REEFLEX creates cybersecurity and privacy framework

The Horizon Europe REEFLEX project has reported completing a cybersecurity and privacy framework for compliance in demand side flexibility markets.

The framework is based on the ISO27001 security standard and has been shaped by a review of relevant European legislation, including the GDPR regulation on personal data and the NIS and NIS2 cybersecurity directives.

A key aspect of the project, the framework establishing clear guidelines and protocols for managing sensitive data and integrating robust security measures is considered critical to ensuring secure communication in large-scale, interoperable and scalable energy systems.

With this the project aims to contribute to the creation of a secure and resilient digital environment across the EU, aligning with European cybersecurity objectives.

Have you read?
Utilities saw cyberattacks spike this year. Can they stay safe?
Energy Transitions Podcast: Cybersecurity innovation at the core of digital transformation

The REEFLEX (REplicable, interoperable, cross-sector solutions and Energy services for demand side FLEXibility markets) project, now approaching the end of its second of three years, is focussed on creating opportunities for innovative cross-sector energy services and greater consumer participation in demand side flexibility markets.

The effort in developing the cybersecurity and privacy framework is reported to have led to significant improvements in the privacy of various project components, such as aggregation algorithms and the data platform.

Communications has been secured across software and hardware components where needed and robust anonymisation and privacy mechanisms have been implemented to protect sensitive information from service providers and clients, all while ensuring the full functionality of the system.

Other techniques that have been implemented to address the security concerns of data assets of project partners, based on analysis to identify those that could potentially compromise user security, have included encryption, pseudonymisation and secure data silos.

In particular, REEFLEX hardware from several manufacturers, including Circe’s EnergyBox, Certh’s FEID gateway, Betteries’ second life batteries and multiple appliances from Arcelik, have been strengthened from the cybersecurity perspective.

REEFLEX next steps

The next steps for the REEFLEX project will advance through several key phases, focused on the development and refinement of the technical solutions and the demonstration and replication campaigns that will validate and scale them.

Demonstrations are taking place in four countries, Spain, Greece, Switzerland and Bulgaria, with replication in a further three countries, Turkey, Portugal and Denmark. This is to allow evaluation of their impact under alternative scenarios and integration of a variety of sectors, including residential buildings, mobility, commercial establishments, industrial sites and data centres, as well as to enable their wider coverage.

As the project progresses, the framework is expected to continue to shape the development and deployment of the REEFLEX solutions, given the high priority of maintaining high cybersecurity and data protection standards.