Cybersecurity in the Electrical Power and Energy System

About CyberSEAS

The CyberSEAS project is a European Union funded collaborative project improving the cyber security of the European electrical power energy systems (EPES).

CyberSEAS (Cyber Securing Energy dAta Services) aims to improve the overall resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions, the extended involvement models of stakeholders and consumers as channels for complex cyber-attacks, the presence of legacy systems and the increasing connectivity of energy infrastructures, data stores and services retailers.

CyberSEAS at a glance

Topic:
SU-DS04-2018-2020
Grant Number:
101020560
Total Cost:
€ 10.067.121,25
EC Contribution:
€ 7.999.113,64
Start Date:
01/10/2021
End Date:
30/09/2024

Research and methods

Project Objectives

CyberSEAS has 3 strategic objectives:

  1. Countering the cyber risks related to highest impact attacks against EPES;
  2. Protecting consumers against personal data breaches and attacks;
  3. Increasing the security of the Energy Common Data Space.

All three objectives are equally important, since cyber-criminals are shifting tactics to favour multi-stage attacks in which stealing sensitive data is a precondition for the real attack, and enables them to maximise damage and profits (while traditionally infrastructure cyber-attacks used to be direct attacks to the machinery and typically targeted control systems, not data). Threat actors, especially large ones such as nation states, also carry out complex attacks that leverage supply chain dependencies, and this trend continues to grow, as highlighted in the July 2020 analysis by the Atlantic Council. Likewise, with the transition to scenarios where users are proactively involved, prosumer data is becoming more and more sensitive.

Solutions

To achieve these objectives, CyberSEAS delivers an open and extendable ecosystem of 30 customisable security solutions providing effective support for key activities, and in particular:

  • risk assessment;
  • interaction with end devices;
  • secure development and deployment;
  • real-time security monitoring;
  • skills improvement and awareness;
  • certification, governance and cooperation.

CyberSEAS solutions are validated through experimental campaigns consisting of 100+ attack scenarios, tested in 3 labs before moving out to one of 6 piloting infrastructures across 6 European countries. Out of the 30 solutions, 20 will reach TRL8+ and 10 TRL7.

Team

CyberSEAS ’s management structure has been designed to ensure that project activities are properly coordinated, so that:

  • the project reaches its objectives and fulfils partners’ individual expectations;
  • quality assurance is guaranteed throughout project implementation;
  • proper monitoring and self-assessment procedures are in place;
  • security, ethical, legal, privacy, societal acceptance and training dimensions are taken into account.

The project is managed at different levels with management and support committees.

Project Coordinator

Paolo Roccetti

Engineering

Mr. Paolo Roccetti (male) graduated as an engineer from the Bologna University, and works at Engineering’s R&D labs since 2005. His technical background includes grid computing and security of distributed systems. He leads the CyberSecurity team that is involved in EU and national research projects. Past work includes a threat intelligence solution to fight botnets (FP7 project ACDC) and a risk assessment tool for cyber threats
in industry (FP7 project CYSPA). His research team is now working on social engineering topic, by coordinating the creation of a Social-Driven Vulnerability Assessment framework (H2020 project DOGANA) and contributing to a phishing detection service (EIT project WAFFLE). He is coordinating two H2020 projects: COMPACT, to improve the resilience of Local Public Administrations against cyberattacks, and HERMENEUT,
to assess cyber risks on intangible assets of organizations. Projects: DILIGENT (Grid Computing, Digital Libraries), D4Science (Grid Computing, Digital Libraries), GriFin (Grid Computing, Finance), EchoGRID (Grid Computing, Industry, Telco), SEMIRAMIS (Security, Cross Border Information Exchanges), CYSPA (Cyber Risks, Industry), ACDC
(Botnets, Cyber Threat Intelligence), DOGANA (Social Engineering, Risk Assessment), WAFFLE (Phishing), COMPACT (Basic Cyber Threats, Public Administrations), HERMENEUT (Cyber Risks, Cyber Crime).
Technical Coordinator

Luigi Romano

CINI

 

Mr. Luigi Romano (male). He is a Full Professor at the Department of Engineering of the university of Naples “Parthenope”. He is an expert in system security and dependability. In FP7, he was the Technical Coordinator/Principal Investigator of the INTERSECTION, INSPIRE, INSPIRE INCO, MASSIF, and SAWSOC projects. He is a member of the European Network and Information Security Agency expert group on Priorities of Research On Current and Emerging Network Technologies (PROCENT). He is the Chair of the “Cyber Security” Working Group within the context of the SERIT initiative (SERIT, “Security Research in ITaly” is the technological platform for national security jointly promoted by CNR and Finmeccanica). He is the technical coordinator of KONFIDO project and will be the technical coordinator of CyberSEAS. 

Ethical and Privacy Coordinator

Hans Graux

TLEX

Hans Graux (male) is an ICT lawyer, and a highly recognised expert advisor to the European Commission and other public bodies. He is a law school graduate who also obtained a complementary degree in IT (both at KU Leuven, Cum Laude). After working as a legal researcher at the Interdisciplinary Centre for Law and Information Technology, he became a lawyer, partner and co-founder of the law firm time.lex, specialised in technology, intellectual property, media and e-business. He has participated in a large number of international ICT policy studies, primarily for the European Commission and various European Agencies. His expertise lies in the collection of legal and administrative information in cross border studies, in the analysis of legal frameworks and policy choices, and in formulating policy recommendations to eliminate barriers to the correct functioning of the internal market. Recent work for the European Commission has included projects focused on cloud computing, data protection, eSignatures, trust services electronic identity management, information security and e-business. Furthermore, he is a member of the ICT Committee of the Council of Bars and Law Societies of Europe (CCBE), and Member of the ICT Committee of the Order of Flemish Bars. He led the legal work in STORK 2.0, e-SENS, and TOOP.
Project Security Officer

Fabio Barba

Engineering

He is the Defence, Space and Homeland Security Business Unit Technical Director in Engineering. The Business Unit, inter alia, is responsible for the whole suite of EII’s maritime awareness technologies. He concurrently fulfil the role of EII’s Deputy Security Officer, being part of the organisation taking care of obligations deriving from the management of classified information. Before Engineering, he was an Italian Navy Officer; Fabio Barba graduated in Maritime and Naval Sciences at the Italian Naval Academy in 1995 and completed his education with an Engineering MSc in Command & Control Systems at the US Marine Corps University – Quantico, Virginia in 2000. He has 26 years of work experience including 16 in the ICT domain; furthermore he has 10 years of exercise in complex projects.

Related project

The list of CyberSEAS-related projects and members of the Cybersecurity Innovation Cluster for EPES can be found here