PHOENIX: Electrical Power System’s Shield against complex incidents and extensive cyber and privacy attacks
The PHOENIX project focuses on the protection of the European end-to-end EPES via prevention, early detection and fast mitigation of cyber-attacks against EPES assets and networks and from human activities, while protecting the utilities and end-users’ privacy from data breaches by design.
The Electrical Power and Energy System (EPES) is considered among the most complex Cyber-Physical systems with huge effects to other critical infrastructures, such as water supply, communications, transportation, industry, finance. As a result, it has already experienced complex cyber-attacks. Only in 2014, some 250 energy companies in the western Europe and the US were infected by Dragonfly 2.0 and a virus called “Energetic Bear”, similar to Stuxnet, while the Ukraine power grid was cyberattacked on December 2015 and on January 2017, creating power outage and significant problems. As reported by the US Department for Homeland Security, Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) the energy sector experienced more cyber incidents than any sector from 2013 to 2015, accounting for 35% of the 796 reported incidents. Taking into account the importance of energy in our life and its influence on other critical infrastructures, EPES requests significant attention. The PHOENIX focuses on the protection of the European end-to-end EPES via prevention, early detection and fast mitigation of cyber-attacks against EPES assets and networks and from human activities, while protecting the utilities and end-users’ privacy from data breaches by design. PHOENIX will achieve EPES security and privacy via 4 project pathways: Technology centred, Human centred, Business centred and Legislation centred. PHOENIX will involve real-world scenarios to validate the effectiveness of PHOENIX across 5 European Large Scale Pilots (LSP) in Italy, Germany, Slovenia, Greece and Romania involving the complete end-to-end generation, transmission, distribution and consumption value chain. Beyond the individual LSPs, cascading effects even to other critical infrastructures will be simulated and cross-border security and privacy sites will be tested and validated. PHOENIX will leverage on the experience of EMOT in the area of EV fleets management and the communication requirements they induce. Hence, EMOT will be active in the assessment of the risks and the relevant countermeasures from the end-user point of view, focusing on the cybersecurity issues as considered from the EV and charging station, along with the relevant privacy risks. Moreover, EMOT main contributions will be provided at the development of the situation awareness mechanism and especially in Self-enforcing Privacy Management contributing to the privacy and GDPR related development. Finally, EMOT will play a key role participating in Italian pilot trial and validating the PHOENIX system in real life EV mobility scenarios.