As our society is becoming increasingly dependent on Critical Infrastructure (CI), new technologies are needed to increase our detection and response capabilities. Detecting and responding to cyberattacks by a highly motivated, skilled and well-funded attacker has been proven highly challenging. One of the most vulnerable and high-impact CI is the smart grid since the collapse of an energy production utility may cause human lives, millions of euros, denial of a very important and common good such as energy and days or even months of recovering. Smart Grid is considered as the next-generation power system, which promises self-healing, resilience, sustainability and efficiency to the energy CI. As the smart grid paradigm is reaching every house and building, the potential of attracting cyber-attackers towards getting access to the underlying systems and networks is getting larger. Most of the present security solutions neglect the added-value that high-efficiency analytics and visualisation could bring in the today’s smart grid arsenal, while underestimate the trade-off between the forensic effectiveness user privacy.
The H2020-DS-07-2016-2017 Secure and PrivatE smArt gRid (SPEAR) project, which is coordinated by the University of Western Macedonia, comes to provide effective solutions in detecting, responding and taking countermeasures against advanced cyber threats and attacks targeted to modern smart grids. SPEAR proposes a three-tier platform, where each part has different yet complementary role. The first-tier builds an advanced all-in-one, Security Information and Event Management (SIEM) tool, called SPEAR SIEM. The second-tier intends to provide a rigorous forensic framework, called SPEAR Forensic Readiness Framework (SPEAR-FRF), able to collect necessary information from the smart grid systems directly from the SPEAR SIEM tool. Innovative techniques are employed behind the implementation of the SPEAR-FRF, such as the design and the deployment of Advanced Metering Infrastructure (AMI) honeypots, for attracting attackers and capturing the necessary attacks traces and the implementation of an effective privacy-preserving framework. SPEAR goes beyond by inaugurating an anonymous and secure communication channel between all energy operators in EU in the third-tier. An EU-wide collaborative framework is introduced that will foster Situational Awareness (SA) by forming a common and robust defence line against threats and attacks, while validating the SPEAR architecture in four realistic and rigorous use cases, where power plants, energy operators, energy stakeholders, universities and Small and Medium-sized Enterprises (SMEs) will cooperate to demonstrate the SPEAR platform.