Security and privacy management

As a part of the critical infrastructure, the electricity grid is an essential asset to protect from threats such as cyber-attacks from criminals, terrorists and other potential intruders. Therefore, critical infrastructure cyber-security and current relevant standards have been taken beyond state of the art and adapted to the smart-grid case in order to protect the communication between Home Energy Management System, Aggregator and DSO.

High degree of privacy

Furthermore, the system offers a high degree of privacy to protect consumer data, and SEMIAH ensures that requirements, designs, and implementations of software, hardware, communication protocols and data handling are in accordance with the intention of creating a privacy preserving smart grid solution.

The SEMIAH architecture consists of a host-based intrusion detection system (OSSEC) running on the home energy management gateway, as well as on a cloud-based security and privacy service that mirrors messaging system in the Front-end server, and a Security Operations Centre running the security incident and event management system Prewikka/PreludeIDS.

Privacy policy management is based on the reversible anonymiser as well as XACML policy development using our Smalltalk-based user-friendly policy editor ViSPE. This allows different stakeholders and services to access sensitive data in SEMIAH according to their operational need as well as according to the requirements from a privacy impact assessment.