Led by Ingeteam, the Sec2Grid project will run until 2024 with an investment of €6.4M. It is part of the Hazitek 2022 program of the Basque Government.
The power grid is a complete and complex system, and the novelty of Sec2Grid is that it addresses its multiple services, infrastructures and equipment to develop cybersecurity measures that prevent possible attacks and vulnerabilities.
It also highlights the collaborative aspect of the project in which competing companies share knowledge and information on such a strategic issue as cybersecurity.
Participants: Ingeteam, Iberdrola, Arteche, Barbara IoT, Ormazabal, PwC, Zigor, ZIV, Ikerlan and the GAIA Cluster
The incorporation of new technologies and digitalization are transforming the electric grid into a Smart Grid infrastructure. This transformation entails new risks, as digitization exposes the energy system to cyberattacks and incidents that can threaten grid security. Electricity grid cybersecurity has therefore become a key element and one of the main challenges facing the industry.
Faced with this reality, 10 Basque entities have joined together in the Sec2Grid project, which started last year and will run until the end of 2024 with a budget of €6.4M. The objective is to provide the entire value chain of the electricity sector with the capacity to respond in a coordinated and rapid manner to cybersecurity incidents that may affect the electricity grid.
The overall result of the project will be an infrastructure created in a federated manner (carried out jointly and sharing the consolidated data of all participants), to support a service capable of intelligently searching for and finding vulnerabilities in all the components that make up the power grid, using artificial intelligence and other technologies. Once these vulnerabilities have been identified, the operator will obtain a clear view of them in order to analyze their importance, urgency of resolution, etc.
In this regard, the consortium reminds us that it is essential to address vulnerabilities that appear in the power grid over time before they can be used by potential attackers. It should be borne in mind that an attack on the power grid, which is one of the main infrastructures in a country, can have serious and unpredictable consequences in critical areas such as hospitals, banks, military infrastructures, police, etc.
The Sec2Grid Project is financed by the Hazitek 2022 program of the Basque Government, led by Ingeteam and with the participation of Iberdrola, Arteche, Barbara IoT, Ormazabal, PwC, Zigor, ZIV, Ikerlan and the GAIA Cluster. It therefore brings together manufacturing companies (which will develop their work in the design of the final devices and are knowledgeable about the product), R&D&I entities, cybersecurity solution providers and research partners.
The Sec2Grid project includes aspects such as:
- Design of advanced mechanisms for early detection of vulnerabilities. To this end, it is necessary to know and maintain each and every component deployed throughout the grid that is susceptible to some type of vulnerability. According to Ingeteam: "this has to be done in real time and in a federated or consolidated way. In cybersecurity, the weakest element in the chain is the one that sets the security level of the system. We need to cover the entire value chain," they say.
- It is also necessary to have risk analysis mechanisms in accordance with the characteristics of the electrical networks. These risks are the ones that can be used to make the appropriate decisions on how to act. Risks must be assessed taking into account the entire system.
- In addition, we must be able to correct the problems detected, testing in an agile way and deploying the developed solutions through secure mechanisms. "Challenges can arise at this stage that are not easy to address when we are talking about equipment operating in critical infrastructure."
Throughout the project, different solutions will be developed and deployed as a proof of concept or pilot within Iberdrola's Global Smart Grids Innovation Hub (GSGIH) in Bilbao, from where the company will be able to collect information and check for vulnerabilities.
The project will also generate new knowledge that will enable innovation in disruptive technologies and solutions to address the challenges of cybersecurity in the electricity sector.
Collaboration to go further
A peculiar feature of the project is its collaborative spirit. "We are a consortium of companies that significantly represent the value chain within the power grid, and we are working together to address the critical issue of cybersecurity. It should not be forgotten that many of the companies that make up the consortium are direct competitors, and collaborating in this way is unusual," the consortium stresses.
In this sense, they add that having frameworks such as HAZITEK and clusters such as GAIA that promote this type of collaboration and that serve to join forces, not only in the field of resource optimization, but also in the field of knowledge, "allow us to row in the same direction, obtain more enriching results and go further in specific areas such as cybersecurity."
