Cybersecurity threats are escalating and impacting industries worldwide. Phoenix, the collaborative project involving DNV and 22 industry partners, sets out to protect electrical power supplies through the use of innovative techniques and tools that detect and counter cyber and privacy attacks.
Derived from electrical Power system’s sHield against cOmplEx INcidents and eXtensive cyber and privacy attacks, PHOENIX’s triple aims are to strengthen EPES (Electrical Power and Energy System) cybersecurity preparedness, to coordinate EPES cyber incident discovery, response and recovery and also to accelerate research and innovation in EPES cybersecurity.
The challenges
The infrastructure of the energy sector is changing in a modern connected society. The old model is expanding with new kinds of energy producers, flexibility providers, energy market actors, new business models. This is continuously increasing the attack surface and attracting the interest of hackers as a lucrative target for criminal activity. Complex cyber-attacks have already been experienced in some parts of the globe.
Also, cyber-attacks against electrical power and energy systems have the potential to not only disrupt power supplies but will inevitably cascade down and impact other critical infrastructures such as water supplies, communications transport, industry and finance.
Managing cybersecurity threats
The PHOENIX project is funded under the framework EU Horizon 2020 programme and involves 23 partners who have collaborated since the project start up in 2019.
The PHOENIX partners have explored the area of cybersecurity threats and used innovative techniques to develop new tools such as Persistent & Secure Communications (5G), Situation Awareness and Privacy Preserving Machine Learning to detect and countermeasure these cyber threats. Five large scale pilots (LSPs) have been part of this project where various aspects and attack modes were evaluated and the resiliency of these LSPs checked by carrying out comprehensive penetration testing work based on current international standards.
Over a period of three years and three phases, the PHOENIX project firstly dealt with the methodology and specification, federated platform V.0, laboratory prototype validation, trials data collection and initial testing. The second phase tackled refinement in the methodology and specifications, additional components/functionality, a fully functional platform V.1.0 and extended laboratory testing. The last phase spanning over the last six months took care of functionality validation, extensive trials testing, product ready platform V.2.0 and impact assessment.
A security roadmap was also formulated together with a requirement plan for a certification centre and replication guidelines for products and systems created during the project.