scieee Science in your language
[en] (orig)

Deliverable D3.3 Cybersecurity and privacy practice and user acceptance criteria

Author: Trialog
Publisher: Zenodo
DOI: 10.5281/zenodo.15394347
Source: https://zenodo.org/records/15394347/files/PARMENIDES_Deliverable_D3.3.pdf
Deli e able D3.3
Cybe secu i y and p i acy p ac ice and
use accep ance c i e ia
Wo k Package 3
Disclaime
The con en o his deli e able e lec s only he au ho ’s iew. Nei he he Eu opean Clima e, In as uc-
u e and En i onmen Execu i e Agency (CINEA) no he Eu opean Commission is esponsible o any use
ha may be made o he in o ma ion i con ains.
Funded by he Eu opean Union's Ho izon Eu ope
p og amme unde G an Ag eemen nº 101096453
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 2
G an ag eemen
101096453
Type o ac ion
HORIZON-IA HORIZON Inno a ion Ac ions
Topic
HORIZON-CL5-2022-D3-01-10 In e ope able solu ions o lexibili y
se ices using dis ibu ed ene gy s o age
S a ing da e o p ojec
01.01.2023
P ojec du a ion
36 mon hs
Wo k package
WP3 - A chi ec u e design, in e ope abili y, and on ology de elop-
men
Rela ed ask
T3.3 - T us wo hiness (cybe secu i y and da a p i acy)
Deli e able due da e
M15 (31.03.2024)
Ac ual deli e y da e
M15 (31.03.2024)
Dissemina ion le el
Public
Deli e able esponsible
TRIALOG
Documen In o ma ion
Documen Ve sion: 1.0
Re ision / S a us: Submission
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 3
All Au ho s/Pa ne s
Name
O ganisa ion
Léo Co nec
T ialog
Dune Sebilleau
T ialog
Es ibaliz A zoz Fe nandez
T ialog
Guillaume Mockly
T ialog
F édé ic Mesu eu
T ialog
Documen His o y
Re ision
Con en /changes
Resp. pa ne
Da e
0.1
C ea ion o he s uc u e
T ialog
19.02.2024
0.2
Fi s d a o he documen
T ialog
08.02.2024
0.3
Comple ion o sec ion 2 and 3
T ialog
20.02.2024
0.4
Comple ion o sec ion 1, 4 and 5
T ialog
29.02.2024
0.5
Issuance o he i s ull e sion o
pa ne s e iew
T ialog
08.03.2024
Deli e able e iew
AIT
19.03.2024
0.6
Second e sion o he documen
based on pa ne s eedback
T ialog
27.03.2024
0.7
Deli e able inal e iew
AIT
31.03.2024
1.0
Final e sion
T ialog
31.03.2024
Documen App o al
Final app o al
Name
Resp. pa ne
Da e
1.0
Jawad Kazmi
AIT
31.03.2024
Copy igh No ice
© The PARMENIDES Conso ium, 2023 – 2025
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 4
Execu i e Summa y
This ask enabled o assess he s a us o he pilo s and sys ems in e ms o cybe secu i y and p i acy and
p epa e o he de ini ion o he P i acy and Secu i y Plan, ha will occu in Task 5.2, ac oss he de elop-
men phase o he PARMENIDES solu ions. This includes:
• A echnical in oduc ion o he no ion o p i acy and cybe secu i y (de ini ions, me hods, s and-
a ds)
• A p esen a ion o he PARMENIDES me hodology o e alua e he p i acy and cybe secu i y com-
pliance o he pilo s and sys ems
• The iden i ica ion o he needs and he de ini ion o he p ojec equi emen s o cybe secu i y
and p i acy
• The p esen a ion o a dashboa d which will be used o e he cou se o he sys ems de elopmen
o suppo and moni o he implemen a ion o cybe secu i y and p i acy con ols
This deli e able will desc ibe he me hod (see Figu e 1) o be used in T5.2 which is he P i acy and Secu i y
Plan (PSP). The main goal o he PSP analysis is o guide he solu ion p o ide s o make a comple e and
ho ough analysis o hei sys ems including:
1. A aining pa ha will be cons i u ed o a se ies o cou ses and wo kshops o p o ide PSP analysis
guidelines and me hods. This will be dis ibu ed along he de elopmen o he sys ems.
2. A pa icipan ’s con ibu ion o p o ide a clea unde s anding o hei sys ems in e ms o ulne a-
bili ies
3. Guidelines o iden i y h ea s and coun e measu es o pu in place
Figu e 1: PSP s eps wi hin PARMENIDES
PSP S ep #1 (T3.3)
PSP S ep #2 (T5.2)
1.1 Iden i ica ion o he p ojec
p i acy and secu i y
equi emen s and ga he ing
pa ne s’ needs
1.2 Adap he p i acy and
secu i y me hodology o he
p ojec scale and i s con ex
1.3 Implemen he adap a ion
in o he Plan o s ee (du ing
he s ep #2) he P i acy and
Secu i y analysis, pu pose o
he PSP. A high le el dashboa d
will be p o ided.
1.4 Deli e able w i ing (D3.3)
2.1 P ojec pa ne s aining session o aise p i acy and
cybe secu i y awa eness and ge in ol emen om
pa ne s du ing analysis
2.2 P epa e he p ojec PSP wi h pilo s iden i ica ion, a
s a emen , a consensus wo kshop, go e nance
es ablishmen and alloca e cybe secu i y and p i acy
compe ence needs
2.3 P i acy analysis wo kshops wi h pa ne s'
con ibu ions o each pilo
2.4 Secu i y analysis wo kshops wi h pa ne s'
con ibu ions o each pilo
2.5 PSP KPI de ini ion o each pilo
2.5 Deli e able w i ing (D5.2)
2.6 Pa ne s ollow-up and suppo in he
implemen a ions o p i acy and cybe secu i y guidelines
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 5
Table o con en s
Abb e ia ions 6
1. In oduc ion 7
1.1. PARMENIDES p ojec in oduc ion and summa y 7
1.2. Wo k Package 3 (WP3) in oduc ion 7
1.3. Task 3.3 (T3.3) in oduc ion 7
1.4. Objec i e and s uc u e 8
2. Cybe secu i y and p i acy in oduc ion 9
2.1. De ini ion, con ex , and scope 9
2.2. P i acy equi emen s 11
2.3. Secu i y equi emen s 15
3. Cybe secu i y and p i acy analysis - PARMENIDES me hodology 17
3.1. Me hodology p ocess and o ganiza ion 17
3.2. P ojec equi emen s 19
3.3. P i acy analysis 19
3.4. Cybe secu i y analysis 20
4. PARMENIDES cybe secu i y and p i acy equi emen s 21
4.1. Summa y o he pa ne s eedback o he ques ionnai e 21
4.2. P ojec equi emen s and implemen a ion 23
5. P ojec dashboa d o cybe secu i y and p i acy 27
5.1. Pu pose o he ool 27
5.2. Dashboa d p esen a ion 27
6. Conclusion 32
7. Annex 36
7.1. Annex A: Ques ionnai e 36
7.2. Annex B: Summa y o he answe s o he cybe secu i y and p i acy ques ionnai e 37
7.3. Lis o Figu es 38
7.4. Lis o Tables 38

Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 6
Abb e ia ions
Ac onym
Desc ip ion
API
Applica ion P og amming In e ace
CIA
Con iden iali y, in eg i y and a ailabili y
CNIL
F ench na ional commission on in o ma ics and eedom
CVE
Common Vulne abili ies and Exposu es
DFD
Da a Flow Diag am
DMP
Da a managemen plan
DPA
Da a P o ec ion Au ho i y
DPIA
Da a P i acy Impac Assessmen
DPO
Da a P o ec ion O ice
DSO
Dis ibu ion sys em ope a o
EC
Eu opean commission
EMS
Ene gy Managemen Sys em
EU
Eu opean Union
GDPR
Gene al Da a P o ec ion Regula ion
HESS
Hyb id Ene gy S o age Sys em
HTTPS
Hype ex T ans e P o ocol Secu e
ICT
In o ma ion and communica ion echnologies
IEC
In e na ional Elec o echnical Commission
IOT
In e ne O Things
ISO
In e na ional O ganiza ion o S anda diza ion
KPI
Key Pe o mance Indica o
LINDDUN
Linking, Iden i ying, Non- epudia ion, De ec ing, Da a Disclosu e,
Unawa eness, Non-compliance
NDA
Non-Disclosu e Ag eemen
NIS
Ne wo k and In o ma ion Secu i y
NISG
Ne wo k In o ma ion Secu i y Law
NIST
Na ional Ins i u e o S anda ds and Technology
NISTIR
NIST in e agency o in e nal epo s
OWASP
Open Wo ldwide Applica ion Secu i y P ojec
PARMENIDES
Plug&plAy eneRgy ManagEmeN o hyb ID Ene gy S o age
PECO
PARMENIDES Ene gy Communi y On ology
PETS
P i acy-enhancing echnologies
PIA
P i acy Impac Assessmen
PII
Pe sonal Iden i iable In o ma ion
POMME
P i acy ope a ionalisa ion model and me hod o enginee ing
PSP
P i acy and Secu i y Plan
RDP
Remo e Desk op P o ocol
STRIDE
Spoo ing, Tampe ing, Repudia ion, In o ma ion disclosu e, Denial o
se ice and Ele a ion o p i ilege
TLS
T anspo Laye Secu i y
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 7
1. In oduc ion
1.1. PARMENIDES p ojec in oduc ion and summa y
The ongoing ansi ion o he ene gy sys em is accompanied by digi aliza ion ac i i ies, enabling new ap-
plica ions. This esul s in a agmen a ion o exis ing pla o ms, p o ocols, and s anda ds. The e o e, in-
e ope abili y among a ious pla o ms as well as c oss-domain in e ope abili y mus be ensu ed.
The usage o on ologies p o ides an oppo uni y o add ess c oss-pla o m and c oss-domain in e ope a-
bili y. PARMENIDES aims o de elop a new on ology by ex ending exis ing on ologies o p o ide a
knowledge base, wi h a ocus on he elec ici y and hea ing domain o buildings, cus ome s, and ene gy
communi ies. I will suppo di e en use cases, ocusing on he u iliza ion o Hyb id Ene gy S o age Sys-
ems (HESS). Besides he ep esen a ion o s o age echnologies, in o ma ion abou ene gy communi y
cus ome s, hei beha iou s, and componen s including hei ela ions will be pa o he on ology, p o id-
ing a s anda dized ocabula y o he domain o ene gy communi ies. This u he includes echnical, eco-
nomic, egula o y, beha iou al, and social cons ain s o be conside ed in ope a ion.
To suppo a numbe o use cases, a new gene a ion o inno a i e Ene gy Managemen Sys ems (EMS) will
be de eloped. These sys ems will be capable o using on ology as a knowledge base. This will enable a e y
gene ic so wa e design and ensu es he scalabili y and eplicabili y o he solu ion.
As a amewo k o he in eg a ion o he EMS, PARMENIDES will de ine an in o ma ion and communica-
ion a chi ec u e, enabling an in e ope able, eliable, and secu e exchange o da a and ins uc ions. The
de eloped EMS will be demons a ed in e y di e se pilo s in Aus ia and Sweden. The Aus ian pilo will
add ess ene gy communi ies wi h di e en s o age echnologies, he Swedish pilo will ocus on lexibili y
om a e y sho ime scale h ough inno a i e hea pump con ol o elec ical and he mal ba e ies and
seasonal s o age h ough geo he mal bo ehole hea exchange s.
1.2. Wo k Package 3 (WP3) in oduc ion
The objec i es o his wo k package a e o design an in e ope able and secu e sys em a chi ec u e o sup-
po he use-cases de ined in WP2 and de elop he equi ed componen s in WP4. I will ely on exis ing
e e ences (e.g., s anda ds, epo s, e c.) and esul s om p e ious p ojec s (e.g., In e Connec , BRIDGE,
e c.). Fu he mo e, he PARMENIDES Ene gy Communi y On ology (PECO) will be de eloped, based on
exis ing on ologies o ac as a knowledge base o he new gene a ion o ene gy managemen applica ions
(WP4) and o u ilize he lexibili y o di e en s o age echnologies.
1.3. Task 3.3 (T3.3) in oduc ion
The objec i e o he ask 3.3 is o p epa e he cybe secu i y analysis (T5.2) ha will ake place h oughou
he de elopmen o he PARMENIDES pilo s and sys ems. This includes h ee main aspec s:
• The de ini ion o cybe secu i y and p i acy equi emen s o de ine he ac ions o be done wi hin
he analysis
• The de ini ion o he PARMENIDES cybe secu i y and p i acy me hodology o ensu e pilo s and
sys em compliance
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 8
• The upda e o an exis ing dashboa d acco ding o p ojec needs, wi h he objec i e o ga he ing
he analysis in o ma ion, and moni o ing he p og ess
These analyses will enable o ge an o e iew o he s a us o he solu ions de eloped in PARMENIDES in
e ms o cybe secu i y and p i acy. Fu he mo e, his ask enables o ailo he de elopmen o he cybe -
secu i y and p i acy ool and me hod o he p ojec needs.
1.4. Objec i e and s uc u e
The aim o his deli e able is o lay he ounda ions ha will be used o ca y ou he p i acy and cybe se-
cu i y analysis (T5.2), while p esen ing he p elimina y wo k ca ied ou in ask T3.3.
The deli e able is s uc u ed as ollows:
• a echnical in oduc ion o p i acy and cybe secu i y no ions wi h a ocus on me hods and s and-
a ds
• a desc ip ion o he PARMENIDES me hodology o assess he p ojec pilo s and sys ems p i acy
and cybe secu i y compliance
• a desc ip ion o he PARMENIDES equi emen s
• a p esen a ion o he dashboa d o be used wi h he me hodology
This deli e able is a p epa a o y documen and explains he me hodology o be applied in ask T5.2.
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 9
2. Cybe secu i y and p i acy in oduc ion
This chap e will de ail he mos ele an elemen s wi hin he con ex o p i acy and secu i y applied o
he p ojec . They will be desc ibed om key de ini ions o main me hods ha a e applied o he P i acy
and Secu i y Plan (PSP).
2.1. De ini ion, con ex , and scope
Fi s , i is essen ial o de ine he con ex and scope whe e cybe secu i y and p i acy will be analysed. I is
necessa y o unde s and he scope o he p ojec o p oduc o sys em o in e es , bu also he con ex o
he elemen ha will be analysed, om he da a ha will be used, sha ed, s o ed o he main ac o s o
s akeholde s ha in e ac wi hin he elemen /sys em and exchange da a be ween hem o ha e access o
ha da a.
Fo a be e unde s anding, a lis o mos ele an de ini ions is p esen ed. I will be used along his docu-
men and h ough he PSP de ini ion and isk analysis.
• PII
1
(Pe sonally Iden i iable In o ma ion): Any in o ma ion ha can be used o iden i y he PII P in-
cipal o whom such in o ma ion ela es o is o migh be di ec ly o indi ec ly linked o a PII P in-
cipal.
• Sensi i e PII: Ca ego y o pe sonally iden i iable in o ma ion (PII), ei he whose na u e is sensi i e,
such as hose ha ela e o he PII p incipal’s mos in ima e sphe e, o ha migh ha e a signi ican
impac on he PII p incipal. (e.g., heal h da a, poli ical o philosophical o ien a ion, sexual o ien a-
ion, biome ic/gene ic da a, ace, e hnic da a).
• P i acy Risk Assessmen – PIA (P i acy Impac Assessmen ) – DPIA (Da a P i acy Impac Assess-
men ):
o O e all p ocess o isk iden i ica ion, isk analysis and isk e alua ion wi h ega d o he
p ocessing o PII.
o O e all p ocess o iden i ying, analysing, e alua ing, consul ing, communica ing, and plan-
ning he ea men o po en ial p i acy impac s wi h ega d o he p ocessing o pe sonally
iden i iable in o ma ion, amed wi hin an o ganisa ion’s b oade isk managemen
amewo k.
• PII P incipals: Na u al pe son o whom he pe sonally iden i iable in o ma ion (PII) ela es. The
synonym Da a Subjec can also be used.
• P i acy B each: Si ua ion whe e PII is p ocessed in iola ion o one o mo e ele an p i acy sa e-
gua ding equi emen s. A pe sonal da a b each means a b each (due o inadequa e secu i y o
p ocesses) leading o he acciden al o unlaw ul des uc ion, loss, al e a ion, unau ho ized disclo-
su e o , o access o, pe sonal da a ansmi ed, s o ed, o o he wise p ocessed.
• P i acy Risk
2
: E ec o unce ain y on p i acy.
1
ISO/IEC 29100-:2011
2
ISO/IEC 29100:2011
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 16
ope a ion in a sys em ha lacks he abili y o ace he p o-
hibi ed ope a ion).
I
In o ma ion
disclosu e
Con iden iali y
P o iding in o ma ion o someone no au ho ized o access
i (e.g., use s ead a ile ha hey a e no g an ed access o
o an in ude eads da a in ans e ).
D
Denial o Se -
ice
A ailabili y
Exhaus ing esou ces needed o p o ide se ice (e.g., an a -
ack deny se ice o alid use s). I hinde s sys em a ailabil-
i y and eliabili y.
E
Ele a ion o
p i ilege
Au ho iza ion
Allowing someone o do some hing hey a e no au ho ized
o do (e.g., use s gain p i ileged access o comp omise o
des oy he en i e sys em. The a acke has pene a ed he
sys em and becomes pa o he us ed sys em i sel ).

Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 17
3. Cybe secu i y and p i acy analysis - PARMENIDES me hodology
The ollowing sec ion aims a desc ibing he me hodology applied in PARMENIDES o p o ide a cybe secu-
i y and p i acy analysis o he p ojec demons a o s and sys ems. This p ocess is based on an exis ing
me hodology de eloped by T ialog and success ully demons a ed in p e ious EU p ojec s, e.g., In e Con-
nec [1], Ene gica [2] e c. In he con ex o each p ojec he T ialog eam wo k on he iden i ica ion o he
p ojec and pa ne s’ needs and hen adap and cus omise he exis ing me hodology o i he equi e-
men s. Indeed, each p ojec has hei own cybe secu i y and p i acy equi emen s. In pa allel, he co e-
sponding de elopmen s and ea u es a e in eg a ed in o he T ialog ool/dashboa d.
The name o he T ialog me hodology is P i acy and Secu i y Plan (PSP).
Me hodology objec i e:
Ensu e ha secu i y and p i acy is adequa ely managed wi hou dead zone in PARMENIDES demons a-
o s and sys em-o -in e es and i s associa ed ecosys em.
3.1. Me hodology p ocess and o ganiza ion
The PARMENIDES me hodology is di ided in wo main s eps as desc ibe by Figu e 3. Fi s ly, he iden i ica-
ion and p epa a ion s ep. And secondly, he p i acy and cybe secu i y analysis o pilo s and sys ems.
The 1s s ep o his p ocess is based on a ques ionnai e (see Sec ion 7.1) o be answe ed by he p ojec
pa ne s. Feedbacks combined wi h a e iew o he p ojec con ex and needs a e necessa y o iden i y
he p ojec equi emen s. Based on hese equi emen s he me hodology o he PSP and associa ed ools
a e adap ed o co e all he needs. In his p ojec he 1s s ep co esponds o Task 3.3.
The 2nd s ep o his p ocess is based on he p elimina y wo k done in he 1s s ep as well as a se ies o
wo kshops wi h he ask con ibu o s. These sessions will be o ganised by T ialog o p epa e he P i acy
and Secu i y Plan. Fi e main phases cons i u e he 2nd s ep o he PSP:
• T aining sessions will be pe o med by T ialog o he ask con ibu o s o ensu e a su icien le el
o knowledge. The ollowing subjec s will be co e ed:
o P epa ing a PSP
o P i acy analysis
o Secu i y analysis
o P i acy and secu i y p og am KPI
• The mos ex ensi e s eps (2.2, 2.3 and 2.4) consis o a se ies o ocused wo kshops o each pilo ,
ga he ing T ialog’s cybe secu i y expe and he pilo leade s. These wo kshops enable a ge ed
secu i y and p i acy analysis o be ca ied ou o each pilo and sys ems o be de eloped as pa
o he p ojec . The numbe o sessions o o ganise by pilo will depend on he complexi y o hei
In o ma ion and communica ion echnologies (ICT) in as uc u e. The pa icipan s o he wo k-
shop should ha e a good ision o he o e all pilo a chi ec u e and use-cases in o de o be able
o iden i y h ea s and b eaches a he whole sys em le el.
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 18
• The KPIs de ini ion is impo an as i will ensu e an e icien moni o ing o he imp o emen s based
on he esul s o he analysis.
• The objec i e o phase 2.6 is o suppo he pa ne s in he implemen a ion o he ecommenda-
ions and o moni o he p og ess hank o he KPIs.
Figu e 3: PARMENIDES PSP me hodology phases
PSP S ep #1 (T3.3)
PSP S ep #2 (T5.2)
1.1 Iden i ica ion o he p ojec
p i acy and secu i y equi e-
men s and ga he ing pa ne s’
needs
1.2 Adap he p i acy and secu-
i y me hodology o he p ojec
scale and i s con ex
1.3 Implemen he adap a ion
in o he Plan o s ee (du ing
he s ep #2) he P i acy and Se-
cu i y analysis, pu pose o he
PSP. A high le el dashboa d will
be p o ided.
1.4 Deli e able w i ing (D3.3)
2.1 P ojec pa ne s aining session o aise p i acy and
cybe secu i y awa eness and ge in ol emen om pa -
ne s du ing analysis
2.2 P epa e he p ojec PSP wi h pilo s iden i ica ion, a
s a emen , a consensus wo kshop, go e nance es ab-
lishmen and alloca e cybe secu i y and p i acy compe-
ence needs
2.3 P i acy analysis wo kshops wi h pa ne s' con ibu-
ions o each pilo
2.4 Secu i y analysis wo kshops wi h pa ne s' con ibu-
ions o each pilo
2.5 PSP KPI de ini ion o each pilo
2.5 Deli e able w i ing (D5.2)
2.6 Pa ne s ollow-up and suppo in he implemen a-
ions o p i acy and cybe secu i y guidelines
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 19
3.2. P ojec equi emen s
The aim o he cybe secu i y and p i acy equi emen s (see sec ion 0) is o answe he ollowing ques ions
[3] in o de o guide he analysis:
• Wha is he s a e o he solu ions in e ms o cybe secu i y and p i acy?
• Wha a e he e o s dedica ed o cybe secu i y and p i acy?
• Wha a e he needs om he pa ne s on he cybe secu i y and p i acy side?
• How a e he needs dis ibu ed ac oss he pilo s and hei componen s?
The cybe secu i y and p i acy equi emen s we e de ined in collabo a ion wi h he p ojec con ibu o s,
solu ion p o ide s in o de o make su e o ge a good unde s anding o he p ojec needs. A ques ionnai e
was answe ed o p o ide he ollowing in o ma ion:
• P esence o Pe sonally Iden i iable In o ma ion (PII) da a in pilo s
• The e o s dedica ed owa ds cybe secu i y and p i acy
• The cybe secu i y and p i acy ea u es in place
• Risks analysis pe o med
• Speci ic ag eemen al eady in place wi hin pilo s
• Cybe secu i y and p i acy le el o he pa icipan s
• Expec a ions om his s udy
3.3. P i acy analysis
The p i acy analysis aims o suppo he solu ion p o ide s in iden i ying and assessing he isks o p i acy
in he de eloped sys ems.
I i s s a s by desc ibing Pe sonal Iden i iable In o ma ion (PII), as well as he con ex in o ma ion. In
pa icula , he amewo ks o he P i acy Impac Assessmen (PIA) p ocess a e in es iga ed, including
local egula ions.
The po en ial b eaches a e hen s udied, including he ca ego ies hey all in o, hei goal, and he lis o
s akeholde s who may be a ec ed. The h ea s a e in es iga ed and linked o he b eaches desc ibed ea -
lie . They a e ca ego ized acco ding o he LINDDUN ca ego ies and associa ed o hei goals and s ake-
holde s.
The impac o each b each is hen iden i ied, including he use , ope a ional and o e all impac le els, as
well as he a ionale o each o hem. A e wa ds, he isk associa ed wi h each b each is assessed, by
combining he likelihood and impac a ings.
A con ol s a egy is inally de ined, including he s a egy o he con ol, i s ca ego iza ion, and equi e-
men s. The plan o he managemen o p i acy inciden s is also de ined.
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 20
3.4. Cybe secu i y analysis
The secu i y analysis begins wi h a desc ip ion o he sys em, i s in e aces, asse s, s akeholde s, and use-
cases. The analysis pa ame e s, including he likelihood, impac and isk scales, he isk map and ea men
s a egy can be de ined.
The nex s ep consis s o iden i ying he h ea s, s a ing by de ining he a acke p o iles, and a aching
hem o he h ea s, along wi h he goal, asse s in ol ed, impac and a ge p ope ies o each h ea .
A ack scena ios a e hen in es iga ed. The e en s a e iden i ied, desc ibing hei e ec , he iden i ica ion
o possible Common Vulne abili ies and Exposu es (CVE), he a ge p ope ies and he likelihood o he
e en . They a e linked o he a ack pa hs ha a e de ined a e wa ds, wi h he ela ed h ea s, and he
likelihood o each a ack pa h.
F om he e, he global isk le el is calcula ed, by combining he likelihood and impac a ings o each isk.
The isks a e also linked o he a ack pa hs.
Finally, he ea men plans a e elabo a ed, by de ining he s a egies used o ea he isks and he pos-
sible con ols wi h hei goals and implemen a ion p ocess, and a aching hem o he isks, wi h he im-
pac o he ea men .
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 21
4. PARMENIDES cybe secu i y and p i acy equi emen s
This sec ion o he deli e able summa izes he PARMENIDES equi emen s and expec a ions based on
pa ne s eedbacks. The de ini ion o he cybe secu i y and p i acy equi emen s was conduc ed o wo
main easons: o assess he s a e o he sys ems in e ms o cybe secu i y and p i acy in o de o be p e-
pa e o he P i acy and Secu i y Plan (PSP) analysis ha will ake place in Task 5.2, and o ailo he de el-
opmen o he PSP ool and dashboa d, desc ibed in sec ion 0, o he needs o he p ojec .
4.1. Summa y o he pa ne s eedback o he ques ionnai e
As men ioned ea lie in his deli e able a ques ionnai e was sen o he p ojec pa ne s in ol ed in he
Swedish and Aus ian pilo s as well as o he p ojec de elopmen s. The aim o his ques ionnai e was
mainly o unde s and he p ojec needs/ equi emen s, pa ne s knowledge le el/s a us and pa ne s ex-
pec a ions.
The ollowing ques ions we e asked o he pa ne s:
• Is he sys em handling Pe sonally Iden i iable In o ma ion (PII)? Sensi i e da a?
• Apa om asks speci ically dedica ed o cybe secu i y issues, wha e o s a e dedica ed o im-
plemen ing cybe secu i y and p i acy measu es in he wo k o come?
• Wha cybe secu i y and p i acy ea u es a e al eady in place in you pilo ?
• Ha e you al eady pe o med a isks analysis o you sys em o pilo ?
• A e he e speci ic ag eemen s in place wi hin he exis ing pilo s?
• A e he pa icipan s expe imen ed o ained on cybe secu i y o p i acy issues?
• Wha you minimal expec a ions could be o a cybe secu i y and p i acy analysis ool o you
sys em o pilo ?
The ollowing sec ions summa ize he answe s ecei ed.
Is he sys em handling Pe sonally Iden i iable In o ma ion (PII)? Sensi i e da a?
Acco ding o he pa ne s, Pe sonally Iden i iable In o ma ion (PII) will be handled by he wo pilo s and in
gene al by he sys em. Howe e , i will no include Sensi i e da a [3] (pe sonal da a e ealing acial o
e hnic o igin, poli ical opinions, eligious o philosophical belie s; ade-union membe ship; gene ic da a,
biome ic da a p ocessed solely o iden i y a human being; heal h- ela ed da a; da a conce ning a pe son’s
sex li e o sexual o ien a ion). P ojec sys em will include c i ical da a no only om he cus ome s bu
om he DSO as well.
Cus ome PII will be: name o he cus ome , add ess, numbe , me e ing poin , ins alled pho o ol aic
powe , consump ion including consump ion pa e n, ela ed measu ing da a e c.
DSO c i ical da a a e: g id opologies as ans o me s a ion, echnical da a o g id asse s, swi ching s a es,
connec ion poin s o asse s e c.

Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 22
Apa om asks speci ically dedica ed o cybe secu i y issues, wha e o s a e dedica ed o imple-
men ing cybe secu i y and p i acy measu es in he wo k o come?
Gene ally, he pa ne s ha e al eady wo ked on he subjec o p i acy by se ing up con ac s abou p i acy
and consen wi h cus ome s and hi d pa ies. In addi ion, in he sys em de elopmen case hey aim o
include hese conside a ions by-design o o make su e ha hi d-pa y componen s a e. Some o hem
a e also conside ing he Ne wo k In o ma ion Secu i y Law (NISG) wi h audi logs as well as da a enc yp ion
and anonymisa ion.
Wha cybe secu i y and p i acy ea u es a e al eady in place in you pilo ?
He e a e he main ea u es aised by he pa ne s wi hin his su ey:
• Audi Logs
• Enc yp ed communica ion be ween sys ems
• Use o con aine s wi h Docke o se ices
• Da abase anonymiza ion
• Da abase access only possible o se ices unning on he Remo e Desk op P o ocol (RDP)
• In eg a ion by-design
• G id asse s and communica ion in he low ol age g id p o ec ed by he g id ope a o di ec ly
• Use consen o he da a managemen policy
• All back-end componen s a e ins alled on p i a e machines in he p o ec ed cloud wi h emo e
access au hen ica ed ia public-p i a e keys
• F on -ends and public Applica ion P og amming In e aces (APIs) a e exposed on speci ic po s ia
p oxy se e s ins alled on public machines. Access o APIs and on ends occu s exclusi ely ia he
Hype ex T ans e P o ocol Secu e (HTTPS) p o ocol, o e ing T anspo Laye Secu i y (TLS) 1.2
enc yp ion in ansi
• Use o ISO/IEC 27001 o gua an ee he con iden iali y, in eg i y and a ailabili y (CIA) o in o -
ma ion 'in use'
• All in e ope abili y laye s suppo he secu e anspo o in o ma ion in compliance wi h Open
Wo ldwide Applica ion Secu i y P ojec (OWASP) equi emen s
• The EMS includes an iden i y and access managemen sys em, o s ong au hen ica ion, such as
mul i- ac o au hen ica ion, au ho iza ion and single sign-on, adminis a ion and managemen o
policies and oles. App op ia e measu es a e used o he managemen o digi al iden i ies (e.g.
ce i ica es) and o machine- o-machine communica ion (e.g. TLS)
Ha e you al eady pe o med a isks analysis o you sys em o pilo ?
Some pa ne s ha e al eady pe o med a isk analysis h ough EU p ojec s o subcon ac ing. The me h-
odologies used we e STRIDE, NIST SP 800-115 s anda ds and GDPR analysis.
A e he e speci ic ag eemen s in place wi hin he exis ing pilo s?
He e a e he exis ing ag eemen s in place wi hin he exis ing pilo s:
• some pa ne s ha e se up con ac s among hem o ensu e p i acy h ough anonymise da a
• con ac s be ween pilo si e enan and esea ch ins i u e
• Non-Disclosu e Ag eemen (NDA) among some pa ne s
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 23
• P i acy s a emen and decla a ion o consen by cus ome s
A e he pa icipan s expe imen ed o ained on cybe secu i y o p i acy issues?
The pa icipan s' le el o knowledge is ai ly he e ogeneous. Some ha e no knowledge o hese subjec s,
while o he s ha e ecei ed aining on GDPR and p i acy.
Wha you minimal expec a ions could be o a cybe secu i y and p i acy analysis ool o you sys em
o pilo ?
He e a e he pa ne s’ main expec a ions:
• p i acy and cybe secu i y con ex and aining
• p i acy and cybe secu i y s a us
• bes p ac ices guidelines
• simula ion o a ack
• include NIS2 [4] equi emen s in he p ocess
4.2. P ojec equi emen s and implemen a ion
This sec ion s a s by p esen ing a summa y o he PARMENIDES pa icipan s answe s o a ques ionnai e
sen o hem o unde s and hei needs in addi ion o he p ojec s ones. The ollowing sub-sec ions de-
sc ibe one iden i ied equi emen s and he way i is plan o be implemen ed in o he p ojec .
4.2.1 Analysis o sys em secu i y & p i acy
De ini ion o he equi emen
The main equi emen iden i ied co esponds o ob aining an o e iew o he sys ems’ secu i y and ul-
ne abili ies.
This analysis should p o ide a one-sho b oad analysis o all aspec s o cybe secu i y and p i acy wi hin
he pilo s and co e he di e en poin s ha we e poin ed ou by esponden s o iden i ied as ele an by
T ialog. The me hod allows o moni o p og ess in implemen ing measu es hanks o he use o KPI.
This one-sho analysis should enable he solu ion p o ide s o ge a deep unde s anding o cybe secu i y
and p i acy p inciples, based on ele an e e ence a chi ec u es, ISO s anda ds (including Managemen
s anda ds & Managemen sys ems s anda ds [5], 20889 [6], 27xxx se ies [7] [8] [9] [10] [11] [12] [13],
29100 [14], 29134 [15], 31000 [16], 31700 [17]), IEC s anda ds 62443 se ies [18], NIST guidelines (NISTIR
7628 [19] and 8062 [20]) and p i acy [21] and secu i y amewo ks, EC ecommenda ions on cybe secu i y
in he ene gy sec o (SWD (2019) 1240 inal), LINDDUN p i acy h ea model [22], STRIDE Th ea model-
ling, MITRE Knowledge bases and he CNIL P i acy Impac Assessmen Me hodology [23].
Since some pa icipan s could ocus hei e o s on cybe secu i y and p i acy in o a ew na ow a eas,
such as one sys em en y poin , o he da a enc yp ion, i is especially impo an ha his analysis co e s
all aspec s o cybe secu i y and p i acy and p o ide an analysis o he comple e sys em.
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 24
Implemen a ion in PARMENIDES
The main goal o he PSP analysis is o guide he solu ion p o ide s o make a comple e and ho ough
analysis o hei sys ems including:
• A aining pa ha will be cons i u ed o a se ies o cou ses and wo kshops o p o ide PSP analysis
guidelines and me hods. This will be dis ibu ed along he de elopmen o he sys ems.
• A pa icipan s’ con ibu ion o p o ide a clea unde s anding o hei sys ems in e ms o ulne a-
bili ies.
• Guidelines o iden i y h ea s and coun e measu es o pu in place.
4.2.2 T aining sessions
De ini ion o he equi emen
As poin ed ou by some pa icipan s, i is impo an o he p ojec o p o ide aining and awa eness on
cybe secu i y and p i acy.
Implemen a ion in PARMENIDES
To espond o his need, he i s s age o he PSP is o conduc aining and awa eness wo kshops, o
ensu e ha he en i e g oup is a a su icien le el o knowledge, o unde s and he challenges, o p o ide
ele an in o ma ion and o be able o capi alize on he wo k ca ied ou a e he ask.
4.2.3 Ac ion plan o imp o emen
De ini ion o he equi emen
The analysis o he sys em h ough he PSP ool should end wi h he es ablishmen o an imp o emen
epo , ha highligh s he pa s o he sys em whe e imp o emen s a e equi ed, and indica es how he
sys em should be modi ied o achie e a su icien le el o secu i y. This epo can be conside ed as a plan
o ollow. This has been highligh ed as ele an by some o he esponden s.
The epo should p o ide:
• An o e iew o he analysis o he cybe secu i y and p i acy in he sys em
• An unde s anding o he weaknesses o he sys em
• A highligh o he main isks
• Sugges ions and guidelines o sys em imp o emen s
Implemen a ion in PARMENIDES
The ou pu o he PSP will be a w i en epo , deli e ed o he pilo a e comple ion o he PSP p ocess
and suppo ed by he PSP dashboa d. This epo will p o ide in o ma ion on:
• How he PSP has been p epa ed
• The cha ac e iza ion o he sys em
• P i acy analysis esul s
• Cybe secu i y analysis esul s
• P i acy and Cybe secu i y KPI esul s
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 25
The epo will he e o e p o ide he needed o e iew and analysis o he sys ems, enabling solu ion p o-
ide s o implemen imp o emen s acco dingly. In pa icula , i will highligh he a eas o he sys ems ha
will need o be secu ed in p io i y by highligh ing he scale and likelihood o he mos signi ican isks.
Howe e , he choice o he mos ele an solu ion o implemen will be done by he solu ion de elope s.
4.2.4 E idence o Compliance
De ini ion o he equi emen
The PSP should p o ide e idence ha he sys em espec s he p i acy and cybe secu i y p inciples ha
cons i u es he coo dina ed secu i y and p i acy-by-design p ac ice on which is based he PSP ool.
The e idence o compliance aims o p o e ha he sys ems ha e implemen ed he necessa y measu es o
ensu e he secu i y o hei sys ems.
The e idence o compliance should he e o e en ail:
• A p oo o he ull analysis o he sys em in e ms o cybe secu i y and p i acy, aiming o de ec
any weaknesses.
• No malized es ing ollowing p i acy and secu i y s anda ds o p o e he compliance o he sys em
o said s anda ds.
• A ocus on NIS2 equi emen s [4]
Implemen a ion in PARMENIDES
The PSP ool will no be able o p o ide any s anda dized ce i ica ions, as i doesn’ ha e access o he
sys ems o es ing, only o he decla a ions o he PSP pa icipan s. A se o KPIs will mo eo e enable o
gi e indica ions on he ma u i y and secu i y le els o all sys ems in ol ed.
Resul s o he PSP can be p esen ed as p oo ha a isk-based app oach has been aken o manage cybe -
secu i y and p i acy, which is a NIS2 equi emen . The PSP i sel is no enough o ensu e NIS2 compliance
as he di ec i e also co e s pe sonnel aining, inciden epo ing and coo dina ion wi h cybe secu i y
agencies, and is e alua ed o a company/o ganisa ion and no a sys em/pilo .
Wi h his in mind, he PARMENIDES pa ne s will be asked du ing he p elimina y wo kshops o p o ide a
desc ip ion o hei cybe secu i y inciden managemen p ocess as an inpu o he PSP.
4.2.5 De ini ion o access plan o da a o be sha ed
De ini ion o he equi emen
The da a p esen in he pilo s should be analysed in o de o cha ac e ize and p o ec hem adequa ely.
The analysis o he da a should include:
• The sensi i eness o he da a
• The impac in case o leak
• The access igh s o pa ne s o he p ojec
• The app op ia e le el o dissemina ion
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 32
6. Conclusion
The wo k done in Task 3.3 p epa es and lays he necessa y ounda ions o he PARMENIDES cybe secu i y
and p i acy analysis. The e iew o he pa ne s s a us and expec a ions, shows ha hey ha e a ious
le els o ma u i y and expe ise in he analysis o hei sys ems and de elopmen o cybe secu i y and
p i acy ea u es.
This ask enabled o assess he s a us o he pilo s and sys ems in e ms o cybe secu i y and p i acy and
p epa e o he de ini ion o he P i acy and Secu i y Plan, ha will occu in Task 5.2, ac oss he de elop-
men phase o he PARMENIDES solu ions.
A se ies o equi emen s, de ined in collabo a ion wi h solu ion p o ide s, enabled o ailo he PSP me h-
odology and dashboa d o hei need. The PSP dashboa d aims o suppo he solu ion p o ide s, h ough-
ou he PSP analysis ha will ake place in Task 5.2, o achie e a su icien and homogeneous le el o
cybe secu i y in he p ojec .

Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 33
Re e ences
[1]
In e connec p ojec , G an ag eemen No 857237, “The Seman ic In e ope abili y F amewo k,” in
Sus ainable Places, B ussels, 2022.
[2]
H2020 P ojec , “Ene gica websi e,” [Online]. A ailable: h p://ene gica-h2020.eu/ /.
[3]
Eu opean Commission, “Wha pe sonal da a is conside ed sensi i e?,” [Online]. A ailable:
h ps://commission.eu opa.eu/law/law- opic/da a-p o ec ion/ e o m/ ules-business-and-
o ganisa ions/legal-g ounds-p ocessing-da a/sensi i e-da a/wha -pe sonal-da a-conside ed-
sensi i e_en#:~: ex =pe sonal%20da a%20 e ealing%20 acial%20o ,sex%20li e%20o %20.
[4]
NIS2 Di ec i e, “NIS2 Requi emen s,” [Online]. A ailable: h ps://nis2di ec i e.eu/nis2-
equi emen s/.
[5]
ISO, “Managemen sys em s anda ds,” ISO, [Online]. A ailable: h ps://www.iso.o g/managemen -
sys em-s anda ds.h ml. [Accessed 06 01 2023].
[6]
ISO, “ISO/IEC 20889:2018 P i acy enhancing da a de-iden i ica ion e minology and classi ica ion o
echniques,” 2018. [Online]. A ailable: h ps://www.iso.o g/s anda d/69373.h ml. [Accessed 06 01
2023].
[7]
ISO, “ISO/IEC 27701:2019 Secu i y echniques — Ex ension o ISO/IEC 27001 and ISO/IEC 27002 o
p i acy in o ma ion managemen — Requi emen s and guidelines,” 2019. [Online]. A ailable:
h ps://www.iso.o g/s anda d/71670.h ml. [Accessed 06 01 2023].
[8]
ISO, “ISO/IEC TS 27570:2021 P i acy p o ec ion — P i acy guidelines o sma ci ies,” 2021. [Online].
A ailable: h ps://www.iso.o g/s anda d/71678.h ml. [Accessed 06 01 2023].
[9]
ISO, “ISO/IEC 27556:2022 In o ma ion secu i y, cybe secu i y and p i acy p o ec ion — Use -cen ic
p i acy p e e ences managemen amewo k,” 2022. [Online]. A ailable:
h ps://www.iso.o g/s anda d/71674.h ml. [Accessed 06 01 2023].
[10]
ISO, “ISO/IEC TR 27550:2019 In o ma ion echnology — Secu i y echniques — P i acy enginee ing
o sys em li e cycle p ocesses,” 2019. [Online]. A ailable:
h ps://www.iso.o g/s anda d/72024.h ml. [Accessed 06 01 2023].
[11]
ISO, “ISO/IEC CD 27561.2 In o ma ion echnology — Secu i y echniques — P i acy
ope a ionalisa ion model and me hod o enginee ing (POMME),” ISO, [Online]. A ailable:
h ps://www.iso.o g/s anda d/80394.h ml. [Accessed 06 01 2023].
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 34
[12]
ISO, “ISO/IEC 27400:2022 Cybe secu i y — IoT secu i y and p i acy — Guidelines,” 2022. [Online].
A ailable: h ps://www.iso.o g/s anda d/44373.h ml. [Accessed 06 01 2023].
[13]
ISO, “ISO/IEC 27559:2022 In o ma ion secu i y, cybe secu i y and p i acy p o ec ion – P i acy
enhancing da a de-iden i ica ion amewo k,” 2022. [Online]. A ailable:
h ps://www.iso.o g/s anda d/71677.h ml. [Accessed 06 01 2023].
[14]
ISO, “ISO/IEC 29100:2011 In o ma ion echnology — Secu i y echniques — P i acy amewo k,”
2011. [Online]. A ailable: h ps://www.iso.o g/s anda d/45123.h ml. [Accessed 06 01 2023].
[15]
ISO, “ISO/IEC 29134:2017 In o ma ion echnology — Secu i y echniques — Guidelines o p i acy
impac assessmen ,” ISO, 2017. [Online]. A ailable: h ps://www.iso.o g/s anda d/62289.h ml.
[Accessed 06 01 2023].
[16]
ISO, “ISO 31000:2018 (en) Risk managemen — Guidelines,” 2018. [Online]. A ailable:
h ps://www.iso.o g/obp/ui#iso:s d:iso:31000:ed-2: 1:en. [Accessed 06 01 2023].
[17]
ISO, “ISO 31700-1 Consume p o ec ion — P i acy by design o consume goods and se ices — Pa
1: High-le el equi emen s,” 2023. [Online]. A ailable: h ps://www.iso.o g/s anda d/84977.h ml.
[Accessed 06 01 2023].
[18]
ISA, “ISA/IEC 62443 Se ies o S anda ds,” 2022. [Online]. A ailable: h ps://www.isa.o g/s anda ds-
and-publica ions/isa-s anda ds/isa-iec-62443-se ies-o -s anda ds. [Accessed 06 01 2023].
[19]
NIST, “NISTIR 7628 Re . 1 Guidelines o Sma G id Cybe secu i y,” 2014. [Online]. A ailable:
h ps://cs c.nis .go /publica ions/de ail/nis i /7628/ e -1/ inal. [Accessed 06 01 2023].
[20]
NIST, “NISTIR 8062 An In oduc ion o P i acy Enginee ing and Risk Managemen in Fede al Sys em,”
NIST, 2017. [Online]. A ailable: h ps://n lpubs.nis .go /nis pubs/i /2017/NIST.IR.8062.pd .
[Accessed 06 01 2023].
[21]
NIST, “P i acy F amewo k,” 2022. [Online]. A ailable: h ps://www.nis .go /p i acy- amewo k.
[Accessed 06 01 2023].
[22]
Lindunn, “LINDDUN p i acy enginee ing,” 2020. [Online]. A ailable: h ps://www.linddun.o g/.
[Accessed 06 01 2023].
[23]
CNIL, “P i acy impac assessmen (PIA),” 02 2018. [Online]. A ailable:
h ps://www.cnil. /si es/de aul / iles/a oms/ iles/cnil-pia-1-en-me hodology.pd . [Accessed 06 01
2023].
[24]
Eu opean p ojec Sende (GA n°957755), “Deli e able 4.2: Secu i y and P i acy p o ec ion ac ion
plan and esul s,” 2022.
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 35
[25]
Eu opean p ojec Maesha (GA n°957843), “Deli e able D7.3: Secu i y and p i acy p o ec ion ac ions
plan and esul s,” 2022.
[26]
In e connec Eu opean p ojec G an ag eemen No 857237, “Deli e able 2.1: Secu e in e ope able
IoT sma home/building and sma ene gy sys em e e ence a chi ec u e,” 2020.
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 36
7. Annex
7.1. Annex A: Ques ionnai e
Figu e 7: Ques ionnai e use du ing ask T3.3 o ga he pa ne s eedback
Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 37
7.2. Annex B: Summa y o he answe s o he cybe secu i y and p i acy ques ion-
nai e
Table 3: Summa y o ques ionnai e pa ne s answe s
Ques ion
AIT
ENS
MAPS
KTH
Use o PII
Yes
Yes
Yes
Yes
Use o sensi i e da a
No
No
No
No
E o s o Cybe se-
cu i y and P i acy
E o du ing he so-
lu ion de elopmen
Unknown
E o s du ing he
so wa e design and
de elopmen a e
done
Use o a BMS wi h
cybe secu i y and
p i acy compliance
Fea u es o Cybe -
secu i y and P i acy
Audi logs, da a en-
c yp ion, docke
con aine , da abase
anonymiza ion, da a
only accessible om
se ices on RDP
G id asse s and com-
munica ion in he
low ol age g id a e
p o ec ed ia g id
ope a o speci ic cy-
be secu i y and p i-
acy
ISO/IEC 27001, back-
end componen s on
p i a e machines, use
o cloud bes p ac ices,
inc. iden i y manage-
men sys em, compli-
ance wi h OWASP e-
qui emen s ela ed o
TLS
BMS om Schneide
Elec ic including ex-
ensi e unc ionali y
Risk analysis
Yes
Yes
Yes
No
Speci ic ag eemen s
NDA wi h ENS o us-
ing anonymized cus-
ome da a
Cus ome will be in-
o med and ag eed on
a p i acy s a emen
and decla a ion o con-
sen
NDA wi h MAPS, AIT &
Siemens o sha ing
anonymized cus ome
da a
No
Yes, ag eemen be-
ween KTH Li e-in
Lab and i s enan s
Pa icipan s expe i-
ence
Yes (GDPR, p i acy,
PII, e c)
Unknown
Only on GDPR
No
Expec a ions o PSP
P i acy and cybe se-
cu i y aining
X
X
P i acy and cybe se-
cu i y analysis
X
X
X
Ac ion plan o im-
p o emen
X
X
X
X
E idence o Compli-
ance
X
X
X
De ini ion o access
plan o da a o be
sha ed
X
X
X
X
Simula ion o a ack
X
X

Deli e able D3.3 Cybe secu i y and p i acy p ac ice and use accep ance c i e ia 38
7.3. Lis o Figu es
Figu e 1: PSP s eps wi hin PARMENIDES ....................................................................................................... 4
Figu e 2: LINDDUN me hodology s eps ....................................................................................................... 13
Figu e 3: PARMENIDES PSP me hodology phases ....................................................................................... 18
Figu e 4: Dashboa d o e iew .................................................................................................................... 29
Figu e 5: PSP use help (pa 1) .................................................................................................................... 30
Figu e 6: PSP use help (pa 2) .................................................................................................................... 31
Figu e 7: Ques ionnai e use du ing ask T3.3 o ga he pa ne s eedback ............................................... 36
7.4. Lis o Tables
Table 1: LINDDUN h ea s ca ego ies .......................................................................................................... 14
Table 2: STRIDE h ea s ca ego ies .............................................................................................................. 15