Periodic Reporting for period 3 - EnergyShield (Integrated Cybersecurity Solution for the Vulnerability Assessment, Monitoring and Protection of Critical Energy Infrastructures)
Berichtszeitraum: 2021-07-01 bis 2022-06-30
The objectives of EnergyShield project are: (1) adapt and improve available building tools to support the needs of the EPES, (2) integrate the improved cybersecurity tools in a holistic solution with assessment, monitoring/protection and learning/sharing capabilities that work synergistically, (3) validate the practical value of the EnergyShield toolkit in demonstrations involving EPES stakeholders and (4) develop best practices, guidelines and methodologies supporting the deployment of the solution and encourage widespread adoption of the project results in the EPES sector.
EnergyShield system combines the latest technologies for vulnerability assessment (automated threat modelling and security behaviour analysis), monitoring & protection (anomaly detection and DDoS mitigation) and learning & sharing (security information and event management) that help increase resilience against different types and levels of cyber and privacy attacks and data breaches. All these tools are accommodated in a central federation coordinator with locally deployed federation members. The central component is responsible for maintaining the rules and standards and for common processing, while the federation members are responsible for local data collection and processing.
The most significant aspects to support value creation and growth in the electrical power domain is to build but also strengthen the capability to adequately assess the combined ICT and OT/SCADA environments of companies within the field.
The EnergyShield toolkit is an integrated complete solution that covers heterogeneous attack vectors. It receives alerts from the OT anomaly detection (AD) and from the distributed denial of service mitigation (DDoSM) tools that monitor external interfaces are both concluded by the SIEM and by the simulation within the vulnerability assessment (VA) tool. Each of the tool has distinct elements of technical innovation and features that meet the specific cybersecurity requirements (monitoring, detection, vulnerabilities assessment, learning) of the business field. Although they have been developed for different environments and with specific orientations (e.g. SBA - organizational culture oriented solution, focused on the cybersecurity concerns and personnel behaviour / reactions in critical situations, AD – a breakthrough process-oriented anomaly detection solution in OT cyber protection, providing safety for industrial assets by directly monitoring raw electrical signals (level 0 real-time monitoring); SIEM – solution offering data correlation of physical and cyber-events, with capability of handling large amounts of heterogeneous data, etc.), the innovative architectural model ensures the right communication and enhancement of each of their functionalities.
Given the particularities of the energy sector (real-time requirements, cascading effects, technology mix, specific infrastructure) and the trending needs and expectation (regulation enforcement, compliance with security requirements). Energy Shield could strengthen the security in EPES supply chain via adopting Energy Shield toolkit.
The added value of implementing EnergyShield toolkit becomes relevant through the increased resilience against cyber and privacy attacks and minimized effects of their potentially harmful outcomes. Evolving inside clusters of similar projects can only benefit the overall impact of the coordinated efforts of fighting against cyber security threats and attacks.
To increase awareness regarding these aspects, during the 3 years of implementation EnergyShield consortium organized - in collaboration with other H2020 projects - 12 events, published 33 peer-reviewed articles, released 10 whitepapers, and actively engaged within 4 clusters: ESCSI, CyberEPES, BRIDGE, Cyberwatching.eu.
By the end of the project all anticipated EnergyShield tools were released in their final version alongside with detailed reports. The toolkit is tailored to the needs of EPES operators, but many of the technology building blocks and best practices are transferable to other types of critical infrastructures.
The cross-evaluation of EnergyShield tools and technologies as part of the cybersecurity industry and its relevance for the EPES value chain brings forward some sector trends and opportunities for new technologies:
• Vulnerability Analysis tool has shown that SaaS is the best choice when it comes to critical infrastructure operators
• Security Behaviour Analysis tool highlights that anonymization very relevant for independent assessment of skills gap within organizations
• Anomaly Detection tool promotes agnostic technologies for OT environment as it allows monitoring with limited human interaction
• Distributed Denial of Service Mitigation tool shows that real time reporting of attacks is essential for a healthy system. Due to the multitude of attacks that occur real, a traffic enforcement module and analytics unit that provides near real time analytics of the traffic is required to stop these attacks
• Security Information and Event Management (SIEM) offers constant supervision of system emphasizing on monitoring privilege escalation on SCADA system. The deployment of an overall SIEM due to its fast and flexible and feasibility to processing of big amounts of data and having the possibility of performing event correlation at different layers with more complex rules is recommended.