Cybersecurity and Resilience in Energy
Sector and other Critical Infrastructures
Tomáš Pitner, Lasaris Head
pitner@muni.cz
https://www.linkedin.com/in/tomaspitner/
Cybersecurity and Resilience
̶ CS and Resilience as key challenges today
̶ Lasaris CS research in context of @FI and MU
̶ Roots in trust and reliability
̶ Always holistic view incl. law and regulations, geopolitics, ethical
values and principles, business view
Cybersecurity and Resilience
̶ Cybersecurity refers to the practices, technologies,
and processes designed to protect computers,
networks, programs, and data from attack, damage, or
unauthorized access.
̶ It encompasses a range of measures taken to
safeguard digital information and assets against
cyber threats, such as malware, phishing, and
hacking, ensuring the integrity, confidentiality, and
availability of information.
̶ Resilience refers to the ability of an individual,
community, system, or material to withstand, adapt
to, and recover from stress, challenges, or
adversity.
̶ It embodies the capacity to bounce back from difficult
situations, maintaining functionality, or even emerging
stronger.
̶ In psychology, resilience is often discussed in the
context of mental health and coping mechanisms. In
materials science, it describes the capability of a
substance to return to its original shape after
deformation.
̶ Across contexts, resilience highlights strength,
flexibility, and adaptability in the face of obstacles.
Cybersecurity and Resilience
Same or different research communities?
Reality is only one:
Significant Attacks against Energy Infrastructure
Source: Zografopoulos et al. (2023) Distributed Energy Resources Cybersecurity Outlook:
Vulnerabilities, Attacks, Impacts, and Mitigations arXiv:2205.11171v4
The view of the attacker as a necessary
aspect
̶ A comprehensive cybersecurity solution must include
̶ the adversary view that can not only mitigate against
̶ previous "what happened" incidents, but also
̶ actively defend against "what could happen" scenarios.
̶ The same problem as with democracy:
̶ we are right but cannot use all instruments the attackers can
Multidomain attacks must be defended by
multidomain readiness and response
̶ Environmental, social and
corporate governance (ESG)
̶ Insurance policy
̶ Credit policy (banks)
̶ Subsidy policy (governments)
̶ Tax policy (governments)
̶ (complete) Openness policy
̶ Supply-chain resilience
̶ Critical resources
̶ Technology autonomy
̶ Strategic planning
̶ Robust regulation
̶ Regional/EU and overseas
partnership
̶ De-globalization
Domain examples & our R&D+E interests
̶ Semiconductors
̶ Chip design
̶ Supply chain
̶ Position of CZ in Europe
̶ ACDRC in CZ/Brno
̶ Cyber-physical systems
̶ Introduction to IoT
̶ IoT/ICS Security
̶ Cybersecurity
̶ Cyber range
̶ Forensics & f. readiness
̶ CS Education
̶ Energy supply and delivery
̶ Flexibility in supply/demand
̶ Energy communities
̶ CS in transmission and
distribution
Energy supply and delivery: good example
of complex approach needed
̶ Regulations
̶ Scope: more than single nation
̶ Business aspects
̶ Just about (private) profit vs
loss?
̶ Externalities
̶ Vulnerability analysis
̶ Entire supply chain
̶ Case of electricity: direct
impact on other CI
̶ Importance of IT and OT sec
̶ Both are vital: you cannot
produce if you cannot sell
Distributed power supplies expand the
security perimeter
Attacks against DER - scenarios
studied
Disruptions in DER
- Random outages
- Natural phenomena
- Deliberate attacks
Attacks against DER - possibility or reality?
Cyber-attacks that target Demand-Response in smart grids by injecting false
information about consumption and generation
Possibility such of attack experimentally verified:
Increase the load on the distribution network by 8-28%
Increase the cost (finance) of ancillary services
The principle of attacks against DER
Source: Daogui Tang et al. (2023) Vulnerability analysis of demand-response with renewable energy
integration in smart grids to cyber attacks and online detection methods.
Reliability Engineering and System Safety, Elsevier.
Experiments with attacks and defences
Cyber attacks against DR in smart grids by injecting fraudulent consumption and
production information
Countermeasures: online detector based on convolutional neural networks
Detect cyber attacks + mitigate their impact
Works against attacks with fixed rates of change,
Attacks with variable rates of change are in principle difficult to detect
Attack vectors and potential threats
Poor interoperability
Cause: diversity and inconsistency in architecture and implementation
specifications (e.g. security requirements) can lead to insecure communication
between systems
Consequence: rejection of legitimate messages and commands for DER
Source: Zografopoulos et al. (2023) Distributed Energy Resources Cybersecurity Outlook:
Vulnerabilities, Attacks, Impacts, and Mitigations arXiv:2205.11171v4
Attack vectors and potential threats
Data integrity breaches
Stored, transmitted or received data is modified without authentication,
Consequences: causes DER failures or allows unauthorized access to
control/logging information.
Threat: Malicious modification of control parameters
Attack vectors and potential threats
Implementation vulnerabilities
Security flaws in systems and/or communication modules allow remote control of
active DER elements and exfiltration of historical data
Threat: Potential for unauthorized production/load control
Attack vectors and potential threats
Compromised supply chain
Possible installation of spyware malware residing on hardware, worms, oversights
in manufacturing of components, equipment or systems
Threat: Exposure of sensitive information
Attack vectors and potential threats
Insecure firmware
Digital signatures of firmware updates are not authenticated, allowing malware
(viruses, worms, Trojans, etc.) access to secure systems
Threat: Escalation of permissions on DER systems
Attacks in hierarchical management systems
- autonomous systems
- distributed hierarchical control architectures
- many entry points for an attacker
- possible cascading effects
Summary of the main sources of vulnerabilities
- Smart grid systems face many vulnerabilities due to their interconnected nature,
multitude of devices and communication networks
- Lack of interoperability and standardisation
- Systems consist of disparate components from different manufacturers
- Using different communication protocols
- Physical security risks (unauthorised access, tampering, physical attacks)
- Inconsistent regulatory and policy frameworks across jurisdictions
- How to implement uniform security measures and share information
What we do for safety
Cybersecurity Innovation Hub - SMEs, public sector
Concentration of know-how across the Czech Republic
Czech part of EU Quantum Communication Infrastructure
National Cybersecurity Coordination Center NCCC
13 years of connecting
practice, research and
education
Mentoring and guiding other
universities in the field of
cyber security.
We have created an opensource
platform for
cybersecurity training.
1st cybersecurity team
certified by Trusted
Introducer in the Czech
Republic
In-house cybersecurity know-how
Our story
Supported by the Ministry of the Interior of the
Czech Republic
First open-source Cyber Range in the EU
Introduction of open format training and exercises
Used for exercises for banks and the energy
industry
Ministry of Defence
Czech Republic
Support for national coordination centres
̶ National Contact Points aim to promote research and competitiveness
̶ KYPO offers itself as an EU platform for education.
̶ We have started negotiations with neighbouring countries.
̶ We try to provide other services.
Cyber Range open source and open content
̶ Initiative to provide open alternatives to commercial.
̶ 10 confirmed deployments.
̶ KYPO and content is available for free.
̶ We are looking for more users and support.
Benefits of open training and exercise
̶ Human and machine readable format
̶ Interchangeable between KYPO CRP instances
̶ Possibility to transfer to other domains
̶ Use of widely accepted tools
̶ Adheres to the principles of infrastructure as a code
̶ High level of code reusability
Use cases
Training Exercise
̶ Practical training similar to CTF
̶ Practical action by the red or blue
team
̶ Focused on improving skills
̶ Free training content is available
̶ Realistic exercises
̶ Focused on red/blue team
activities
̶ Multidomain event
̶ Available as a service
Training
Commercial Cyber Security Exercise
̶ The activity is based on the CyberCzech exercise (with
NUCIB).
̶ We have established a long-term cooperation with ČEZ.
̶ We plan to expand into other sectors.
̶ The exercises focus on practical experience.
̶ Exercises track current Advanced Persistent Threats
and attacks.
̶ We provide realistic tools, procedures and attacks.
Exercise - IT training environment in the
cloud
Exercises - OT systems
Exercise - "Situational Awareness"
Exercise - team tracking
Our vision
Everyone can become part of a growing community.
Open content and support tools are available.
The development is being guided by the KYPO CRP Steering
Committee.
A practical training platform for the ECCC and ENISA.
KYPO CRP Related links
̶ KYPO Cyber Range Platform crp.kypo.muni.cz
̶ Documentation KYPO CRP docs.crp.kypo.muni.cz
̶ Cyber training and training services.kypo.muni.cz
̶ Official Twitter account @kypocrp