REEFLEX is an EU Horizon project focused on creating opportunities for innovative cross-sector energy services within demand-side flexibility markets. A critical aspect of the project is the development of privacy and cybersecurity rules for the technical solutions provided, aligning with the objectives of the EU Cybersecurity Act. This legislation aims to strengthen cybersecurity across the EU, and REEFLEX ensures that its technical solutions adhere to its guidelines by prioritizing legal and regulatory compliance, particularly around data protection and network security.
This work was carried out as part of Task 2.4, titled “System’s Privacy and Cybersecurity Framework,” which aimed to develop a framework that not only complies with EU regulations but also aligns with the technical specifications of the provided solutions. The following paragraphs outline the key outcomes of this task.
Key Highlights: Strengthening Cybersecurity and Privacy
- Completion of Task T2.4 and creation of the Cybersecurity and privacy framework for the REEFLEX project
- Strengthened cybersecurity of REEFLEX hardware from several manufacturers (CIRCE, CERTH, ARCELIK and ENERBRAIN)
- Creation of security and privacy procedures for all project members.
- Compliance of the project with current security and privacy legislation
- Review of current legislation in different countries, including countries outside the European Union, regarding privacy and cybersecurity
Introduction to the REEFLEX Project: Innovating Energy Flexibility
The REEFLEX project focuses on developing innovative, cross-sector energy services within demand-side flexibility markets. By fostering innovation and increasing consumer participation, REEFLEX aims to enhance the flexibility of distributed energy resources (DERs) and optimize their use in flexibility markets, benefiting key stakeholders such as Distribution System Operators (DSOs). Ultimately, the project seeks to improve grid resilience and stability while enabling the optimal management of energy resources.
A key aspect of the project is the development of a comprehensive privacy and cybersecurity framework. This framework is critical to ensuring secure communication in large-scale, interoperable, and scalable energy systems. By addressing privacy and cybersecurity challenges, REEFLEX contributes to the creation of a secure and resilient digital environment across the EU, aligning with European cybersecurity objectives. The project’s work in this area plays a vital role in supporting the EU’s efforts to build a robust, secure, and efficient energy market.
Completion of Cybersecurity and Privacy Framework
For the past 12 months, our team has diligently worked to gather the necessary information and develop a comprehensive cybersecurity and privacy framework. This effort has led to significant improvements in the privacy of various project components, such as aggregation algorithms and the data platform. We have implemented pseudonymization measures and conducted thorough Data Protection Impact Assessments (DPIAs) to enhance data security.
Our partners have carefully analysed all data assets to identify those that could potentially compromise user security. We have addressed these concerns by employing techniques such as encryption, pseudonymization, and secure data silos.
The framework is based on the ISO27001 security standard and has been shaped by a review of relevant regulations, including GDPR, NIS, and NIS2. This regulatory alignment has guided the development of our cybersecurity and privacy framework, which will support the ongoing development of the project.
To date, we have successfully secured communications across software and hardware components where needed. We have also implemented robust anonymization and privacy mechanisms to protect sensitive information from service providers and clients, all while ensuring the full functionality of the system.
Impact on Stakeholders and Regulatory Compliance
The development of the cybersecurity and privacy framework has substantial implications for various stakeholders within the project, ensuring adherence to EU regulations, including the General Data Protection Regulation (GDPR).
The framework establishes clear guidelines and protocols for managing sensitive data, which enhances the project team’s adherence to best practices in cybersecurity and privacy. By integrating robust security measures, the framework builds trust and confidence among clients and users regarding the project’s commitment to protecting their data.
Compliance with EU regulations, particularly GDPR, underscores the project’s dedication to upholding legal and ethical standards, thereby mitigating risks related to legal penalties and reputational harm. The framework’s implementation has notably strengthened the security of various project components, including the EnergyBox developed by CIRCE, CERTH’s FEID gateway, Betteries’ Second Life Batteries, and multiple appliances from Arcelik.
The development process involved extensive engagement with stakeholders, including consultations and feedback sessions to ensure their needs and concerns were addressed. Additionally, a comprehensive literature review of relevant regulations and best practices informed the framework’s design. This thorough approach ensured that the framework not only complies with EU regulations but also reflects current best practices in cybersecurity and privacy, thereby supporting the overall success and reliability of the project.
Next Steps: Integrating the Framework in Future Work Packages
The next steps for the REEFLEX project will advance through several key phases, particularly in Work Packages (WPs) 3, 4, and 5. These phases will focus on the development and refinement of the technical solutions outlined in WP2, which are essential for the project’s success in the coming months. WP6 will also be pivotal, as it covers the demonstration and replication campaigns that will validate and scale these solutions.
The outcomes of Task 2.4, “Privacy and security of the provided solutions,” are critical to guiding the development in these phases. The privacy and cybersecurity framework established in Task 2.4 will set the standards that all technical solutions developed in WP3, WP4, and WP5 must follow. This framework will be integral during both the integration and deployment stages, ensuring that all project components comply with stringent data protection and cybersecurity requirements.
It should be highlighted that Task 4.4, “Customers research data handling, management and protection,” is particularly closely aligned with Task 2.4. While Task 2.4 defines the overarching privacy and security guidelines, Task 4.4 focuses on how customer data is handled, managed, and safeguarded throughout the project. This task will ensure that the data management practices adhere to the privacy standards established in Task 2.4, with special emphasis on customer interactions, making sure that personal and sensitive data is processed securely.
As the project progresses, the principles and protocols from Task 2.4 will continue to shape the development and deployment of REEFLEX’s solutions. Maintaining high cybersecurity and data protection standards remains a top priority, ensuring that the integrity and security of the entire system are upheld, both for newly developed and existing solutions.
Contact Information
For more information about REEFLEX, please contact us at: contact@reeflexhe.eu
Follow us on