Cybersecurity Innovation Cluster for EPES


About the Clusterabout

In order to maximize the impact of our developments and accelerate the exploitation of the partner projects’ results, we created the Cybersecurity Innovation Cluster for EPES. Though independent, the cluster is supervised by the EC and acts as a think tank and information exchange ecosystem to guide and coordinate the cybersecurity research and innovation results and synchronize the EPES Infrastructure Stakeholders’ continuous effort on improving the cybersecurity and resiliency of their infrastructure.


Collaboration Topics

Cyber Risk governance

  • Define and agree on commonly accepted methodologies and procedures for risk identification across assets, systems, networks and systems of systems
  • Define and agree on commonly accepted risk classification procedures, including Security Tiers where assets, systems and networks could be characterized based on metrics such as risk severity, probability and cascading effects. The Security Tiers could be also used for insurance purposes
  • Define and create risk and cybersecurity repositoriesfrequently updated from external risk /malware repositories and participants’ experience

SOC/ SIEM tools

  • Define secure common hardware/software secure, trusted and traceable inter-systems’ interfaces and APIs that would enable interoperability between Security Information and Event Management (SIEM) systems 
  • Define common hardware/software communication interfaces to improve cross-utility, cross-border and even cross-domain situation awareness, attacks/incidents identification and cross-domain countermeasures advise or even enforcement 

Legacy middleware components hardening

  • Define common hardware/software systems for enhancing interfacing legacy assets and systems (SCADA/RTU)
  • Techniques for data acquisition of legacy components in order to exploit historical data information that could be significant to any subsequent AI-driven methodology applied on the energy smart grids

Threat isolation

IT-network level: SDN-based Threat Detection, Mitigation and Prevention

  • Increasing network visibility and scalability, managing easier the EPES network
  • Using SDN statistics for threat detection
  • Isolating and corrupting in real-time the malicious/anomalous network flows 
  • Forming alternative network paths in order to avoid malicious/anomalous activities
  • Redirecting the malicious network traffic to EPES honeypots for collecting valuable information about the malicious activities.

Energy-grid level: Electricity-related Threat Isolation & Mitigation Mechanisms

  • Intentional and proactive islanding/isolation mechanisms in case of emergency, forming islands/microgrids/nanogrids.
  • Energy management, balancing the energy supply and demand for each island/microgrid/nanogrid
  • Electrical grid restoration after the emergency

Common trials

Laboratory facilities and simulation environments in order to adopt common testing mechanisms

  • scarce data availability is a common obstacle when it comes to AI/ML techniques endorsement, technologies used by all cluster projects
  • Zero-knowledge proof techniques should be applied to resolve the issues of model validation, e.g. based on inter-DLT technologies

Real life pilots that could be used as common testing facilities

  • Confidentiality issues

Definition and adoption of common Certification and Validation Procedures

  • considering existing standards, different legislations and national frameworks 

Interaction with BRIDGE groups

European energy data exchange reference architecture

  • Use it as reference to position CyberEPES activities related to the protection of the Energy Data Space​
  • Feedback on cybersecurity aspects in relation to the architecture report​

Use case repository

  • Analyze cybersecurity implications for use cases in the repository​
  • Contribute to the repository with use cases from the CyberEPES cluster (non-disclosure issues to be evaluated)​

BRIDGE report on Cybersecurity and Resilience

  • Additional feedback from projects on particularities of the energy network​

Interaction with CSIRTs/ CERTS

  • Organizational/ Multi-Organizational Incident Response Teams establish trusted communication channels in order to exchange information, adhering to certain privacy constraints
  • Identification of MeliCERTs potential improvements 

Contributions related to regulations

Action plan on the digitalization of the energy sector (Roadmap)

  • Input/feedback on the following areas of the plan: 
  • «Developing a European data-sharing infrastructure»  in relation to the cybersecurity of the data-sharing infrastructure
  • «Enhancing the cybersecurity of the energy sector» in relation to threats and countermeasures proposed by the cluster

Network Code on Cybersecurity

Foster a Culture of Knowledge and Security 

  • Define of training procedures and cybersecurity courses that could be provided to under graduate and post-graduate students, MSc students or lifetime training professionals
  • Definition and implementation of simulation and cyber ranges’ platforms as a horizontal action to support the upskilling of current human resources
  • Coordination of multilevel dissemination ranging from academy and research team, to stakeholder and decision makers
  • Coordination of common submissions to standardization bodies

Data Protection & GDPR compliance

  • alignment to relevant regulations and recommendations by the European Commission

Key issues:

  • Protection auditing against personal data breaches
  • Data protection transparency and accountability
  • Data protection in the energy supply chain
  • Privacy preserving monitoring


CyberEPES Members

CyberSEAS (Cyber Securing Energy dAta Services) aims to improve the overall resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions, the extended involvement models of stakeholders and consumers as channels for complex cyber-attacks, the presence of legacy systems and the increasing connectivity of energy infrastructures, data stores and services retailers.

rEsilient and seLf-healed EleCTRical pOwer Nanogrid
ELECTRON  aims at delivering a new-generation EPES platform, capable of empowering the resilience of energy systems against cyber, privacy, and data attacks

Defensive toolkit for cyber protection for EPES stakeholders.

Provide a cyber-shield armour to European EPES to survive coordinated, large scale cybersecurity and privacy incidents; guarantee the continuity of operations and minimize cascading effects in the infrastructure itself, the environment and the end-users at reasonable cost.

SDN-microSENSE intends to provide a set of secure, privacy-enabled and resilient to cyberattacks tools, thus ensuring the normal operation of EPES as well as the integrity and the confidentiality of communications.


artificial Intelligence threat Reporting and Incident response System

The EU-funded IRIS project will address the challenges of IoT- and AI-driven ICT systems through a collaborative-first approach centred around computer security incident response teams (CERTs/CSIRTs).


Artificial intelligence for next generation CYBERsecurity

The Ecosystem Framework of next generation AI-based services for critical system robustness, resilience, and appropriate response in the face of advanced and AI-powered cyberattacks.


DYNABIC goal is to increase the resilience and business continuity capabilities of European critical services in the face of advanced cyber-physical threats


Cluster Organization Structure

Committee Chairs

Paolo Roccetti

Cluster coordinator

Engineering - CyberSEAS

Panagiotis Sarigiannidis

R&D Chair

University of Western Macedonia - SDN-Microsense

Theodore Zahariadis

Testing/Pilot Chair

Synelixis - PHOENIX

Luigi Romano

Policy/Standardization Chair

CINI (University of Naples "Parthenope") - CyberSEAS

Denis Caleta

Security Chair

Institute for Corporate Security Studies (ICS-Ljubljana) - CyberSEAS


Sofia Tsekeridou

ENISA Delegate


Massimo Bertoncini

BRIDGE Delegate

Engineering - CyberSEAS

Rong Jun

ENTSO-E Delegate

Independent Power Transmission Operator | IPTO - SDN-Microsense

Paolo Roccetti

IDSA/GAIA-X Delegate ad interim

Engineering - CyberSEAS


Contact the Cluster