Cybersecurity Compliance in the Energy Sector (CybErgy)

The energy sector is one of the favourite targets of cyber criminals. This is particularly true for small and medium-sized energy utilities. While their core competency is energy supply, they often lack the resources, expertise and skills to implement comprehensive cybersecurity measures. This is particularly critical as disruptions to energy infrastructure can cripple entire economies.

The practical cybersecurity challenges faced by small and medium-sized energy utilities are exacerbated by the NIS2 Guidelines. For many (new) standard addressees, this is the first time that a concrete, legally binding minimum level of technical cybersecurity measures has been defined. This makes cybersecurity measures an element of legal compliance.

In order to support energy suppliers in the legally compliant implementation of NIS2, the CybErgy project is developing a metric system specifically for the verification of NIS2 requirements in the energy sector. This will continuously monitor the effectiveness of cybersecurity, assess compliance with legal requirements and provide practical recommendations for action.

Project Coordinator: Dr. Annika Selzer


Real-time Automated Attack Isolation for Smart Home Energy Systems (HomePPSec)

With the energy transition - away from fossil fuels and towards renewable energies - electricity generation in private households is growing exponentially. Homes are becoming mini power plants (HomePP), controlled by intelligent energy management systems and, most importantly, managed by the residents themselves. However, this technological change comes at a price: it creates significantly more targets for cyber attacks, as every single networked component, every control system and the communication between them represents an additional potential attack surface. Attacks on a HomePP can have serious consequences for individual residents and the entire electricity grid.

The ATHENE project HomePPSec therefore aims to develop an intelligent attack detection and isolation system that is tailored to the operating parameters of a HomePP. The isolation of attacks must not cause the energy flow in the HomePP to become unstable, nor must it affect the stability of the power grid. And, of course, the occupants of the house should notice as little as possible.

The new safety and isolation concepts will first be tested in a live testbed and then scaled up in a simulated microgrid consisting of several interconnected HomePPs. This can interact with the grid either as an autonomous energy island or as a virtual power plant.mit dem Stromnetz interagieren.

Project Coordinator: Dr. Thorsten Henkel


Trustworthy Power Electronic Converters for the Secure Operation of Active Distribution Grids (TrustedPowerCon)

Decarbonization and cost reductions have driven a rapid increase in decentralized power generation, mainly through solar photovoltaics (PV). In 2022, over 10% of Germany's electricity came from PV. Simultaneously, electric vehicles (EV) and heat pumps (HP) are expanding to balance solar energy fluctuations. Together, they form future active distribution grids.

PV systems, EVs, and HPs use power electronic (PE) converters to connect to the grid. These converters, unlike traditional generators, can be programmed which allows fine grid control. However, their secure operation is crucial for future power systems.

PE converters are produced by diverse manufacturers and are typically connected to suppliers' IoT platforms for monitoring and updates, posing cybersecurity risks. Without an "air-gap," these devices are vulnerable to various threats, potentially leading to grid instability. Yet, most existing cybersecurity measures focus on grid operators, leaving privately-owned distributed devices less protected.

This project will analyze PE converter security, integrating electrical engineering and IT security to develop improved defense mechanisms, ensuring grid resilience against cyber threats.

Project Coordinator: Prof. Florian Steinke