Enhancing cyber-resiliency of EPES assets

The main objective of the PHOENIX project is to secure the European Electrical Power and Energy System (EPES) assets and networks against cyber-attacks. A prerequisite for this is indeed represented by secure connectivity, which – although technical means exist – is not supported by a substantial number of legacy EPES assets. The PHOENIX project thus aims at providing additional security features and measures to the legacy systems by developing a Universal Secure Gateway (USG).

Existing EPES assets (i.e., RTUs, all kind of programmable logic controllers (PLC), SCADA systems, smart meters, etc…) were not designed to be resistant to cyber-attacks. A quick web scan for SCADA system vulnerabilities shows issues like poor training, app development loopholes, monitoring issues and lack of maintenance. And the same applies for smart metering devices. In recent years, the number of attacks against critical infrastructure has significantly increased. The Stuxnet malware is an example of a high-profile SCADA attack, which was first discovered in an Iranian power plant in 2010. Stuxnet was used to infect and reprogram the PLCs. Another example is the Maroochy attack against a sewage system, causing 800.000L of sewer waste to be released in waterways and parks. The Maroochy attack was perpetrated by an insider, taking advantage of insecure communication between the pumping station and the central SCADA control system. Therefore, it is crucial that any threat to these systems and supporting communications infrastructure is promptly detected and acted upon.

The PHOENIX project thus aims at providing additional security features and measures to the legacy systems by developing a Universal Secure Gateway (USG), a device directly connected to EPES assets which securely connects those for data gathering as well as supervisions and controls over standard interfaces and protocols. To sum up, the USG is a device aimed at adding the security functionalities and features to the legacy EPES which lack such capabilities, enhancing their cyber resiliency. The primary role of the USG is to ensure the exchange of supervision and monitoring data, between the edge network and the SCADA server. The device implements federated machine learning models to classify the information it receives, aggregating and correlating events from several USGs and edge networks. It also provides cyber-attack detection mechanisms and deploys anomaly detection capabilities with the identification of rare data that significantly differs from the majority of other data, often linked to illegitimate actions on the assets, reporting those to the PHOENIX system using a set of methodologies defined by the project.

For the design and development of the USG, many requirements are being considered by PHOENIX partners: compatibility with legacy systems, form factor that better enables generic deployment and installation, interoperability with a vast number of communication protocols as well as availability of multiple communication and connectivity interfaces.