Conclusion of the "MEDIT" project - IT Security Technologies for Energy Networks.

Given the critical nature of the energy supply infrastructure, IT security plays a crucial role. The BMWK research project "MEDIT" focused on developing comprehensive approaches and technologies for the prevention, detection, and response to IT attacks and failures specifically for energy network actors. The results of the project were presented during the public final project meeting on January 20, 2022.

The public online project closing meeting took place on January 20, 2022.

German grid operators are facing significant challenges due to the energy transition and the associated digitalization. Specifically adapted IT security technologies are required.

In the BMWK project "MEDIT," methods for energy grid actors to detect, prevent, and respond to IT attacks and failures were developed by Fraunhofer FIT, Fraunhofer FKIE, Schleswig-Holstein Netz AG, devolo AG, umlaut AG, KISTERS AG, RWTH Aachen, and Hochschule Bremen. The digital project closing meeting, attended by various stakeholders from the industry, took place on January 20, 2022.

Development of IT Security Technologies for the Energy Industry

A wide range of interrelated methods in the field of IT security technologies were developed as part of the project. Various general and technology-specific approaches, such as in the field of Power Line Communication, were examined for monitoring the ICT infrastructure of actors. The result is a comprehensive approach to observe and evaluate the state of the ICT network, which assesses the quality of the overall system and its components and allows for georeferenced visualization. By conducting a root cause analysis, error sources that would otherwise go unnoticed can be identified. This approach can be utilized as a vital component of asset management and diagnosis in the ICT domain, providing additional transparency in the operation of the ICT system.

In addition, multi-stage, interdisciplinary approaches to detect cyber attacks were developed based on both energy-related and information technology knowledge, specifically targeting the detection of IT security incidents in the process network. Fraunhofer FIT placed a particular focus on deep packet inspection of the SCADA protocol IEC 60870-5-104. In the early stages of detection, reliable indicators of attacks and anomalies are identified based on the normal behavior of the protected systems, allowing for inferences about cyber attacks or faulty conditions in the system. Using this information, the indicators are subsequently contextualized and evaluated to create a situational representation of the IT security posture, with the aim of reconstructing multi-stage cyber attacks.

Responding to security incidents requires not only technologies but also operational guidelines with recommended actions. Therefore, within the project, a guide for technical personnel was developed, providing concrete recommendations for the step-by-step identification and remediation of causes based on operational observations. Indicators of disruptions, which can be observed by the responsible personnel, arise from both regular grid operation and the developed monitoring and attack detection systems. Additionally, an exercise environment developed by Fraunhofer FKIE within MEDIT allows for the application of the guide in various test scenarios, encompassing different disturbance and attack scenarios. The associated guide is freely available on Fraunhofer-Publica.

Research and Validation Environments for Future Distribution Grids

The laboratory at RWTH Aachen was expanded to include ICT for process networks of grid operators, as well as smart meter gateway infrastructure. A corresponding field-like environment was set up at Schleswig-Holstein Netz AG to facilitate practical validation of the technologies developed in MEDIT. Furthermore, the laboratory environment was augmented by Fraunhofer FIT with a co-simulation environment for energy and ICT networks, enabling a scalable approach to generating plausible normal and attack data for the process network. This supported the development of domain-specific approaches for attack detection.

For further information visit the poject website or contact us.