Estonia
Elektrilevi (ELV) - Enefit Connect (EC) - Guardtime (GT)
Scenarios:
- Managing the legacy equipment. This includes the smart-meters and the servers that are for management. Also, the amount of data is quite huge, and it is not realistic to manually analyse every datapoint. Collecting data from smart meters to sending data, must be done securely. Securing and monitoring more than one hundred thousand systems is not a simple task..
- Securing continuous and uninterrupted collection of smart meter data across multiple access points and providing this data to the Estfeed platform. The scenario involves the continuous monitoring of the processes and securing the data flows from customer/data owner side to the national datahub.
- Information exchange between the key stakeholders responsible for the smart meter and metadata collection that enable the automated meter reading to share to approved service providers. The scenario will deploy the methodological measures to enable cross-stakeholder cyber-security services in order to deliver required visibility, proof and mitigation action in case of cyber incident. This campaign implements the cyber-security dialog based on effective cooperation among multiple stakeholders, including the regulators and legislators. This dialog is connected to the existing MeliCERTes platform deployed with the support of Polish NASK for the Europe-wide CERTs and CSIRTs collaboration.
The Estonian pilot
This CyberSEAS pilot is a national level pilot on the Estonian DSO.
The partners of this pilot are:
- Elektrilevi (ELV) – Estonia’s largest distribution system operator.
- Enefit Connect (EC) – develops and manages various power networks in Estonia
- Guardtime (GT) – cybersecurity and zero trust solutions based on blockchain technology company.
Elektrilevi and Enefit Connect provide the infrastructure for this pilot (see infrastructure overview above), while Guardtime is the technology provider for the pilot solution.
The aim of the pilot is to ensure the integrity of the operational technology (OT) device configuration through firmware control and signing. As a rule, the OT device updates come from manufacturers but the problem is that the sources and repositories may not be well secured. To tackle this problem, the Estonian pilot aims, among other things, to present a control mechanism where only centrally controlled and signed firmware can be applied to ELV/EC OT devices. The use of other versions is inherently prohibited in the central management system. The controlling is achieved through applying Guardtime’s key-technology (MIDA). The work conducted under the Estonian pilot will contribute to CyberSEAS objectives by providing tools to protect the trust between energy market participants and helping to solve security challenges related to data leak and protection of private data.