The EnergyShield project will develop an integrated toolkit covering the complete EPES value chain (generator, TSO, DSO, consumer). The toolkit combines novel security tools from leading European technology vendors and will be validated in large-scale demonstrations by end-users. The EnergyShield toolkit will combine the latest technologies for vulnerability assessment (automated threat modelling and security behaviour analysis), monitoring & protection (anomaly detection and DDoS mitigation) and learning & sharing (security information and event management). The integrative approach of the project is unique as insights produced by the various tools will be combined to provide a unique level of visibility to the users. For example, it will be possible to combine vulnerability scanning with automated threat modelling to provide insights into software vulnerabilities present in an architecture in combination with insights into what are the key assets, risks and weak links of the architecture. The toolbox will allow end-users to predict future attacks (as it provides insights to what attacks can be applied to the weakest links of the architecture) and learn from past attacks (for example using the insights from the vulnerability assessment and threat modelling to prevent attacks, and learning from attacks to update the probabilistic meta-model of the threat modelling). The toolkit will be implemented with the complete EPES value chain who will contribute to the specification, prototyping and demonstration phases of the project. Although the toolkit will be tailored to the needs of EPES operators, many of the technology building blocks and best practices will be transferable to other types of critical infrastructures. The consortium consists of 2 large industrial partners (SIVECO and PSI), whereof SIVECO is taking the lead supported by 6 innovative SMEs, 3 academic research organizations and 7 end-users representing various parts of the EPES value chain.

Over the last decade, cyber-attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted which may leverage zero-day exploits and highly creative interdisciplinary attack methods. As our society is becoming increasingly dependent on Critical INfrastructures (CIN), new technologies are needed to increase our detection and response capabilities. Detecting and responding to such attacks by a highly motivated, skilled and well-funded attacker has however been proven highly challenging. One of the most vulnerable and high-impact CIN is the Smart Grid. Smart Grid is considered as the next-generation power system, which promises self-healing, resilience, sustainability and efficiency to the energy Critical Infrastructures (CIN). However, securing smart grids against cyber-attacks is of vital importance for National Security and Public Safety, since the collapse of an energy production utility may cause human lives, millions of euros, denial of a very important and common good such as energy and days or even months of recovering. To this end, the SPEAR proposal aims at a) detecting and responding to cyber-attacks using new technologies and capabilities, b) detecting threat and anomalies timely, c) developing all-in-one security detection solutions, d) leveraging advanced forensics subject to privacy-preserving, e) confronting Advanced Persistent Threat (APT) and targeted attacks in smart grids, f) increasing the resilience of the smart grid innovation, g) alleviating the lack of trust in smart grid operators and h) empowering EU-wide consensus. Within SPEAR, four proof-of-concept Use Cases are planned in order to validate and assess the implemented security and privacy tools.