RESili8 Resilience for Cyber-Physical Energy Systems


Resilience for future energy systems cannot be ensured by over-provisioning, as is done today. It is not socially sustainable and cannot address the complexity and challenges of the digital transformation that energy systems are undergoing. Resilience thinking and practice for energy systems needs to be reinvented. RESili8 does this through a novel resilience solution package for cyber-physical energy systems, including optimal and sustainable planning and AI-based analysis of resilient architectures, continuous implementation and validation of resilient applications, and new solutions for resilient operation of energy systems. This innovative solution package will advance the green energy transition by ensuring security of supply and facilitates the further integration of green energy technologies.


Harmonisation of architecture and vulnerability modelling for ARL-based analysis and operational management strategies.

A major contribution of the predecessor project LarGo! was the methodology of misuse case modelling. This approach, which is based on classical use case modelling, allows domain knowledge about possible fault and attack vectors to be systematically captured. RESili8 aims to create an overall concept for smart grid architecture modelling using Smart Grid Architecture Model (SGAM) for risk analysis, misuse case modelling using IEC 62559-2 and known IT security methodologies1 and formats for static a-priori security analysis. The goal is to transfer these approaches into a serialised machine-readable format in order to make domain knowledge from the modelling algorithmically usable and to make it available as blueprints and an open archive. This will create a standardised platform based on SGAM and established JRC/ENISA methodologies, which will enable ISO 31000-based risk management at the architecture level and will assess and assign mitigations and make them verifiable by means of KPIs. These are also made available to third parties as best practices via a TAXII-based platform. The serialised architecture information, best practices in the context of mitigation and predefined vulnerabilities or attack vectors are to be used to utilise ARL agents as an analysis tool. The agent classes of the ARL methodology, attackers and defenders, do not possess any domain information themselves. On the one hand, this is a great strength because they learn completely new strategies by exploring the respective target environment; does the competitive nature of the ARL approach lead to faster learning of more robust strategies in contrast to known Deep Reinforcement Learning (DRL) approaches. On the other hand, this necessitates simulation environments that - depending on the complexity of the strategies - must efficiently execute many simulation runs (episodes). Especially in the case of complex CPES, this means a high expenditure of time despite the advantages of the ARL concept, while already known domain knowledge cannot be used. In RESili8, a solution is therefore to be developed with which the agents can learn from the domain knowledge already systematically captured by the modelling (so-called offline learning). RESili8 makes use of the duality of the ARL concept: The attacker trained by offline and classical online learning inevitably also trains a defender agent. The strategies for resilient operation developed here by the defender are evaluated and themselves transferred into standardised templates. In this way, RESili8 develops a comprehensive solution to effectively extend domain modelling.

Translated with (free version)


  • Misuse-Case-Modellierung
  • SGAM
  • Adversarial Resilience Learning

External Leader

Filip Pröstl Andrén, AIT Austrian Institute of Technology
Learning new attack vectors from misuse cases with deep reinforcement learning

Veith, Eric and Wellßow, Arlena and Uslar, Mathias; Frontiers in Energy Research; 2023

AIT Austrian Institute of Technology
Wiener Netze GmbH
Resilience for Cyber-Physical Energy Systems
Solandeo GmbH
KTH (Royal Institute of Technology)
Dlaboratory Sweden AB
Eindhoven University of Technology


Start: 01.05.2022
End: 30.04.2025

Related projects


Polymorphic agents as cross-sectional software technology for the analysis of the operational safety of cyber-physical systems


A Cognitive Detection System For Cybersecure Operational Technologies