AI for APTs detection

Advanced Persistent Threats (APTs) detection in the realm of cybersecurity

Advanced Persistent Threats (APTs) detection in the realm of cybersecurity

R2D2 Partners S2Group has made an interesting publication to demostrate how they are appliying AI for APT detection within the frame of the R2D2 (Reliability, Resilience, and Defense technology for the grid) project, examining both current challenges and implicit benefits. S2Group analyzes the distinctive characteristics of APTs, the obstacles in their detection, and how AI- based results can overcome these challenges.

To achieve their goals, APTs use highly sophisticated tactics such as custom malware, exploitation of unknown vulnerabilities, and advanced social engineering techniques. Understanding and defending against these threats is essential, and the MITRE ATT&CK framework is crucial as it details the different phases of the cyberattack lifecycle, from reconnaissance to evasion.

In response to this challenge, the use of artificial intelligence (AI) is proposed as an effective solution to improve the detection of APTs. AI excels in its ability to analyze large volumes of data and detect anomalous patterns in real time, thus overcoming the limitations of traditional methods based on signatures and static rules. Unlike these conventional approaches, AI can adapt and learn from new threats, offering more dynamic and effective detection.

AI for APTs detection

In R2D2 project, S2Group is committed to integrating AI into its Carmen tool for APT detection. This process is developed in two main phases.

First, Natural Language Processing (NLP) techniques are used to project threat tactics and techniques into an N-dimensional space. This allows the alignment of historical threat intelligence collected by the Threat Intelligence team with the real-time results produced by Carmen’s analyzers. By representing this data in a common space, it is possible to measure the distances and relationships between them, identifying potential correlations that alert to the presence of an APT.

In the second phase, all previously generated alerts are correlated using an algorithm that calculates the risk probability of an APT. This approach allows for a more accurate and rapid assessment of the situation, increasing detection precision and enabling early identification of threats before significant damage occurs to the organization.

In summary, the combination of AI, NLP, and a threat intelligence database in the R2D2 project represents a significant advancement towards more proactive and robust cybersecurity. This innovative approach enhances the ability of digital infrastructures to withstand and mitigate the most advanced threats, ensuring resilience against APTs.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.


Internal meetings to make important decisions regarding UCs

Internal meetings to make important decisions regarding UCs

Partners from IMP, EMSS and SCC gathered together for an internal meeting in order to discuss about further implementations and development regarding UC12 “Emergency & Restoration -Over-Frequency Protection module” and UC19 “Emergency & Restoration -System Split module”.

The goal of UC12 is to replace individual controllers on generators, mimicking the response of the entire power system to over-frequency conditions and to ensure effective over-frequency protection, while the goal of UC19 is automatic detection and faster coordination during disturbances, ensuring faster and more efficient crisis response.

The main topic for UC12 was planning the future activities and dynamic of work. Also, some details were agreed about testing. Regarding the UC19, discussion was about needed inputs (frequency from PMU and topology) for detection of system split and improvements of coordination platform for a better signalization of smart notifications. Furthermore, it was agreed that the structure of notifications in some steps of coordination should be modified in order to be aligned with the business process.

Outcomes of this meeting will be reflected in future R²D² development.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.


R2D2 tools and activities: updated by HEDNO

R2D2 tools and activities: updated by HEDNO

HEDNO recently participated in an insightful workshop held in Ljubljana, focusing on the critical issue of grid resilience against extreme weather events. This event marked a significant collaboration between HEDNO and its partners, ETRA, ICCS and UCY.

ETRA is leading the development of the EMMA – GIMAN tool, an innovative solution that contributes to the reliability of the physical assets and to expedite a faster grid recovery. Meanwhile, ICCS and UCY play a key role in developing the C3POtool, which is crucial for simulating the cascading effects of extreme weather events on the grid infrastructure.

The workshop focused on the synergistic communication between these two innovative tools, showcasing their potential in mitigating the impacts of weather-induced disruptions. HEDNO’s role was crucial, as the organization provided vital insights into the data requirements necessary for the effective operation of both EMMA – GIMAN and C3PO tools.

HEDNO also participated in another critical workshop with S2 partner regarding the potential deployment of CARMEN tool in HEDNO’s premises. CARMEN is a threat hunting tool specialised in analysing traffic, detection of anomalies, fighting Advanced Persistent Threats (APT) and zero-day vulnerabilities by using machine learning.

While the discussion was in its early stages, the outcome was very fruitful, mostly involving potential VM requirements for the host of the CARMEN tool, server and hypervisor specs, the established communication protocols specialised in traffic analysis , the data volume and frequency that will be made available for analysis, the use of syslog for information displayed,  as well as potential challenges to be aware of for the effective use of the tools.

HEDNO has already proceeded with equipment installation on the pilot site infrastructure for the scope of the R2D2 Project. Technologies, which have already been installed on the pilot, are the following ones:

Surveillance cameras at HV/MV substation for protection against physical attack

HEDNO has already successfully proceeded with the procurement and installation of 4 CCTV cameras, which have been installed on Magiko HV/MV substation. All CCTVs have been presented to partners during the 2nd R2D2 plenary meeting, which was held in Xanthi in June 2023. CCTVs are expected to contribute to physical substation security, by providing real time images to EMMA product, which will conduct image analysis, followed by possible alerts to the DSO.

Thermal camera at HV/MV substation

A thermal camera has already been procured by the local department of HEDNO, which will be used for both infrastructure inspection in parts of the aerial distribution network, as well as for inspection in certain parts of Magiko HV/MV infrastructure.

Re-usability of past EU Projects’ equipment

9 SLAM metering devices installed on HEDNO Xanthi premises during X-FLEX Project, will also be part of R2D2 Project, as data from those high-frequency metering devices are expected to contribute to C3PO algorithms and energy data tokenization on the edge.

5 AMI devices installed on certain MV/LV substations in the pilot site during X-FLEX Project, are expected to share data to C3PO algorithms during the R2D2 Project.

HEDNO successfully organized the 2nd R2D2 Project plenary meeting, which was held in Xanthi city during 07-08 June 2023. The purpose of the meeting was twofold:

The first day was dedicated to partners’ presentations around the Project progress, where all pending issues were successfully discussed.

Another day was dedicated to the Xanthi pilot visit, so as all participants could be informed about the technologies and infrastructure utilized from HEDNO, for the scope of the Project.

Firstly, a visit to the local department of HEDNO took place, where the basic HW infrastructure, such as SCADA system was presented, followed by an on-site demonstration of assets that were installed in the pilot, such as SLAM metering devices and AMI in a secondary underground substation.

Furthermore, an on-site visit to Magiko HV/MV substation was scheduled, where the basic infrastructure of the primary substation of the pilot was shown, followed by a demonstration of the 4 CCTVs installed in the perimeter of the substation building.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.


SCC Participates in MVS Security Webinar Organized by ENTSO-E

SCC Participates in MVS Security Webinar Organized by ENTSO-E

On 25th April, SCC, a partner in the R²D² project, participated in the MVS Security Webinar organised by ENTSO-E. This working group monitors the information security status of all entities that access the OPDE platform, where confidential data about the forecasted power system network state is exchanged. This exchange of network models is fundamental to all RCC tasks, so predefined information security control measures must always be met. This group ensures compliance with these measures for all participants in the process.

The group holds regular monthly online meetings to share updates on ongoing information security activities, discuss potential security issues, and review the status of the annual audit process. During these meetings, the R²D² tool OPDE Risk Register, which provides new functionalities to improve the submission and communication of OPDE risks, is also discussed.

OPDE Risk Register Tool

SCC presented the R²D² project and its OPDE Risk Register Tool. This tool is designed for Regional Security Coordinators (RSCs), like SCC, to periodically communicate their risks to ENTSO-E, a requirement for RSCs. Currently, this process is done in a nearly “homemade” manner, which is prone to errors and failures. The OPDE Risk Register tool streamlines this process by allowing risks to be communicated and updated directly to ENTSO-E through a repository interface, thereby automating and accelerating the process and eliminating the need for emails and attachments.

Live Demonstration and Expert Feedback

During the webinar, SCC saw a live demonstration of the tool. Information security experts in attendance had several questions related to:

  1. Integrating external tools with the central OPDE Risk Register tool;
  2. Including risks related to other security plans, not just the OPDE Security Plan;
  3. Different ideas about the relationship between risks and communication regarding those risks.

An ENTSO-E representative expressed satisfaction with the tool’s functionalities and mentioned that the OPDE Risk Register would be considered as a potential tool for official use. The presentation was recorded, and further comments from other ENTSO-E experts are expected after they review the video in the coming months.

The MVS Security Webinar provided a valuable platform for discussing the R²D² project and the OPDE Risk Register Tool. SCC’s participation highlighted the importance of secure and efficient risk communication processes within the ENTSO-E network. The feedback from information security experts will be crucial in refining the tool and ensuring it meets the stringent requirements of the energy sector.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.


Impact assessment regarding UC “Validation of network model integrity”

Impact assessment regarding UC “Validation of network model integrity”

During the R²D² plenary meeting in Ljubljana, representatives of GUARD (Priit Anton and Mihkel Väljaots), EMSS (SrđanSubotić) and SCC (Dušan Prešić) took the opportunity to organise a side meeting to discuss future demonstration activities and impact assessment regarding UC “Validation of network model integrity”.

The goal of this UC is to increase cyber security and maintain network model integrity by using KSI Blockchain technology to create a signature file – a unique cryptographic proof that protects the integrity, signing time and signing identity of the network model so that TSOs and RCCs could be sure that some third actor (or error) did not change metadata of the network model during its transfer of storage.

The meeting was very fruitful since two demonstration scenarios (green and red) are sketched. Also, several attack points are detected based on the current business process that is implemented on the TSO and RCC side regarding the processing of network models.

Finally, some potential financial impacts were discussed during the meeting, including reputational impact for TSOs or RCCs in case of network model integrity issues.

The outcomes of this meeting will be reflected in future R²D² deliverables.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.


Cyber Noesis honoured with the Gold Cyber Security Award 2024

Cyber Noesis honored with the Gold Cyber Security Award 2024

We are delighted to announce that Cyber Noesis has been honored with the Gold Prize at the Cybersecurity Awards 2024 in the category of Cyber Security Projects &Services / IoT Security, for its involvement in the R2D2 project.

On Thursday, February 8, 2024, the Cyber Security Awards 2024 Winners Ceremony took place at the Sofitel Athens Airport, attended by the Greek Minister of Digital Governance, Dimitris Papastergiou. The awards focus on cybersecurity and digital security management including the fields of Critical Infrastructure and Public Infrastructure.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.