R2D2 Progresses Toward Its Final Year: Key Discussions Held in Paris
R2D2 Progresses Toward Its Final Year: Key Discussions Held in Paris
As the R2D2 project enters its final year, the consortium convened in Paris on November 19–20, 2024, for a critical Plenary Meeting. Hosted by RTE, this gathering focused on assessing the progress of innovations and refining plans for implementing the project’s use cases across its four pilot sites (Serbia, Greece, Spain and Slovenia).
This milestone meeting addressed vital project areas, including dissemination strategies, tool integration, deployment, and the validation of solutions. Special emphasis was placed on the demonstration activities for use cases such as operational planning tools, crisis handling for cascading effects, wildfire impact simulations, and dynamic cybersecurity risk assessments among many others. Partners discussed the status of these use cases, challenges faced, solutions proposed, and the next steps to ensure their successful execution.
The R2D2 project has made significant progress in standardization and recommendations by identifying relevant legislation and standards for its products, along with challenges and gaps for compliance and operation. Solutions were proposed to enhance legislation and standards, while addressing interoperability issues and applying security-by-design measures. Additionally, the project aligned its efforts with the objectives of the Digitalising the Energy System – EU Action Plan, contributing to a more secure and standardized energy ecosystem.
Spotlight on Cybersecurity
A dedicated session led by CyberNoesis highlighted the importance of addressing cybersecurity in energy systems. During this session, partners were introduced to the Self-Assessment Tool, as part of the PRECOG product (Prevention Systems For Energy Infrastructures Security). This tool is specifically designed to help Electric Power and Energy Systems (EPES) operators enhance the security of their supply chain practices and identify any possible gaps in their security controls regarding their supply chain practices. Once these gaps are identified, EPES operators can use the insights to develop actionable plans to implement the necessary controls. The tool also supports defining good vendor management practices, such as supplier qualification and auditing, which operators can adopt to strengthen their supply chain security. By leveraging these measures, EPES operators can effectively identify and mitigate security risks, reduce the likelihood of cyberattacks, enhance resilience to disruptions, and safeguard critical assets.
Now fully deployed, this tool is now ready to support stakeholders in strengthening their cybersecurity frameworks. From now, R2D2 partners will test the tool to ensure its effectiveness in practical scenarios and provide valuable feedback.
The session also highlighted CyberNoesis’s efforts to finalize a demonstration plan aimed at engaging EPES stakeholders and ensuring the tool’s practical application. Recorded for wider accessibility, the session provided valuable insights into the tool’s capabilities and broader cybersecurity challenges. A recording of the session will be made available soon.
Replay the recorded session:
The Case for Open Source
RTE partner brought an expert on Open Source, Boris Dolley – Head of Open Source Program Office and Sustainable IT, who provided an inspiring perspective to the meeting by advocating for open-source principles in software development. As energy systems grow more complex, with distributed renewable energy sources, electric mobility, and third-party smart services, solutions must evolve to monitor, control, and optimize these networks effectively. Boris encouraged the consortium to embrace a cultural shift “move from ‘control and forbid’ to ‘motivate and enable’: foster openness, trust in technical communities, and collaboration to create value and drive innovation.” This sparked a robust debate among attendees, highlighting the opportunities and challenges of adopting open source in the energy sector.
Beyond the project
Finally, a discussion took place regarding the exploitation plans for the various products of R2D2. While a preliminary plan was defined by partners at the beginning of the project, efforts are now being focused on refining and implementing it. Partners have already defined the intellectual property and are currently working on identifying and detailing the Key Exploitable Results (KERs). Internal discussions are ongoing to finalize the identification and definition of these KERs. The next steps involve outlining the exploitation intentions, conducting a thorough characterization and risk assessment, exploring use options, and defining a comprehensive roadmap. Additionally, recognising the importance of replication and scalability in this process, partners have developed a scalability questionnaire to support this analysis.
Further information:
info@r2d2project.eu
This project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.
Unlocking the Power of Threat Hunting in OT Environments
Unlocking the Power of Threat Hunting in OT Environments
In today’s ever-evolving digital landscape, industrial systems and critical infrastructures are more exposed than ever to cyber threats. Since the arrival of the Industry 4.0 paradigm, both Information Technologies and Operational Technologies (IT and OT) coexist, and APT groups and cybercriminals take advantage of vulnerabilities in either of these two technologies to cause damage to these industrial infrastructures or to the society itself, which relies on them.
Threat hunting is a complex process carried out by cybersecurity experts to detect the presence of the above-mentioned Advanced Persistent Threats (APTs). This process usually entails inspecting network traffic, analyzing user and application logs, and correlating all that heterogeneous information in search of indications of the presence of any threat or potential vulnerability in the system.
CARMEN, the tool developed by S2 Grupo in collaboration with Spain’s National Cryptologic Centre to identify compromises by APTs, is one of the tools cybersecurity experts can use in the threat-hunting process. CARMEN covers both IT and OT traffic, providing comprehensive threat visibility that enables early detection of vulnerabilities and anomalies in industrial control systems. Proactive threat detection in OT environments enhances overall security, improves incident response, and minimizes operational disruptions. Furthermore, it enhances asset visibility, inventory management, compliance adherence, and cost reduction. Ultimately, this adaptation future-proofs security measures, ensuring the safeguarding of critical infrastructure in our ever-evolving digital landscape.
As part of the R2D2 project, S2 Grupo has begun expanding CARMEN’s capabilities for analyzing OT traffic by developing new capabilities for data ingestion and threat detection. These developments will include the creation of new specific protocol dissectors for CARMEN, such as MQTT, ICCP 60870-6/TASE.2, IEC 60870-5-104, or Modbus, as well as new pre-processing and aggregation capabilities to reduce the amount of information to be processed and its inner variability. These developments will enhance CARMEN’s ability to carry out a more in-depth analysis of network traffic at different levels and to improve its detection capabilities, including both signature-based and anomaly-detection-based methods.
Additionally, new capabilities aimed at APT and zero-day threat detection using Machine Learning techniques are being developed for CARMEN within the scope of R2D2. This approach is based on modeling and characterizing tactical and operational intelligence, allowing for the comparison of suspicious actions. This way, APT groups can be clustered based on the tactical and operational intelligence they employ when attacking a system. As a result, when anomalous behavior is observed and detected, it’s possible to match this behavior against each APT group cluster, assess the possibility of being under an attack carried out by one of the APT groups in these clusters, and raise an alert. Furthermore, this approach allows for alerting cybersecurity analysts about other actions typically associated with these APT groups so that they can search for any of these actions if they haven’t been noticed before or be prepared for the next stages of the attack.
This developmental milestone and new feature have received substantial acclaim, especially at events like the Navaja Negra Conference, held in Spain in October 2023. The enthusiastic approval from both attendees and experts underscores the significance of this advancement in threat-hunting technology.
Further information:
Ugo Stecchi (Project coordinator)
This project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.
EMMA-SURVEILLANCE: Enhancing Substation Security with AI-Powered Visual Detection
EMMA-SURVEILLANCE: Enhancing Substation Security with AI-Powered Visual Detection
Within the context of the R2D2 project, an innovative tool known as EMMA-SURVEILLANCE is currently in development to bolster the security of critical facilities located in electrical substation transformer centers. This solution integrates an artificial vision algorithm that has been honed by retraining the well-known YOLO (You Only Look Once) model. This algorithm is equipped with the ability to efficiently detect fires, smoke, and the presence of animals in the vicinity of the substation. The purpose of identifying fires and smoke is to promptly alert personnel to potential emergencies, ensuring a swift and effective response. Furthermore, recognizing animals is of utmost importance, as many of them tend to come into contact with the substation structures, posing the risk of electrocution and causing significant disruptions to the electrical system. This model will be deployed in a stationary camera situated within the corresponding pilot substation.
In this initial phase, the algorithm has exhibited remarkable precision, achieving an F1 score of 0.84. This achievement is particularly noteworthy, especially when considering the project’s early stages. As the next steps, the plan involves expanding the dataset, with the objective of collecting more images of fires and smoke to enhance the model’s accuracy. Concurrently, the load testing phase will be initiated, assessing the model’s inference capacity when operating in a real camera and continuously processing real-time video streams. This process is critical to ensure that the algorithm can perform effectively without significant delays, thereby guaranteeing its practicality for real-time monitoring scenarios.
Some examples of recorded images of the AI-powered visual detection.
Further information:
Ugo Stecchi (Project coordinator)
This project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.