT-OT Dependencies for DDoS Impact Propagation”) in the Elsevier’s Computers & Security journal which can be found at the link: https://www.sciencedirect.com/science/article/pii/S0167404821003527

The abstract is as follows:

The traditional power network has now evolved into the smart grid, where cyber technology enables automated control, greater efficiency, and improved stability. However, this integration of information technology exposes critical infrastructure to potential cyber-attacks. Furthermore, the interdependent nature of the grid’s composite information and operational technology networks means that vulnerability extends across interconnected devices and systems. Therefore, a DDoS (Distributed Denial-of-Service) attack, which is relatively easy to deploy but potentially highly disruptive, can be used strategically against the smart grid with particularly egregious results. In this paper, we take inspiration from epidemiological modelling to propose a compromise propagation model, alongside a behavioural DDoS model, to explore how dependencies between the grid’s networks might influence the scale and impact of DDoS attacks. We found that the internal connectedness of a network amplifies the received impact of failures in an external network on which it is dependent. Furthermore, testing showed that alongside attack force, attack duration influences recovery times, due to both the quantity of resources consumed and the time needed to accumulate recoveries. The models were validated against simulations conducted with cyber-security providers L7 Defense, showing our approach to be a viable companion or alternative to traditional graph-based dependency models.

Congrats!

An example of corporate and industrial network integration.

Our partners from KTH got another publication, the chapter titled “Early detection and recovery measures for smart-grid cyber-resilience” is published in the book “Decision Support Systems and Industrial IoT in Smart Grid, Factories, and Cities” by IGI. The chapter discusses the vulnerabilities of smart grid and EPES systems. Since these need to be protected against cyberattacks, therefore, robust algorithms are needed for the efficient intrusion detection system (IDS). This chapter presents the classification of IDSs according to the source of audit data and detection methodologies. It also proposes a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. Moreover, security techniques such as anomaly detection, threat investigation through a highly automated DSS as well as incident response and recovery for smart grid systems are introduced. The proposed framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents. With respect to these classification methods, an overview and problems of existing schemes are presented. Industry best practices are also provided as part of Security information and event management (SIEM). The abstract is as follows:

The internet of things (IoT) has recently brought major technological advances in many domains, including the smart grid. Despite the simplicity and efficiency that IoT brings, there are also underlying risks that are slowing down its adoption. These risks are caused by the presence of legacy systems inside existing infrastructures that were built with no security in mind. In this chapter, the authors propose a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. This chapter introduces security techniques such as anomaly detection, threat investigation through a highly automated decision support system (DSS), as well as incident response and recovery for smart grid systems. The introduced framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters, etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents.