Cybersecurity Risk Assessment Framework for Externally Exposed Energy Delivery Systems

Securing the energy delivery system (EDS) from complex, nonlinear, and evolving cyber threats requires a complex set of changing and interwoven classes of technologies, policies, relationships, and personnel. One key area in this technological milieu is assessment methodologies to compare information, gathered by a variety of means, about networked devices with publicly known possible threat information about said devices. This information is used to generate risk-based characterizations that allow for the adjudication and proper corresponding management action chains to be assigned. \color{blue}To address the current cybersecurity needs in the operational technology (OT) domain, we developed a novel relative-risk assessment framework and a software application called MEEDS that can detect exposed OT systems. This paper presents the detailed architecture of relative-risk assessment framework methodology and its integral role in the MEEDS software. The efficacy of the presented framework is demonstrated by testing with the real-world systems and vulnerabilities pertaining to the industrial control systems (ICS) in critical infrastructures

SSI meets Metaverse for Industry 4.0 and Beyond

As the global industrial complex gears toward fulfilling the tenets of Industry 4.0 and beyond, technologies such as distributed ledger technologies, digital twins, and artificial intelligence become pivotal enablers. In the last decade, metaverse as a concept and technology found its place among crucial enablers for technology and digital advancement across several engineering domains. Metaverse has the potential to combine the elements from distributed computing platforms, the digital evolution of physical systems, and advanced learning systems to unearth a fully digitized world of comparative properties of the real world. We should ensure the privacy, integrity, and confidentiality of personal data. These requirements will lead to proper identity management in the metaverse. Given the complex nature of the metaverse, traditional centralized systems may not offer a viable identity management solution. Therefore, this study explores a decentralized identity management system called the Self-sovereign Identity (SSI) as a logical alternative to traditional centralized identity management systems. The proposed holistic framework aims to ignite new ideas and discussions related to the combined deployment of DLT, SSI, and metaverse to inspire new implementation areas within the Industry 4.0 environment. The paper also discusses various opportunities, enablers, technical \& privacy aspects, legislation requirements, and other barriers related to SSI implementation.</p

Cybersecurity and Privacy Aspects of Smart Contracts in the Energy Domain

Smart contracts (SCs) are a set of logical procedures that can be run by individual peers participating within a Distributed Ledger Technology (DLT) network. By design, smart contracts inherit many of the benefits of DLT, including its immutability, scalability and  security properties. Nevertheless, they may introduce additional attack vectors, which can lead to cybersecurity explorations that could jeopardize the end-application's ability to operate as intended or result in data leaks, and privacy violations. In this work an exploration of known problems, and possible attack scenarios will be presented. This is followed by a set of proposed best practices and mitigation strategies that are intended to assist developers, researchers and other relevant stakeholders to develop secure SC implementations. </p

Standardization of the distributed ledger technology cybersecurity stack for power and energy applications

The global trend towards the integration of distributed energy resources is opening the doors to advanced, complex, and distributed marketplaces. Such advanced ecosystems, where utility-owned and non utility-owned assets can contribute towards grid operations, generally require distributed communication and grid architectures, which can be supported by Distributed Ledger Technologies (DLTs). However, the potential of DLTs for long-term scalable solutions in operational technology applications has not been fully utilized, partly due to the lack of standardization across and between different DLTs, as well as other supporting building blocks (e.g., communication protocols). This paper attempts to address this gap by proposing a DLT cybersecurity stack specifically designed for researchers, DLT technology developers, and end users (such as utilities). The DLT cybersecurity stack has been notionally mapped to related cybersecurity components, namely: the Open Systems Interconnection (OSI) model, the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, and existing Smart Grid architecture frameworks. In addition, the paper discusses several cybersecurity implications, and demonstrates the potential uses of the DLT stack through multiple power and energy use cases. It is important to note that the stack can be also applied to the DLT use cases that are outside the power and energy domain. This work has been performed by the Cybersecurity Task Force under the IEEE P2418.5 Blockchain for Energy Standard working group that is stationed under the IEEE Power and Energy Society’s Smart Buildings, Loads, and Customer Systems (SBLC) technical committee