This scenario complicates the proactive detection of potential vulnerabilities in deployed devices. It's important to consider that, when dealing with critical assets like power grids, the response times for patching—not resolving—are very long, given the critical nature of the grid's operation. Therefore, power grid cybersecurity has become a key element and one of the main challenges facing the sector.

In this context, the Sec2Grid project, funded by the Basque Government's Hazitek 2022 program with a budget of €6.4 million, concludes this month. The project involves the collaborative work of companies that manufacture equipment for the electrical sector, cybersecurity solution and service providers, and consultants to establish mechanisms for proactively discovering potential vulnerabilities in devices that make up the smart grid. This collaboration integrates the entire value chain and provides a comprehensive view throughout the equipment's lifecycle.

Led by Ingeteam, the project involves Arteche, Barbara, Ormazabal, PwC, Zigor, ZIV, Ikerlan, and the GAIA Cluster. They have all collaborated to continuously and automatically analyze vulnerabilities that may appear in the equipment of participating manufacturers, information that is also made available to the other companies involved in the project. As Imanol García, Director of R&D Projects at Ingeteam, emphasizes, “This allows us to develop aggregated functionalities geared towards the electrical infrastructure, so that by sharing this information, risks can be analyzed globally and appropriately for the entire network.”

Along these lines, García explains that "if we can inform the electricity operators in advance where there may be potential problems on our end in the future, we can correct them before they appear."

Furthermore, within the framework of the project, mechanisms have been developed to monitor the equipment once it is deployed in the field, thus ensuring that the configurations and their operating mode are adequate and maintain the expected level of cybersecurity, so that they cannot be easily attacked.

Methodologies have also been developed for the secure deployment of corrections or patches, taking into account that some of the most common attack vectors exploit weaknesses in the supply chain, focusing on the mechanisms used to update equipment deployed in electrical networks. Therefore, work has been done on data models, encryption, attributes, and formats to enable authenticated, double-signed signed authorizations, and so on. “This ensures not only that the released version comes from the manufacturer with cybersecurity guarantees, but also that it has been tested and accepted by the electrical operator itself,” explains Imanol García.

Virtual infrastructure for testing

Similarly, the Sec2Grid project has enabled rapid testing on a virtual infrastructure located in Ikerlan (Arrasate). “All manufacturers have installed their equipment in this way and passed a series of cybersecurity tests that allowed us to test the changes made in less time than usual. To do this, we created an electrical operator infrastructure simulator, which incorporates the necessary functionality to test the implemented systems and where all participants have been able to conduct joint tests.”

The infrastructure has been designed so that it can be used by the companies that make up the consortium. “We will be able to carry out the tests internally as if we had an electrical infrastructure, generated based on a series of virtual machines and automated test sequencers that will test our equipment in an agile way,” they explain.

The entities participating in the project emphasize that one of its greatest successes has been the collaborative work, which has also been a significant challenge, requiring open collaboration despite being competitors. “The project has enriched us all immensely,” concludes Imanol García, Director of R&D Projects at Ingeteam.