Workshop on Cybersecurity for Electrical Power and Energy Systems (EPES)
Abstract: Smart technologies, which incorporate advanced communication and information technologies, are currently playing a vital role in many of the operations of the Electrical Power and Energy systems (EPES). The monolithic vertical model of such systems was progressively transformed into new, decentralized model with multiple stakeholders and actors and with recognized benefits for this energy vertical, such as adoption of sustainable distributed renewable power generation, pervasive control, remote monitoring, and self-healing, among many others. However, the growing number of cybersecurity incidents in EPES promotes the need for shielding against a variety of threats, ranging from cyberattacks, dynamic and evolving Advanced Persistent Threats (APTs), and privacy violations, to electricity disturbances and severe human errors caused by lack of relevant training. The diverse threats that modern EPES are facing requires an integrated and holistic approach for continuously assessing the dynamic EPES environment while ensuring compliance with the latest cybersecurity standards.
Date: Thursday, June 29, 2023
Organizers:
– Irina Ciornei, Affiliation: KIOS Research and Innovation Center of Excellence University of Cyprus, Nicosia, Cyprus
– Christos Laoudias, Affiliation: KIOS Research and Innovation Center of Excellence University of Cyprus, Nicosia, Cyprus
–Maria K. Michael, Affiliation: Department of Electrical and Computer Engineering KIOS Research and Innovation Center of Excellence University of Cyprus, Nicosia, Cyprus
Workshop Program
– 14:00 – 14:50: Keynote Speaker–Cybersecurity in the 3D Era of Power Systems, Charalambos Konstantinou, Electrical and Mathematical Science and Engineering Division (CEMSE) King Abdullah University of Science and Technology (KAUST), Saudi Arabia (Chair-Prof. Maria K. Michael, University of Cyprus)
– 14:50– 15:15: Visual analytics-based intrusion detection for EPES networks, Konstantinos Votis, Visual Analytics Laboratory of Centre for Research and Technology Hellas/Information Technologies Institute (CERTH/ITI), Thessaloniki, Greece (Chair-Dr. Irina Ciornei, KIOS CoE & University of Cyprus )
– 15:15– 15:40: Protection and Communication Model of Overcurrent Relays for the Investigation of Security Threats, Mohamed Faisal Elrawy, KIOS Research and Innovation Centre of Excellence and Electrical Engineering Department, University of Cyprus, Cyprus (Chair-Dr. Irina Ciornei, KIOS CoE & University of Cyprus )
– 15:40– 16:05: DNP3 protocol Intrusion Detection Engine, Georgios Andronikidis, Machine Learning Research Engineer, SIDROCO Holdings LTD, Cyprus (Chair-Dr. Irina Ciornei, KIOS CoE & University of Cyprus )
– 16:05– 16:30: Coffee Break
– 16:30– 16:50: ELECTRON, an integrated solution for enhancing EPES resiliency, Simon Sarkisian, Eight Bells Independent Research and Consultancy, Greece (Chair-Dr. Christos Laoudias, KIOS CoE & University of Cyprus )
– 16:50 – 17:10: European Regulatory and Policy Landscape for Cybersecurity of Energy Systems, Grigore Stamatescu, TUV Austria-Romania LTD, Romania (Chair-Dr. Christos Laoudias, KIOS CoE & University of Cyprus )
– 17:10– 17:30: What can we do to prevent cyberattacks? Cyber Hygiene best practices, Jon Ander Aguirrechu Zea, Project Management and Lab Services Unit of TECNALIA, Spain (Chair-Dr. Christos Laoudias, KIOS CoE & University of Cyprus )
– 17:30– 17:50: Enhancing cyber-security preparedness through training and awareness, Vasileios Gkioulos, Department of Information Security and Communication Technology, Norwegian University of Science and Technology (NTNU), Norway (Chair-Dr. Christos Laoudias, KIOS CoE & University of Cyprus )
– 17:50– 18:10: A Human-Centric Cyber Hygiene Methodology for Cybersecurity and Data Privacy Awareness, Christos Laoudias, KIOS Research and Innovation Centre of Excellence and Electrical Engineering Department, University of Cyprus, Cyprus (Chair-Dr. Christos Laoudias, KIOS CoE & University of Cyprus )
– 18:10 – 18:30: Concluding remarks
Summary of Presentations
Keynote speaker: Charalambos Konstantinou
Title: Cybersecurity in the 3D Era of Power Systems (14:00-14:50)
Affiliation: Electrical and Mathematical Science and Engineering Division (CEMSE) King Abdullah University of Science and Technology (KAUST), Saudi Arabia
Bio: Charalambos Konstantinou is an Assistant Professor of ECE & CS with the CEMSE Division of King Abdullah University of Science and Technology (KAUST), Saudi Arabia. He is the PI of the Secure Next Generation Resilient Systems Laboratory (SENTRY) and a member of the Resilient Computing and Cybersecurity Center (RC3) at KAUST. His research interests include critical infrastructures security and resilience with special focus on smart grid technologies, renewable energy integration, and real-time simulation.
Abstract: The electric grid is the backbone of our society and economy. It powers our homes, businesses, and transportation system. With the advances in technology and the increasing use of renewables, the 3D era of power systems is facing new challenges. In this talk, we will discuss recent research efforts of the Secure Next Generation Resilient Systems (SENTRY) lab (sentry.kaust.edu.sa) at KAUST and how we are addressing these threats to ensure that the grid remains (cyber)secure and (cyber)resilient.
1. Visual analytics-based intrusion detection for EPES networks (14:50-15:15)
Name of speaker: Dr. Konstantinos Votis
Affiliation: Director of the Visual Analytics Laboratory of Centre for Research and Technology Hellas/Information Technologies Institute (CERTH/ITI), Thessaloniki, Greece
Presentation Summary:
The proliferation of smart information and communication technology (ICT) systems adaptation in traditional EPES operation technology (OT) networks has led to many benefits in terms of efficiency, monitoring and resilience, but at the same time created an increased attack surface for adversaries. Advanced defence measures and technologies are needed in order to protect EPES networks from cyber-threats and ensure the viability of the so-called “smart-grid”. This presentation focuses on a visual-analytics platform, that can enhance cyber-security of a smart grid facility by offering various functionalities, including monitoring of different data types in near real-time, cyber-attack pattern detection using state of the art deep learning algorithms, historic data analysis with visualization charts and techniques and asset reputation management based on fuzzy logic rules. The visual analytics platform is currently used as an extra defence mechanism in the hands of CERTH’s security operations center (SOC) for the protection of a smart home network.
2. Protection and Communication Model of Overcurrent Relays for the Investigation of Security Threats (15:15 – 15:40)
Name of speaker: Mohamed Faisal Elrawy
Affiliation: KIOS Research and Innovation Centre of Excellence and Electrical Engineering Department, University of Cyprus, Cyprus.
Presentation Summary:
Overcurrent relays play a vital role in protecting power systems. In modern digital substations, the overcurrent relays communicate to increase the performance of protection schemes in the smart grid. However, cyber-attacks that target these communications can threaten the protection and automation functionalities of the substation, potentially causing critical malfunctions in the system. To investigate potential cybersecurity threats, a holistic and integrated modelling approach is necessary to properly consider all control and communication operations. We present the design of an integrated, realistic, and flexible model of an overcurrent protective relay compatible with the International Electrotechnical Commission (IEC) 61850 communication standard using the Generic Object Oriented Substation Event (GOOSE) communication protocol. Moreover, a new assessment method for cyber-attacks is presented, based on the impact and the warnings caused by potential attacks. Various case studies using different attack techniques and strategies are examined, and the criticality of the attacks based on the proposed assessment method is discussed.
3. DNP3 protocol Intrusion Detection Engine (15:40-16:05)
Name of speaker: Georgios Andronikidis
Affiliation: Machine Learning Research Engineer, SIDROCO Holdings LTD, Cyprus
Presentation Summary:
In the digital era of the Industrial Internet of Things (IIoT), the conventional Critical Infrastructures (CIs) are transformed into smart environments with multiple benefits, such as pervasive control, self-monitoring and self-healing. However, this evolution is characterised by several cyberthreats due to the necessary presence of insecure technologies. DNP3 is a widely adopted industrial communication protocol that allows the remote communication between Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA). It is characterised by severe security issues since it does not include any authentication or authorisation mechanisms. In terms of ELECTRON project, an AI-powered Intrusion Detection and Prevention (IDPS) system is being implemented to detect various cyberattacks for DNP3 protocol. The presentation encompasses a comprehensive overview of the various phases involved in the preparation of the datasets, including a detailed analysis of their underlying characteristics. Additionally, it delves into the AI-powered mechanisms employed to derive insights from the data and the added value that these mechanisms can bring to the ELECTRON and EPES infrastructure in general.
Coffee Break (16:05 – 16:30)
4. ELECTRON, an integrated solution for enhancing EPES resiliency (16:30– 16:50)
Name of speaker: Simon Sarkisian
Affiliation: Eight Bells Independent Research and Consultancy, Greece.
Presentation Summary:
The importance of securing the Electric Power and Energy Systems (EPES) is constantly growing, as the development of modern societies and economies is becoming more and more dependent on energy consumption. The ELECTRON platform offers an integrated solution for enhancing the EPES resiliency, combining, Risk Assessment & Certification, Intrusion Detection & Privacy, Mitigation and Energy Optimization and Personnel Training and Certification. The above is demonstrated and validated in a set of four Use Cases, in the entire EPES value chain, covering a range of usage scenarios. We will be presenting an overview of the project, including its background, main components and use cases.
5. European Regulatory and Policy Landscape for Cybersecurity of Energy Systems (16:50– 17:10)
Name of speaker: Grigore Stamatescu
Affiliation: TUV Austria-Romania LTD, Romania.
Presentation Summary:
Ensuring robust and reliable cybersecurity of energy and power systems (EPES) represents an Europe-wide defining and timely challenge for critical infrastructure protection. The talk presents an overview of current regulatory and policy approaches that cover the current state-of-the-art in this field such as the EU Cybersecurity Act and the NIS2 directive. We identify the key actors, human factors, as well as technical and non-technical aspects that shape the specialised regulatory and policy landscape for EPES cybersecurity. Dedicated standardisation and certification initiatives offer the potential to bring together various EU bodies, regulatory agencies, professional associations, suppliers and end-users. Development perspectives are highlighted that consider both new technical developments in intrusion detection systems, machine learning algorithms and advanced cryptography, as well as an ever-emerging threat landscape from increasingly capable malicious actors.
6. What can we do to prevent cyberattacks? Cyber Hygiene best practices (17:10-17:30)
Name of speaker: Jon Ander Aguirrechu Zea
Affiliation: Project Management Office and Lab Services, TECNALIA Spain.
Presentation Summary:
This presentation will offer an in-depth analysis on best practices, measures and methods suitable to prevent specific types of cyberattacks which involve EPES personnel from grid and field operators to private EPES network administrators. Thus, it will dive into ELECTRON proposed cyber hygiene techniques and tools to be used to facilitate the training and the certification process for cyber-security awareness of the EPES personnel. We will also showcase how innovative ICT technology such as VR/AR could be used to enhance the training experience of the EPES actors. Furthermore, it exemplifies on the use of a semi-automatic evaluation mechanism able to measure the trainee’s knowledge and awareness on cyber security based on which a format certification can be awarded.
7. Enhancing cyber-security preparedness through training and awareness (17:10– 17:30)
Name of speaker: Vasileios Gkioulos
Affiliation: Department of Information Security and Communication Technology, Norwegian University of Science and Technology (NTNU), Norway.
Presentation Summary:
Several security breaches occur because of negligence or lack of awareness of the personnel within an organisation, and attackers often structure malicious actions by exploiting one or more human factor weaknesses. Enhancing cyber hygiene through training and awareness, besides the integration of technical countermeasures, can not only reduce organizational vulnerabilities but also improve their capacity to identify and respond to ongoing attacks. In this session, we will explore key findings from four research projects on the topic.
8. A Human-Centric Cyber Hygiene Methodology for Cybersecurity and Data Privacy Awareness (17:50 – 18:10)
Name of speaker: Christos Laoudias
Affiliation: KIOS Research and Innovation Centre of Excellence and Electrical Engineering Department, University of Cyprus, Cyprus.
Presentation Summary:
Cyber threats are increasing across all business sectors and the cost of cybersecurity and data privacy incidents is rising globally. In response to the ever-increasing threats, typically organisations are enhancing the technical measures with the use of cybersecurity controls (e.g., firewalls, secure configuration, patch management, etc.). Despite the need for technical controls, humans are evidently the weakest link in the cybersecurity posture of an organisation. This, in combination with the view that cybersecurity is as good as its weakest link, suggests that addressing human aspects of cybersecurity is a key step towards managing cyber-physical risks. Our Cyber Hygiene methodology, developed in the context of the EU-funded H2020 CUREX project, employs a unique survey-based risk assessment approach for raising cybersecurity and data privacy awareness of different employee groups in an organisation. The methodology considers the human aspects in the chain of cyber defence by focusing on the gaps and needs of individual employee groups. The main objective of the methodology is to identify the most effective strategy for managing cybersecurity and data privacy risks and recommend targeted human-centric controls (e.g., awareness activities, training programs, rewards, etc.) that are tailored to the organisation-specific needs (e.g., culture, personnel background, employee role and responsibilities, etc.) to implement the strategy. In this presentation, we will first describe how the methodology works, present our findings, and discuss the lessons learned from pilot studies at three healthcare organisations during the CUREX project. We will then provide some directions on how the methodology could be applied for increasing cybersecurity and data privacy awareness in energy and power operators.
Questions and answers and concluding remarks (18:10-18:20)
