SPEAR is aiming to develop an innovative tool for detecting and responding to cyber-attacks against Smart Grid. Smart Grid is considered as the next-generation power system, which promises self-healing, resilience, sustainability and efficiency to the energy critical infrastructures. As this sector has significantly improved with the integration of information technologies, there is a consequence of increased vulnerability to cyber-attacks. Therefore, developing technology to proactively detect these attacks and with the capability of timely and effective response is of vital importance for national security and public safety, since the collapse of an energy production utility may put human lives at risk, through the denial of a very important service, as well as causing millions of euros in damage.
Over the last decade, cyber-attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted which may leverage zero-day exploits and highly creative interdisciplinary attack methods. As our society is becoming increasingly dependent on critical infrastructures such as the smart grid, new technologies are needed to increase our detection and response capabilities against attacks on these infrastructures. To this end, the SPEAR project aims at developing a system for: a) detecting and responding to cyber-attacks using new technologies and capabilities, b) detecting threat and anomalies timely, c) developing all-in-one security detection solutions, d) leveraging advanced forensics subject to privacy-preserving, e) confronting Advanced Persistent Threat (APT) and targeted attacks in smart grids, f) increasing the resilience of the smart grid innovation, g) alleviating the lack of trust in smart grid operators and h) empowering EU-wide consensus.
Challenges & Highlights
A specific challenge the project is facing lies in the fact that detecting and responding to cyber-attacks by a highly motivated, skilled and well-funded attacker has proven highly challenging. SPEAR will therefore have to first analyse the threat and attack patterns against the smart grid before developing tools to detect and respond to such incidents. This will involve the collection of all relevant data including data from energy operators, and end users such as smart home. Besides this, four proof-of-concept Use Cases are planned in order to validate and assess the implemented security and privacy tools developed in the project. Within the project, L3S will ensure legal and ethical compliance of the above described research, taking into account the European legal framework on critical infrastructure, privacy and data protection, network and information security, as well as international guidelines applicable in this area. The challenge will be to safeguard personal data involved in the development of the tools, while enabling the envisaged research to be undertaken. A special focus will lie on the compliance requirement for such tools to make them useable within the EU legal framework.