A central strategic concern of the European Union is ensuring the cyber security of the European electrical power energy systems (EPES). Especially in the context of the Green Deal, the stability and resilience of the European energy grids is essential to safeguard the interests of European citizens, businesses and administrations, and to protect Europe’s autonomy against internal and external threats.

The CyberSEAS project is a European Union funded collaborative project improving the cyber security of the European EPES. CyberSEAS has 3 strategic objectives:

• Countering the cyber risks related to highest impact attacks against EPES;
• Protecting consumers against personal data breaches and attacks;
• Increasing the security of the Energy Common Data Space.

All three objectives are equally important, since cyber-criminals are shifting tactics to favour multi-stage attacks in which stealing sensitive data is a precondition for the real attack, and enables them to maximise damage and profits (while traditionally infrastructure cyber-attacks used to be direct attacks to the machinery and typically targeted control systems, not data). Threat actors, especially large ones such as nation states, also carry out complex attacks that leverage supply chain dependencies, and this trend continues to grow. Likewise, with the transition to scenarios where users are proactively involved, prosumer data is becoming more and more sensitive.

CyberSEAS stands for Cyber Securing Energy dAta Services, and aims to improve the overall resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions, the extended involvement models of stakeholders and consumers as channels for complex cyber-attacks, the presence of legacy systems and the increasing connectivity of energy infrastructures, data stores and services retailers. To achieve these objectives, CyberSEAS delivers an open and extendable ecosystem of customisable security solutions. These solutions are validated through experimental campaigns consisting of 100+ attack scenarios, tested in 3 labs before moving out to one of 6 piloting infrastructures across 6 European countries.

Our role

Timelex is the legal and ethics partner in this three-year project, supporting the CyberSEAS consortium in the analysis of legal issues, including particularly data protection. As part of these tasks, Timelex identifies compliance challenges, and proposes solutions to mitigate potential legal risks. This includes the completion and maintenance of targeted data protection impact assessment for EPES use cases, and the creation of a data protection compliance manual for EPES security initiatives.