Protecting electrical power systems

Cybersecurity threats are escalating and impacting industries worldwide. Phoenix, the collaborative project involving DNV and 22 industry partners, sets out to protect electrical power supplies through the use of innovative techniques and tools that detect and counter cyber and privacy attacks.

Derived from electrical Power system’s sHield against cOmplEx INcidents and eXtensive cyber and privacy attacks, PHOENIX’s triple aims are to strengthen EPES (Electrical Power and Energy System) cybersecurity preparedness, to coordinate EPES cyber incident discovery, response and recovery and also to accelerate research and innovation in EPES cybersecurity. 

The challenges 

The infrastructure of the energy sector is changing in a modern connected society. The old model is expanding with new kinds of energy producers, flexibility providers, energy market actors, new business models. This is continuously increasing the attack surface and attracting the interest of hackers as a lucrative target for criminal activity. Complex cyber-attacks have already been experienced in some parts of the globe. 

Also, cyber-attacks against electrical power and energy systems have the potential to not only disrupt power supplies but will inevitably cascade down and impact other critical infrastructures such as water supplies, communications transport, industry and finance. 

Managing cybersecurity threats  

The PHOENIX project is funded under the framework EU Horizon 2020 programme and involves 23 partners who have collaborated since the project start up in 2019.

The PHOENIX partners have explored the area of cybersecurity threats and used innovative techniques to develop new tools such as Persistent & Secure Communications (5G), Situation Awareness and Privacy Preserving Machine Learning to detect and countermeasure these cyber threats. Five large scale pilots (LSPs) have been part of this project where various aspects and attack modes were evaluated and the resiliency of these LSPs checked by carrying out comprehensive penetration testing work based on current international standards.

Over a period of three years and three phases, the PHOENIX project firstly dealt with the methodology and specification, federated platform V.0, laboratory prototype validation, trials data collection and initial testing. The second phase tackled refinement in the methodology and specifications, additional components/functionality, a fully functional platform V.1.0 and extended laboratory testing. The last phase spanning over the last six months took care of functionality validation, extensive trials testing, product ready platform V.2.0 and impact assessment. 

A security roadmap was also formulated together with a requirement plan for a certification centre and replication guidelines for products and systems created during the project.  

The benefits  

PHOENIX aims to offer a cyber-shield armour to European EPES infrastructure enabling cooperative detection of large scale, cyber-human security and privacy incidents and attacks. This should guarantee the continuity of operations and minimize cascading effects in the infrastructure itself, the environment, the citizens, and the end-users at reasonable cost. The project combines a novel protective concept for resilience and survivability, a fully decentralized inter-blockchain cybersecurity information platform to strengthen EPES cybersecurity preparedness. It also helps drive competitiveness and growth in Europe, as well as tackle societal challenges.  

The market potential 

The market for Phoenix products is very dynamic and fast evolving due to the rapidly changing concepts and structure evolution of the energy sector and other critical infrastructure. From the cybersecurity point of view, the solutions provided by the PHOENIX project will help in preventing these cyber-attacks to materialise and keep the EPES on a safe footing.   

The project also reported on the market status related to each of the key PHOENIX products. By building upon the identified market opportunities and challenges, details of exploitation plans both at partner’s and consortium level to maximise its market impact were produced.  

Acknowledgement: The project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No: 832989 with the management of the Innovation and Networks Executive Agency (INEA)