This deliverable proposes recommendations regarding the mitigation of cyber-physical risks of the bulk electric energy supply system. Nourished both by research developed within the scope of the CYPRESS project and by expertise shared by stakeholders from the regulated and non-regulated sectors, this deliverable is structured into two main parts: the first part presents the main research outcomes of the CYPRESS project, while the second part synthesizes the expert sharing exposed during the workshop series. This deliverable finally discusses points of convergence between the different sources, and to this respect, identifies - among others - the question of the interplay between the use of new technologies and the human factor. This includes, for instance, the development of decision support tools for human operators to help mitigating cyber-physical risks, or the design of real-time simulation tools to train operators, who remain the last line of defence against cyber-physical attacks.
The CYPRESS project, which started in November 2020, aims to develop novel knowledge, methods, and tools needed to help ensure supply security through the transmission grid, while accounting for the specific nature of cyber threats and integrating them into a coherent probabilistic risk management approach. It is articulated along three research themes, aiming to develop: (i) novel models and benchmarks for computer simulation and laboratory testing of the cyber-physical electric power system security of supply, (ii) techniques for assessing the cyber-physical security of electric energy supply, and (iii) techniques for enhancing the cyber-physical security of electric energy supply (also known as mitigation strategies).
The objective of this deliverable is to identify recommendations that come out of the CYPRESS project for mitigating cyber-physical threats and which may target electric power system stakeholders who collaborate with TSOs. More concretely, the recommendations provided in this deliverable have been nourished through two main channels: the first channel is the fundamental research itself, which was elaborated within the CYPRESS consortium. The second channel is the expertise of stakeholders who have shared their views during two workshops. After exposing the key points of each source of information, we synthesize some essential recommendations, trying to keep them as non-technical as possible, to finally try to discover common denominators among all recommendations. Among those, the interplay between the human factor and new technologies stands out as a keystone. We identify at least two types of such interplays: first, the design and integration of technologies dedicated to support human decision making, and second, the use of real-time simulators to train operators and increase their intrinsic skills to react to cyber-physical attacks. Finally, while being more related to the evaluation of mitigation strategies rather than on their design, the use of simulation and co-simulation platforms plays an important role in the overall process of enhancing cyber-physical security.
The rest of this deliverable is organized as follows: relying on the deliverables and publications produced during the project, Chapter 2 presents a recommendation-oriented synthesis of the CYPRESS project regarding the mitigation of cyber-physical risks of electric power systems. Chapter 3 synthesizes the stakeholders’ views shared during the workshops. Chapter 4 discusses some common denominators between elements detailed in Chapters 2 and 3, while Chapter 5 concludes the paper.
