Contact us
projects

PHOENIX

energy cybersecurity critical infrastructures
AA

Is the electricity grid really robust? To what degree?

Our daily life is based on a by-now obvious principle: we can always take advantage of electricity, water, means of transport, telecommunication, ATMs, commodities.

Yet on the night of September 28, 2003, a fallen tree in Switzerland triggered an incredible domino effect, leaving Italy and part of Switzerland “blocked and isolated”. On that night, we became aware of the limits in which we find ourselves in the absence of electricity.

Today, more than ever, the dynamism of the modern world enriches and complicates the scenario. If on the one hand it allows us to correlate the various critical infrastructures, on the other it enriches them with a massive deployment of intelligent objects that we commonly include in the broader concept of the Internet of Things (IoT).

The union between the IoT and the electrical infrastructures creates a wide variety of worlds, ranging from the automation of the smart city or factories, paving the way for new smart electricity networks interconnected and firmly intertwined with other systems.

The electricity grid is by definition critical, since it is fundamental to a myriad of services of primary importance for any nation. In this important infrastructure, old generation equipment and software coexist with the new generation IoT devices. The latter have been designed to innovate, but very often they are implemented with little attention to security checks. Many of these objects have made the electrical system both effective and extremely vulnerable.

In the PHOENIX project, CyberEthics Lab. identifies the fundamental principles, based on the European legislation such as the General Data Protection Regulation and the NIS Directive on cybersecurity of critical infrastructures, for the protection of the energy consumers privacy, for the definition and implementation of a cybersecurity strategy for smart electrical networks efficient, and for adequately identifying zero-day vulnerability scenarios.

Its innovative character gives PHOENIX the ability to scientifically determine the normal operating condition for each particular environment – which includes millions of online connections in continuous evolution – and, at the same time, to early-detect system anomalies that could be extremely harmful, taking human activities (intentional and unintentional, internal and external) into account, in order to quickly mitigate them.

The researchers of CyberEthics Lab. have therefore developed a series of strategies aimed at defining a framework (ethical and legal in the first place, but at the same time technological) capable of protecting both the energy providers security and the consumers privacy, while avoiding, at the same time, interruptions in the flow of energy on the electricity grid at European level that could cause serious damages.

Website: https://phoenix-h2020.eu

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 832989.

Service involved

Assessment of technology impact on privacy
We help our clients and partners to achieve their business goals while addressing ethics, privacy and cybersecurity concerns in a manner that prevents conflicts, sanctions and loss of money derived by the lack of ethical and legal compliance to national and European applicable regulations. All information technologies must respect human fundamental rights and ensure the rights of people in relation to the protection of their private life, personal data and freedom. The new EU General Data Protection Regulation (GDPR) that replaced the Data Protection Directive in all EU member states on May 2018 introduces many new obligations for companies and a comprehensive set of rights for data subjects, including the right to an effective judicial remedy against a controller or a processor and the right to compensation. Therefore, in addition to being at the receiving end of an enforcement action, data controllers and processors may be subject to court proceedings and have to pay compensation to data subjects for their infringements of the GDPR. Our approach to help our clients to avoid this kind of issues consists of a holistic service composed by the following main components: providing a Data Protection Officer to drive the organization’s legal compliance action; mapping the data processed by the organisation to measure its impact on the ethical principles and legal framework; assessing the cybersecurity mechanisms used by the organisation technologies; conducting an impact assessment for all data processing mechanisms identifying ethical, legal and security risks; making recommendations for the implementation of the organisational and technical means to be compliant with the legal framework while ensuring data confidentiality (preserving authorized restrictions on information access and disclosure, including personal privacy and proprietary information protection), integrity (assurance that data is not modified or deleted in an unauthorized and undetected manner), availability (ensuring there’s timely and reliable access to and use of information) and accountability (supporting non‐repudiation, deterrence, fault isolation, intrusion detection and prevention, and after‐action recovery and legal action).
Responsible Research & Innovation
We love discovering and staying on top of new research to continuously advance our knowledge and to transform it into responsible innovation, taking into account effects and potential impacts on ethics, privacy and data protection. We help national and international partners to handle ethical, legal and cybersecurity concerns on both the research process and the project outcomes, through the legal support for the involvement of human beings in the research activity, the analysis of the national and regional legal framework applicable to the implementing technology and the recommendations for the secure and compliant development of technology. We are a multidisciplinary team that promotes the inclusion of legal and ethical concerns in the design of the technology, researching and producing new knowledge and best practices towards making a conscious and transparent adoption of technology.