Report on Pilot Use-Case 3 demonstrations
The IRIS project’s Pilot Use-Case 3 (PUC3) focuses on effective incident response and threat intelligence collaboration for critical cross-border smart grid threats. Amidst the critical significance of cybersecurity within the energy domain, PUC3 is dedicated to providing an infrastructure for testing, refining security measures and training cybersecurity experts in cross-border cities Tallinn and Helsinki.
PUC3 aims to enhance the security of energy infrastructures by evaluating the capabilities of the IRIS platform in mitigating cyber threats targeting cross-border energy smart grids and assessing the capabilities of IRIS Virtual Cyber Range to help train and exercise coordinated mitigation and prevention of threats. In order to present the progress of the IRIS project and gather stakeholders feedback on the pilot use-case, we organized two PUC3 demonstration sessions in 2024.
The focus of our first pilot round demonstration in April 2024 (online) was to evaluate the capabilities of the IRIS platform in detecting vulnerability risks and mitigating cyber threats that target energy smart grids. In this demonstration the focus was on components like Vulnerability Discovery Manager (VDM) and Risk Based Response and Self Recovery module (RRR). The feedback and learnings from the first round demonstration were used for designing the second round demonstration which was organized in collaboration with the PUC2 demonstration as a hybrid event in Tallinn in June 2024 (see figure below).
This time separate presentations were given on IRIS-Enhanced MeliCERTes Ecosystem (EME) and VCR to present available functionalities and iterations in the components from the first to second round. Also the demonstration included presentations of components that were not part of the first round demonstration, namely SiVi and Modbus Honeypot. The figure below showcases the PUC3 and relevant components in relation to IRIS general architecture.
The second round demonstration focused particularly on highlighting capabilities of the IRIS platform to run incident response training for critical infrastructure operators, CERTs and CSIRTs. Also the user story for the PUC3 demonstration was expanded to highlight the cross-border aspects of the use case. The logic behind connecting the infrastructures of Tallinn and Helsinki in PUC3 is to simulate a cross-border energy system where Tallinn serves as the energy distribution part and Helsinki as the consumption end. This setting allows for a realistic simulation of the energy flow between the two cities, enabling the evaluation of cybersecurity and privacy risks and collaboration between different stakeholders in a case of security threats in the energy system.
Demonstration participants included national CERTs, SMEs working in the cyber security field and energy companies as critical infrastructure actors. During the demonstrations participants were enabled to provide feedback and also a social acceptance survey was conducted to gather critical feedback to reiterate future efforts and reflect the significance of the project work. Overall, the collected feedback was encouraging and reflected the importance to focus on collaborative efforts to mitigate cyber threats in the energy sector. The created scenarios were perceived as realistic and valuable for developing similar training exercises. In the second round demonstration, discussion was raised to also consider extending the VCR to people doing business operations as these are not only critical for running operations but working as intermediaries between cyber security experts and customers and other business administration.