Review: Insight Talk “Cybersecurity4Energy”

In our last Insight Talk, we looked at the exciting potential for research and innovation and possible applications of cybersecurity – with a focus on digital energy infrastructure. Get exciting insights into concrete best practice cases in our reviewhow innovative data-driven processes of energy research to meet the new challenges of decentralization and digitalization can support!

Cybersecurity plays a key role in the energy transition. It can make a valuable contribution to innovative solutions in the field of data-driven processes. Together with our international experts Johanna Ullrich (Expert for networks and critical infrastructure SBA Research), Thomas Dlouhy (Advenica Austria) and Markus Stadelhofer (SigaSec), we took a closer look at the promising potential.
Many thanks at this point to our speakers for their valuable and inspiring contributions!

Why energy research projects should consider cyber security from the outset

Christian, R&D manager and foresight expert at the Green Energy Lab, dedicated the talk’s intro to the question of why cyber security is relevant for the energy industry: “The constant increase in digital processes and the rapid growth in data volumes also increases the vulnerability of our energy system to cyber attacks. In 2022, this caused damage of USD 8.44 trillion worldwide. The loss forecasts for 2027 point to 24 trillion. As a result, cybersecurity has gone from being a niche topic to an important focus of critical infrastructure protection. Cybersecurity as part of the innovation field of Data Driven Processes is therefore also a focus of Green Energy Foresight, although no project is currently dealing explicitly with this topic. (More information on Green Energy “Foresight Services” can be found at here). The most important drivers that are increasingly bringing the topic of Cybersecurity4Energy into focus are the decentralization of the world of work and cybercrime as a geopolitical weapon.

The possibilities for protecting yourself against threats are as varied as the threat scenarios themselves. They range from measures such as education against social engineering, two-factor authentication, zero-trust gateways, data diodes, etc. to technologies that until recently were just dreams of the future. The latter category includes, for example, quantum cryptography and artificial intelligence. However, both areas are already the subject of active research and practical testing.

Relevant questions and innovative solutions through the right expertise

Cybersecurity must be considered in research and innovation projects from the outset. Digitization projects in the energy sector as part of research and innovation offer an ideal opportunity to integrate security by design into data-driven processes.

Johanna Ullrich, Key Researcher at the COMET Center, gave an overview of the topic from a research perspective SBA Research and head of the Networks and Critical Infrastructures Security Research Group. The scientist, who specializes in the protection of critical infrastructure with her team, points out various types of attacks that the energy sector is confronted with: manipulation attacks on energy markets, balancing energy, smart meters or so-called “manipulation of demand attacks” have long since become more than just a potential threat, but have already become part of everyday life for companies, as she demonstrates with specific examples. Your brief SWOT analysis of the energy sector shows: On the one hand, the energy sector has a good and efficient infrastructure and engineering expertise. Digital processes are well established and system errors are usually rectified quickly. However, there is a particular need to catch up at the interface between IT security and engineering in the energy sector. The trained Engineer for automation technologywho completed her PhD in computer science, knows from her own experience about the lack of this expertise in research and innovation projects.

Protecting the weakest link in the energy system

Thomas Dlouhy from the Swedish company Advenica recalls EU regulations, such as the NIS Directive, for the legal regulation of network and information security or the well-known European General Data Protection Regulation (GDPR) and the ePrivacy Regulation, which requires companies to protect their critical infrastructure. It is important to take a close look at the “weakest link” in the energy system: IoT (Internet of Things) and OT (Operational Technology) systems are essential for monitoring and controlling energy infrastructures such as power grids and power plants, but are vulnerable to some cyber threats. The design of some of these OT infrastructures was developed long before the advent of the internet, which means that they are not equipped with the latest security features. Hackers can exploit these vulnerabilities to infiltrate systems, steal data or launch attacks on the energy infrastructure itself. It is therefore crucial that IoT and OT systems in the energy sector are carefully secured to ensure the stability and security of the entire system. The company offers a physical data diode solution for this, more details of which can be found in the presentation and in the recording of the event.

The supply chain as a gateway

Not only in the IT network, but also in the OT network of the production facilities attacks can take place. “Infected components, for example from a supplier, can be a gateway and can compromise your own OT system is infected”, says Markus Stadelhofer from the Israeli company SigaSec. It is therefore essential to protect the most important systems directly at the source, at the sensors. The company has implemented this “zero tolerance approach”, for example in the EU research project Energy Shield and examined application examples from the energy sector. Here, the company has simulated various attacks on the systems of energy supply companies, e.g. in Italy and Singapore, and has organized them into so-called “Critical Infrastructure Security Showdowns” gained valuable insights. For this reason, this topic can be addressed in particular through cooperative research and innovation projects, where the entire supply chain is considered and the relevant stakeholders are involved.

What are the most exciting fields of research and innovation for the digitalization of the energy system?

The panelists at the Insight Talk gave the energy industry a mixed report card when it comes to cybersecurity. They identified a considerable need to catch up and suggested taking other sectors as a model and learning from them (e.g. the telecoms sector or the automotive industry). The experts saw a particular point of attack in the rapidly growing decentralized elements of the energy system (e.g. inverters, charging stations and demand-response controlled devices such as heat pumps, battery storage, etc.).

It is precisely these decentralized elements of the energy system that offer an exciting object of investigation for research and innovation projects that can contribute to the secure and resilient digitalization of the energy system. Green Energy Lab offers the ideal platform for this, bringing together innovative tech companies, forward-thinking energy supply companies and top scientific expertise to drive innovative ideas forward.

Funding opportunities Cybersecurity4Energy – Your project idea is wanted!

In this context, we would like to draw your attention to the numerous national and international calls for proposals in the field of cybersecurity for energy-related projects as particularly exciting funding opportunities:

• Horizon Europe – Cluster 3 “Civil Security for Society”

• • Destination Resilient Infrastructure
  • Destination Increased Cybersecurity
• Complementary program to Horizon Europe: Digital Europe Program
  • Key area cybersecurity, new program tba expected. Q1 2023
• KIRAS – The security research program – Call for proposals 2022
  • Tender priorities include: “Critical infrastructure protection” and “Cybersecurity”
  • Annual call for tenders

• Data service ecosystem for the energy transition
  • We are looking for a lead project to establish a data service ecosystem; solutions for the energy transition by developing methods for data exchange are required
• AI for Green
  • Research-intensive technology developments in the field of artificial intelligence, which include the areas of energy transition and mobility transition, call opening expected. Q2 2023

Do you have an exciting project idea around Cybersecurity4Energy? Please contact Karin Dögl (karin.doegl@greenenergylab.at) and benefit from our proven services to sharpen your project and networking within our project portfolio.

Have we aroused your interest?
You can watch a video of the entire event here:

Also the exact program of the event and the overall presentation are also available for review.