Exploiting Data Spaces to Enable Privacy Preserving Data Exchange in the Energy Supply Chain Luigi Coppolino1,∗ , Alessandro De Crecchio2,∗ , Roberto Nardone2,∗ , Alfredo Petruolo1,∗ , Luigi Romano1,∗ and Federica Uccello1 1 University of Naples ‘Parthenope’, Centro Direzionale, 80143 Naples, Italy 2 Scuola IMT Alti Studi Lucca, Piazza S. Ponziano, Lucca Abstract In the modern digital landscape, ensuring secure data sharing within complex infrastructures is not trivial. This paper presents an in-depth analysis of dataspaces and their crucial role in enhancing privacy- preserving data exchange within the energy supply chain. The main contribution of the work includes the design of the architecture of dataspaces, emphasizing their utility in addressing legal and technical challenges while ensuring data sovereignty and stakeholder trust. Through a focused case study and STRIDE analysis, the practical application and security benefits of dataspaces are illustrated, underscoring their significance in fostering a secure, efficient, and collaborative data-sharing environment. Keywords Smart Grid, Cybersecurity, Cyber Attack, FIWARE 1. Introduction In today’s interconnected world, existing systems are asked to fulfil increasing data-sharing requirements. The rapid expansion of data-centric applications underscoring the real value of data [1, 2] also affected smart grids and the energy supply chains. With a specific focus on energy exchange, current data exchange methods exhibit limitations, particularly when multiple stakeholders, including Transmission System Operators (TSOs) and Distribution System Operators (DSOs), need to collaborate and share sensitive information. The evolution introduced by the ‘Common European Dataspaces’ represents a strategic response to these challenges, fostering an environment where data can be exchanged securely and efficiently while respecting privacy and data sovereignty [3, 4]. While the importance of a unified data-sharing ecosystem is evident, the energy sector faces specific privacy and security challenges that need to be addressed. As an example, the integra- tion and exchange of data among energy stakeholders necessitates robust privacy-preserving mechanisms to prevent unauthorized access and to ensure the integrity and confidentiality of the exchanged information. This is crucial for maintaining operational security and trust within ITASEC 2024: The Italian Conference on CyberSecurity ∗ Corresponding author. Envelope-Open luigi.coppolino@uniparthenope.it (L. Coppolino); alessandro.decrecchio@imtlucca.it (A. De Crecchio); roberto.nardone@uniparthenope.it (R. Nardone); alfredo.petruolo001@studenti.uniparthenope.it (A. Petruolo); luigi.romano@uniparthenope.it (L. Romano); federica.uccello@assegnista.uniparthenope.it (F. Uccello) Orcid 0000-0002-2079-8713 (L. Coppolino); 0009-0003-6257-9732 (A. De Crecchio); 0000-0003-4938-9216 (R. Nardone); 0009-0003-2970-5864 (A. Petruolo); 0000-0003-2571-8572 (L. Romano); 0000-0001-9243-7047 (F. Uccello) © 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR ceur-ws.org Workshop ISSN 1613-0073 Proceedings and across the energy supply chain [5]. Hence, prioritizing privacy-preserving data exchange and ensuring data sovereignty are basic requirements guiding this transformation [6]. The remainder of this paper is structured as follows. Section 2 addresses the related work. Section 3 offers a comprehensive overview to clarify the concept of dataspace and to address the ambiguities and uncertainties identified. Section 4 outlines specific European initiatives promoting the advancement of dataspaces, while Section 5 concentrates on efforts pertinent to the development and enhancement of dataspaces supporting the energy supply chain. Section 6 explores a practical case study where the dataspace paradigm has been applied, providing an analysis of security considerations and employing STRIDE methodology to assess communica- tions based on dataspaces. Lastly, Section 7 ends the paper drawing final remarks. 2. Related Work The challenges linked to privacy-preserving and secure data sharing have been subject to multiple research works. Among others, blockchain-based solutions have been proposed in several application domains [7, 8, 9, 10], exploiting the inherent properties of such technology to ensure traceability and integrity. Some others consider security and privacy, mainly using encryption algorithms. The work in [11] proposes a framework for sharing encrypted data in the cloud, addressing concerns about privacy breaches. A different approach is in [12], where two data-sharing algorithms are designed and evaluated in the context of Industrial IoT. Different frameworks with a specific focus on data sharing and standardized data formats have been proposed in different works, as [13, 14, 15, 16]. These frameworks adopt centralized data management, where data are acquired and then processed more than shared. The present research is motivated by the specific need for privacy-preserving data exchange in the energy supply chain, aiming to clarify and tailor the concept of data spaces to this context. Additionally, advanced privacy-preserving techniques suited for the energy sector’s demand are identified and deployed. Furthermore, a detailed case study is presented, applying STRIDE analysis to develop a targeted threat model for data exchange among energy stakeholders. The scope of the model is to demonstrate how dataspaces can enhance data security and privacy in the energy supply chain, aligning with European data strategy goals and fortifying resilience against cyber threats. 3. Data Spaces and Data Sovereignty in Europe To the best of the authors’ understanding, identifying a universally acknowledged definition of “dataspace” appears unfeasible. The GAIA-X initiative provides an initial perspective, describ- ing dataspaces as federated, open infrastructures that facilitate data sharing and sovereignty, based on unified policies, rules, and standards [17]. Similarly, Open DEI defines dataspaces as decentralized infrastructures that ensure trustworthy data sharing and exchange within data ecosystems, adhering to mutually accepted principles [18]. Meanwhile, the European Commis- sion envisions a dataspace as a unified global marketplace for both personal and non-personal data, including sensitive business information, and ensuring robust safeguards while providing businesses with easy access to top-quality industrial data to drive growth and innovation[19]. Clearing Services House TOR TOR App Store Policies Policies NEC NEC Data Marketplace CON CON Data Participants Data Broker Description Certificates Company A Identity Provider (CA) Company B Vocabulary Provider ... Company A Cloud Platform Traditional Inter Data Exchaning Company B Cloud Platform Figure 1: Dataspace-Based Data Exchaning Given these different definitions and the consequent complexity of such a concept, this section aims to offer a concise yet right-to-the-point description of a dataspace, detailing the essential requirements and elucidating the key roles of privacy-preserving mechanisms and data sovereignty in its definition. What a Dataspace Is. A dataspace is an open ecosystem facilitating data sharing and accessibility among different entities. This shift towards dataspaces relies on principles of transparency and trust that govern these ecosystems. Traditional data exchange methods face numerous challenges: a primary concern dataspaces seek to mitigate is the complexities stakeholders experience when establishing legal frameworks for collaboration. Stakeholders across vital sectors, like energy, encounter obstacles in creating contracts and establishing reliable data-sharing policies, hindering broader participation and innovation due to legal complexities. Conventional data exchange lacks full control over post-exchange data, posing risks in scenarios where data governance is crucial, potentially resulting in financial losses. What a Dataspace Requires. To establish a collaborative and open environment for data sharing, developing a trusted ecosystem where each participant is recognized, has assigned roles, and is authorized for dataspace activities, is essential. Techniques ensuring privacy-preserving data exchange, authentication, authorization, and overall security are vital, as highlighted in the European Claim for dataspaces [20]. For this reason, dataspaces are designed to ensure data sovereignty, providing a framework where data owners maintain control over the usage and sharing of their data. This is a key concept in establishing trust and encouraging more entities to participate in data sharing, as it ensures the respect of their data rights and privacy. In a dataspace, ensuring compliance with regulations and ethical standards is vital, alongside an interoperable infrastructure supporting data sharing across diverse systems, achieved through common standards, vocabulary, and protocols. Privacy-Preserving Data Exchange. In the dataspace paradigm, data exchange is enabled through connectors, which can be deployed on-premises or in a cloud environment, primarily using helm charts and Kubernetes clusters, following an architecture ensuring security mech- anisms. As depicted in Figure 1, establishing the data marketplace requires, among others, a Certification Authority (CA) and a shared vocabulary. The former ensures that different stakeholders can be identified and authorized to participate in the marketplace, while the latter enables participants to comprehend a shared language. This common understanding is essential for facilitating machine-to-machine (M2M) communication and simplifying the creation of privacy-preserving policies. From a technical perspective, it is also essential to guarantee the minimum requirements needed for stakeholders’ computing nodes, verify the level of security provided (e.g., Trusted Execution Environment support [21]), and confirm their geographical locations. Stakeholders can publish descriptions of their data offerings on a data broker, while developers can provide applications that utilize this data to create added-value services. All transactions between different connectors are recorded by a clearing house, to ensure the accu- rate processing of payments and data exchanges. Examples of policy enforcement in dataspaces include restrictions on the duration of data usage, the rights to view and utilize data, and the conditions under which data may be shared or processed. For instance, policies might dictate that certain data can only be accessed for a limited time, or specify that data must not be transferred to unauthorized parties. Additionally, policies can enforce data anonymization or de-identification before it is shared to protect privacy. These rules ensure that all data handling within the dataspace adheres to agreed-upon ethical and legal standards, fostering a secure and trusted environment for all participants. 4. The European Initiatives for Data Spaces The evolving data-driven landscape and the need for value-added services drive European efforts to establish Common European data spaces [22]. This section highlights the key stakeholders shaping this shift to a novel paradigm, prioritizing European values and facilitating new criteria for data sharing. 4.1. International Data Space Association The International Data Space Association [23] (IDSA) plays a significant role in the data-sharing revolution. Its mission focuses on ensuring data sovereignty and bridging the gap between industry and research communities to establish data spaces. From a technical point of view, the association has devised the IDSA RAM [24], a reference architecture that delineates the technical and organizational principles for implementing dataspaces. The Reference Model (Figure 2) encompasses three primary aspects: security, certificates, and governance, organized into five layers of granularity: Business, Functional, Information, Process, and System. The Business Layer is devoted to articulating business models and value chains, clarifying the roles and interactions of stakeholders to ensure alignment with business goals. In the Functional Layer, the key capabilities and services necessary for data exchange are delineated, including specific functions such as data sharing and processing that underpin business requirements. The focus of the Information Layer is on organizing data, defining its semantics, and managing its governance to guarantee that data can be exchanged and interpreted across diverse systems. The Process Layer concentrates on the operational aspects, defining the processes and protocols that ensure data is exchanged securely and efficiently, adhering to established policies and standards. Lastly, the System Layer is concerned with the technical foundation, specifying the necessary infrastructure and components, like connectors and networks, that enable the secure exchange of data within the data space. IDSA’s key contribution includes the specification of BUSINESS LAYER Roles Interactions FUNCTIONAL LAYER INFORMATION LAYER DOMAIN TRUST SECURITY MODEL SPEC VOCABULARY DIGITAL RESOURCE DATA ECOSYSTEM INTEROPERABILITY REPRESENTATION APPS MARKET PROCESS LAYER ONBOARDING DATA OFFERING SYSTEM LAYER CONTRACT SERVICE DATA EXCHANING DATA NEGOTIATION ARCHITECTURE DATA APPS Figure 2: IDSA RAM Architecture Specification. Connectors, essential for establishing a dataspace instance. These, detailed in the IDSA RAM, enable multiple parties to create the data-sharing platform. 4.2. FIWARE As data-driven technologies are becoming increasingly integral in today’s digital world [25], the FIWARE foundation plays a crucial role in supporting the development of smart applications and services [26, 27]. FIWARE provides open-source software enabling developers to craft data-centric applications. The building blocks are the Generic Enablers, which offer a range of functionalities to integrate various data sources and services. This enhanced ecosystem of open- source resources is crafted to optimize the development process, simplifying and accelerating the ability of developers to create advanced, data-centric solutions. FIWARE is crucial in the realization of Digital Twins: the core is the Context Broker, a Generic Enabler that orchestrates the management and storage of context information, bridging the physical devices and their digital replicas. The Context Broker acts as a central hub, ensuring consistent, up-to-date context information between various data sources and applications. It synchronizes real-world entities with digital twin models, enabling real-time responsiveness and dynamic updates. FIWARE’s commitment to interoperability and manufacturer-independent solutions is evident in its IoT agents, which translate messages from diverse protocols into a standardized format, facilitating the creation of manufacturer-agnostic solutions within the FIWARE ecosystem. This approach is fundamental in advancing the concept of data spaces, where diverse data sources and systems coalesce in a unified, interoperable environment. Additionally, FIWARE’s contribution extends to the standardization of data models through its Smart Data Models initiative. This effort provides a common vocabulary and a set of standardized data structures, vital for the homogenization of data and the facilitation of interoperable data exchange. These data models offer significant value in the context of data spaces, enabling disparate systems to understand and interpret shared data consistently, and enhancing collaboration and innovation in data-driven environments. 5. The Energy Data Space and the CIM The European Common Data Spaces in the energy sector are crucial for several reasons as illustrated in Table 1. It offers key benefits and enables utilities and governments to develop new services for citizens and uncover new revenue streams. It is a transformative paradigm in the energy sector, uniting stakeholders—energy providers, consumers, grid operators, and regulators—under a shared digital context. This unification is not only about connecting dots but about creating a secure exchange of data that bridges the traditional silos, fostering a seamless flow of information and insights across the energy landscape. Such integration and interoperability are fundamental for the sector’s efficient resource management and distribution, ensuring that energy reaches where it is needed most when it is needed. Within this context, initiatives like Enershare [28] and CyberSEAS [29] emerge in the realization of this vision. Enershare’s objectives are emblematic of the broader ambitions of the European Common Data Spaces. It aims to democratize energy data, making it accessible and actionable for a spectrum of stakeholders. This democratization is not only about data sharing but about creating a platform where this data can be transformed into actionable intelligence, driving decision-making, and innovation across the energy sector. In Particular, Enershare focuses on harnessing the power of shared data to enable more sustainable energy practices, enhance grid efficiency, and foster the development of new business models and services that can contribute to the energy transition. Indeed, the CyberSEAS Project, funded by the EU, targets the crucial objective of securing European data spaces among its strategic objectives. This initiative underscores the importance of robust security measures in the realm of data sharing and exchange. CyberSEAS is dedicated to advancing applications of enabling technologies that are crucial for facilitating privacy- preserving data exchange and sharing among various utility operators. By focusing on these technologies, the project aims to establish a secure framework that ensures data confidentiality and integrity across different entities within the utility sector, enhancing trust and collaboration in European data spaces. The significance of establishing data exchange mechanisms among various operators and stakeholders within the energy supply chain is well acknowledged. This aspect has been addressed in the energy domain through the adoption of standardized schemas for representing assets. This has been made possible by the existence of an industry standard, the IEC 61970 Series, commonly referred to as the Common Information Model (CIM) [34]. The CIM fosters interoperability, enabling seamless integration and communication across different systems and platforms used by utility operators and stakeholders. By adhering to CIM standards, organizations can achieve consistency in data representation, ensuring that critical information about assets, operations, and grid conditions is accurately interpreted and shared among relevant parties. CIM is implemented using RDF (Resource Description Framework). In this context, RDF is used to define the hierarchical structure of CIM classes and their relationships. Each CIM class, such as Substation or VoltageLevel, is represented as a resource identified by a unique Benefit Description Optimized Energy Distribution Enables more efficient management and distribution of energy resources by leveraging data on consumption, production, and grid status [30]. Enhanced Energy Efficiency Facilitates better understanding and management of en- ergy consumption, promoting energy-saving measures and technologies [31]. Monitoring Facilitation Supports the integration and effective monitoring of en- ergy assets within the energy grid [32]. Innovative Services Development Empowers the creation of new, data-driven services for consumers, enhancing user experience and engagement [33]. Table 1 Key Benefits of Data Spaces in the Energy Sector URI (Uniform Resource Identifier). Predicates encapsulate the properties and attributes of CIM classes, while their respective values are embodied as objects. CIM schemas enable Transmission System Operators (TSOs) to readily access real-time information on RES generation output, thereby empowering them to effectively balance supply and demand. Likewise, Distribution System Operators (DSOs) leverage CIM to acquire data on distributed energy resources (DERs), which supports grid planning and operation. Therefore, when developing an energy data space, ensuring services compliant with this schema representation should not be overlooked. To effectively harness the benefits of CIM while mitigating its drawbacks, the solution is the development of dataspace services and data applications that are compliant with CIM standards. 6. A Case Study: Cross-Border Energy Data Sharing This section describes a case study focused on the sharing of energy data, which shows how the strategic alignment of diverse stakeholder requirements can benefit from a more unified and effective power grid management. It demonstrates that substantial benefits derive from advanced data-sharing mechanisms within a well-structured dataspace. This case study comes from the experience with utility operators, within the CyberSEAS project [29], from multiple national stakeholders involving a wide array of end-users, integrating them into the dataspace to enhance collective outcomes. The final objective is to create an environment where stakeholders can exchange vital infrastructure data, thereby enriching the ecosystem’s value and functionality. This approach also played a pivotal role in providing essential protections for the public, mitigating cybersecurity risks that could influence critical services, including billing. The case study allows us to point out the twofold benefit of the proposed approach: augmenting operational efficiency and fulfilling the consumers’ privacy. 6.1. Data Flow Diagram and Threat Model As anticipated in Section 5, to secure the common European energy data space we follow the STRIDE methodology in conjunction with Data Flow Diagrams (DFDs). The initial phase Cust National Stakeholder A ome DSO TSO r Serv Serv Serv SERVER T-T Communication ice P ice P ice P rovid rovid rovid SERVER SERVER er Tru er Tru er Tru ust Bo undary TSOs Tr External Data st st Bo st Source Boun Bo u n unda dary Power dary OT ry Lines TSOs PMUs Services SERVER SERVER T-S Communication CIM Data SCADA IT DSOs Services Customer SERVER D-D Communication Services TSO WNode DSO WNode dary IT st Boun Grid Status s Tru Data DSO SCADA SERVER D-S Communication OT CIM Data C National Stakeholder B A_IoT A_DR LEGEND Customers C-S Communication Meter Software Analysis IoT Data DR Physical Processing Device Devices ry unda Meter Entity dary dary Measurement st Bo Data oun Data oun Device Usage Customer st B Source rs Tru WNode st B Data s Tru Direct s Tru Communication ome DSO Operational Status TSO Cust Data Figure 3: Energy Stakeholders Data Flow Diagram applies the STRIDE threat modelling framework and involves the identification of the system’s boundaries and the construction of the DFD, shown in Figure 3. This diagram identifies different trust boundaries for each participant in the energy dataspace, acknowledging the premise that different entities do not inherently trust one another. The diagram reports the various energy sector stakeholders, such as TSOs and DSOs, abstracting their complex internal communications. In particular, this DFD shows how data related to the power grid’s operational status and the CIM infrastructural descriptions are essential for the operational and strategic management of the grid. These data aspects are crucial for TSOs and DSOs to access real-time information and for supporting grid planning and operational decisions. Another delineated trust boundary pertains to customer premises. Data from meters, IoT devices, and Demand Response assets (DR Devices) can be collected by the utility operator or leveraged to develop new services to enhance power savings, among other objectives. Beyond direct communication with the utility provider, there may also be data exchanges with untrusted parties, such as cloud-based IoT control mechanisms that could be hosted globally. This potential interaction warrants careful consideration within the threat modelling effort. Once we have delineated the entire system, we map the assets identified in the DFD with their corresponding STRIDE threats. This mapping enables us to associate each asset with the specific security threats it may face, providing a comprehensive understanding of the potential risks within the system. As depicted in Table 2, each device within this system is subject to various threats that must be carefully considered. When analyzing the dataspace-facilitated interactions, it is crucial to recognize that privacy-preserving techniques and policy enforcement measures must be specifically tailored to address these threats. For example, strong authentication mechanisms such as multi-factor authentication can be implemented to counteract spoofing. Policy enforcement can be strengthened by using attribute-based access controls (ABAC) to fine- tune who has access to data under what conditions. Furthermore, to protect against information disclosure, data can be encrypted both at rest and in transit, ensuring that sensitive information remains confidential. These measures, when carefully specified and applied, can significantly bolster the security of dataspace interactions. 6.2. Dataspace-based solution While the establishment of dataspace-based communication enables participants to devise their policies for ensuring privacy during data exchanges, it’s important to highlight the intricate complexities involved in this solution. Specifically, the adoption of a common vocabulary has been facilitated through the use of smart data models from FIWARE, particularly those related to the Common Information Model (CIM). This adoption has streamlined the implementation of communication, allowing participants to comprehend a shared language and exchange valuable data effectively for information creation. However, another potential drawback is the reliance on such standardized models, which may not always accommodate the specific needs or nuances of all participating entities. While standardization promotes interoperability and simplifies data sharing, it can also constrain organizations’ flexibility to represent their data in ways that fully capture its unique aspects or proprietary nuances. Additionally, aligning different data models to a common standard can be resource-intensive and require significant transformation or mapping efforts, which could introduce data fidelity concerns. The resulting framework is depicted in Figure 4, where the interactions among different national stakeholders (including TSOs and DSOs) and (potential) service providers through the dataspace are mediated by a set of security policies, well-defined and enforced by the cited technologies and frameworks. It is important to acknowledge that this set of policies has to be dynamically updated and adjusted when it is needed. Figure 4: Dataspace-based solution. Asset Description STRIDE Element TSO/DSO Systems Entities managing the transmission Spoofing, Tampering, and distribution of energy Repudiation SCADA Systems Systems for monitoring and controlling Information Disclo- industrial processes sure, Denial of Ser- vice Operational Technology Hardware and software that monitors Elevation of Privilege, and controls physical devices Tampering Information Technology Systems used for managing and pro- Spoofing, Infor- cessing information mation Disclosure, Denial of Service Smart Meters Devices that measure energy usage and Information Disclo- communicate this information sure, Denial of Ser- vice IoT Devices Devices connected to the internet that Elevation of Privilege, collect and exchange data Information Disclo- sure, Denial of Ser- vice Demand Response Devices Devices that manage energy usage Denial of Service, based on demand signals Tampering Working Nodes (WNode) Nodes responsible for data transmis- Denial of Service, sion within the network Spoofing, Informa- tion Disclosure Common Information Model Standardized models describing electri- Tampering, Informa- (CIM) Data Sources cal components and configurations tion Disclosure, De- nial of Service Grid Status Data Sources Systems providing real-time data on Tampering, Informa- the status of the electrical grid tion Disclosure External Data Sources External systems providing additional Spoofing, Informa- data, like weather services tion Disclosure Concentrators Analysis Analysis of the data collected from Spoofing, Tampering, smart meters Information Disclo- sure IoT Aggregator Analysis Systems that compile and manage data Spoofing, Elevation from multiple IoT devices of Privilege, Informa- tion Disclosure Demand Response Aggregator Systems that manage and coordinate Spoofing, Tampering, Analysis demand response signals and data Denial of Service Table 2 Assets and Corresponding STRIDE Elements in the Energy Dataspace Example of Policy Enforcement Loop for Securing Connectors. A dynamic approach to enforce security policies in dataspace connectors begins with the initialization of the connector using baseline security policies and the importation of an initial STRIDE-based threat model. The enforcement process is structured as a continuous loop that only concludes when the connector is deactivated. Within this loop, the connector first collects real-time data on its interactions. Simultaneously, it integrates both external threat intelligence and insights from internal monitoring logs to comprehensively update the threat model. As the loop continues, for each type of interaction that the connector facilitates, it is important to assess whether the existing security policies adequately mitigate the identified risks. This approach involves strengthening authentication protocols, refining access controls, and bolstering data encryption to counteract the assessed threats. Finally after implementing the necessary adjustments, these updated policies are enforced in real time. This proactive and adaptive approach ensures the connectors are secured against evolving threats throughout their operational life. 7. Summary and Conclusions This paper focuses on the pressing need for methods of exchanging data that preserve privacy and has shed light on the emerging paradigm of dataspaces. These innovative ecosystems allow for the free flow of data among various parties, facilitating the establishment of domain-specific data markets that offer novel solutions for stakeholders in industry, research, and institutions. Among the primary contributions, the work addressed the definition, requirements, and privacy- preserving techniques of the dataspace. Then, the most significant European initiatives focusing on dataspaces utilization and contribution to security were presented. Finally, a real-world case study was shown, to demonstrate the practical applications, the potential benefits, and the challenges associated with the adoption of this paradigm. The present research highlights the significant opportunities offered by data sovereignty in improving data exchange across various sectors. However, realizing its full potential requires a thorough understanding of its operational dynamics and security measures, to ensure stakeholders fully comprehend its benefits. By promoting understanding and facilitating the adoption of this paradigm, steps forward can be made toward secure and efficient data exchange, with a focus on individual and organizational data rights. Acknowledgments This research has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101020560 CyberSEAS. The content of this publication reflects the opinion of its authors and does not, in any way, represent the opinions of the European Union. The European Commission is not responsible for any use that may be made of the information that this publication contains. This work has been also partially funded by the European Union under NextGenerationEU PRIN 2022 Prot. n. 202297YF75 S2: Safe and Secure Industrial Internet of Things. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Commission. Neither the European Union nor the granting authority can be held responsible for them. References [1] C. Acciarini, F. Cappa, P. Boccardelli, R. Oriani, How can organizations leverage big data to innovate their business models? A systematic literature review, Technovation 123 (2023) 102713. [2] S. Bose, S. K. Dey, S. Bhattacharjee, Big data, data analytics and artificial intelligence in accounting: An overview, Handbook of Big Data Research Methods: 0 (2023) 32. [3] B. Otto, A federated infrastructure for european data spaces, Communications of the ACM 65 (2022) 44–45. [4] B. Otto, M. ten Hompel, S. Wrobel, Designing Data Spaces: The Ecosystem Approach to Competitive Advantage, Springer Nature, 2022. [5] M. Huber, S. Wessel, G. Brost, N. Menz, Building trust in data spaces, Designing Data Spaces (2022) 147. [6] P. Hummel, M. Braun, M. Tretter, P. Dabrock, Data sovereignty: A review, Big Data & Society 8 (2021) 2053951720982012. [7] I. Makhdoom, I. Zhou, M. Abolhasan, J. Lipman, W. Ni, Privysharing: A blockchain-based framework for privacy-preserving and secure data sharing in smart cities, Computers & Security 88 (2020) 101653. [8] B. Le Nguyen, E. L. Lydia, M. Elhoseny, I. Pustokhina, D. A. Pustokhin, M. M. Selim, G. N. Nguyen, K. Shankar, Privacy preserving blockchain technique to achieve secure and reliable sharing of iot data, Computers, Materials & Continua 65 (2020) 87–107. [9] F. Buccafurri, V. De Angelis, M. F. Idone, C. Labrini, A protocol for anonymous short communications in social networks and its application to proximity-based services, Online Social Networks and Media 31 (2022) 100221. URL: https://www.sciencedirect.com/science/ article/pii/S2468696422000258. doi:https://doi.org/10.1016/j.osnem.2022.100221 . [10] L. Tan, K. Yu, N. Shi, C. Yang, W. Wei, H. Lu, Towards secure and privacy-preserving data sharing for covid-19 medical records: A blockchain-empowered approach, IEEE Transactions on Network Science and Engineering 9 (2021) 271–281. [11] J. Sun, G. Xu, T. Zhang, H. Xiong, H. Li, R. H. Deng, Share your data carefree: An efficient, scalable and privacy-preserving data sharing service in cloud computing, IEEE Transactions on Cloud Computing 11 (2021) 822–838. [12] X. Zheng, Z. Cai, Privacy-preserved data sharing towards multiple parties in industrial iots, IEEE Journal on Selected Areas in Communications 38 (2020) 968–979. [13] L. Coppolino, S. D’Antonio, R. Nardone, L. Romano, A self-adaptation-based approach to resilience improvement of complex internets of utility systems, Environment Systems and Decisions 43 (2023) 708–720. [14] F. Buccafurri, V. de Angelis, S. Lazzaro, Mqtt-a: A broker-bridging p2p architecture to achieve anonymity in mqtt, IEEE Internet of Things Journal 10 (2023) 15443–15463. doi:10.1109/JIOT.2023.3264019 . [15] L. Coppolino, S. D’Antonio, G. Mazzeo, L. Romano, L. Sgaglione, Prisiem: Enabling privacy- preserving managed security services, Journal of network and computer applications 203 (2022) 103397. [16] L. Coppolino, S. D’Antonio, V. Giuliano, G. Mazzeo, L. Romano, A framework for seveso- compliant cyber-physical security testing in sensitive industrial plants, Computers in Industry 136 (2022) 103589. [17] Gaia-X Hub, White paper: What is a data space?, 2022. URL: https://gaia-x-hub.de/ wp-content/uploads/2022/10/White_Paper_Definition_Dataspace_EN.pdf, accessed: 2024- 02-26. [18] Open DEI, Position paper: Design principles for data spaces, 2022. URL: https://www.opendei.eu/wp-content/uploads/2022/03/ Position-Paper-Design-Principles-for-Data-Spaces.pdf, accessed: 2024-02-26. [19] European Commission, European Data Spaces, Technical Report, Publications Office of the European Union, 2023. URL: https://op.europa.eu/en/publication-detail/-/publication/ dcac6aee-0e7a-11ee-b12e-01aa75ed71a1/language-en, accessed: 2024-02-26. [20] European Commission, Data Spaces, 2024. URL: https://digital-strategy.ec.europa.eu/en/ policies/data-spaces, accessed: 2024-02-26. [21] L. Coppolino, R. Nardone, A. Petruolo, L. Romano, Securing fiware with tee technology, in: New Trends in Intelligent Software Methodologies, Tools and Techniques: Proceedings of the 22nd International Conference on New Trends in Intelligent Software Methodologies, Tools and Techniques (SoMeT_23), volume 371, IOS Press, 2023, p. 149. [22] E. Union, Commission staff working document on common european data spaces, 2020. URL: https://op.europa.eu/en/publication-detail/-/publication/ dcac6aee-0e7a-11ee-b12e-01aa75ed71a1/language-en, retrieved from https://op.eu- ropa.eu/. [23] International Data Spaces, 2024. URL: https://internationaldataspaces.org/. [24] I. D. S. Association, International data spaces reference architecture model (ids-ram) 4.0, 2023. URL: https://github.com/International-Data-Spaces-Association/IDS-RAM_4_0. [25] M. A. Camilleri, The use of data-driven technologies for customer-centric marketing, International Journal of Big Data Management 1 (2020) 50–63. [26] Á. Alonso, A. Pozo, J. M. Cantera, F. De la Vega, J. J. Hierro, Industrial data space architecture implementation using fiware, Sensors 18 (2018) 2226. [27] L. Coppolino, R. Nardone, A. Petruolo, L. Romano, Building cyber-resilient smart grids with digital twins and data spaces, Applied Sciences 13 (2023) 13060. [28] Enershare, Enershare | the energy data space for europe, 2024. URL: https://enershare.eu/. [29] CyberSEAS | Cyber Securing Energy dAta Services, 2024. URL: https://cyberseas.eu/. [30] V. Janev, M. E. Vidal, K. Endris, D. Pujic, Managing knowledge in energy data spaces, in: Companion Proceedings of the Web Conference 2021, 2021, pp. 7–15. [31] E. Curry, S. Hasan, S. O’Riain, Enterprise energy management using a linked dataspace for energy intelligence, in: 2012 Sustainable Internet and ICT for Sustainability (SustainIT), 2012, pp. 1–6. [32] L. Coppolino, R. Nardone, A. Petruolo, L. Romano, A. Souvent, Exploiting digital twin technology for cybersecurity monitoring in smart grids, in: Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023, pp. 1–10. [33] S. Meneguzzo, A. Favenza, V. Gatteschi, C. Schifanella, Integrating a dlt-based data marketplace with idsa for a unified energy dataspace: Towards silo-free energy data exchange within gaia-x, in: 2023 5th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), IEEE, 2023, pp. 1–2. [34] M. Uslar, M. Specht, S. Rohjans, J. Trefke, J. M. González, The Common Information Model CIM: IEC 61968/61970 and 62325-A practical introduction to the CIM, Springer Science & Business Media, 2012.