Ten Basque Companies join together to develop solutions that protect electricity grid from cyber-attacks

Under the name SEC2GRID, Barbara together with Ingeteam, Iberdrola, Ormazabal, Arteche, PwC, Zigor ZIV, Ikerlan and the GAIA Cluster will provide cybersecurity to the electricity grid. A collaborative framework composed of competing companies that will extend to 2024 with a total investment of €6.4 million.

Written by:

The incorporation of new technologies and digitalisation are transforming the electricity grid into a smart infrastructure (Smart Grid). This transformation entails new risks, as digitalisation exposes the energy system to cyberattacks that can threaten the security of the grid. The cybersecurity of the electricity grid has therefore, become a key element and one of the main challenges fo the energy sector.

In this regard, 10 Basque entities have joined forces in the SEC2GRID project, which was launched last year and will run until the end of 2024 with a budget of €6.4 million.

The aim is to provide to the entire electricity value chain with the capacity to respond in a coordinated and rapid manner to cybersecurity incidents that may affect the electricity grid.

Led by by Ingeteam and with the participation of Iberdrola, SEC2GRID is part of the Basque Government's Hazitek 2022 programme.

A Federated Infrastructure to share the consolidate data of all participants

The overall result of the project will be an infrastructure created in a federated manner to support a service capable of intelligently searching and finding vulnerabilities in all the components that make up the electricity grid, with artificial intelligence and other technologies.

Once these vulnerabilities have been identified, the operator - Iberdrola - will obtain a clear vision of them in order to analyse their importance, urgency of resolution, etc.

In this respect, the consortium reminds us that it is essential to address vulnerabilities that appear in the electricity grid over time before they can be used by potential attackers. It is worth having in mind that an attack on the electricity grid, which is one of the main infrastructures in any country, can have serious and unpredictable consequences in critical areas such as: hospitals, banks, military infrastructures, police, etc.

Within the framework of the SEC2GRID project, the following aspects have been considered:

1 - Design of advanced mechanisms for the early detection of vulnerabilities. To this end, it is necessary to know and maintain each and every one of the components deployed throughout the grid that are susceptible to some type of vulnerability. As Ingeteam explains, "this must be done in real time and in a federated or consolidated manner. In cybersecurity, the weakest element in the chain is the one that determines the level of security of the system. It is necessary to cover the entire value chain," they state.

2. It is also necessary to have risk analysis mechanisms in line with the characteristics of electricity grids. These risks are the ones that can be used to make the appropriate decisions on how to act. Risks need to be assessed taking into account the whole system.

3. In addition, it is necessary to be able to correct, test in an agile way and deploy through secure mechanisms the identified problems. "In this phase, challenges may arise that are not easy to address when dealing with equipment operating in critical infrastructures.

Throughout the project, different solutions will be developed and deployed as a proof of concept or pilot within Iberdrola's Global Smart Grids Innovation Hub (GSGIH) in Bilbao, so that Iberdrola will be able to collect information, check vulnerabilities and thus, incorporate risk analysis into its grid.

The project will also generate new knowledge base that will enable innovation in disruptive technologies and solutions to address the challenges of cybersecurity in the electricity sector.

A Consortium some competitors, to go even further

One feature of the project is its collaborative spirit. "We are a consortium of companies that significantly represent the value chain within the electricity grid, and we have set to work together to address a problem of prime necessity such as cybersecurity". It should not be forgotten that many of the companies that make up the consortium are direct competitors, and collaborating in this way is unusual", the consortium stresses.

In this sense, having frameworks such as HAZITEK and clusters such as GAIA that promote this type of collaboration and serve to unite forces - not only in the field of optimising resources, but also in the field of knowledge - "allow us drive in the same direction, obtain more enriching results and go further in specific areas such as cybersecurity in this case".

Iberdrola's participation as the driving force behind the project is also fundamental. "It is the grid manager and knows better than anyone the existing problems and their needs. Having it in the project consortium is key to being able to identify the real needs and requirements, review and approve all the actions carried out throughout the project and validate the solutions developed. Being incorporated into the project as an additional partner allows us to direct the activities so that the result of the project is optimal," conclude the consortium members.