Abstract
The Smart Grid Architecture Model (SGAM) is widely used for modelling, requirements engineering and gap analysis. In this paper, a formal method for engineering security requirements with SGAM is proposed. Asset security classes, risks and vulnerabilities are modelled formally and a method for deducing security requirements from these entities in the context of an SGAM model is developed. A reference implementation of this method is presented, which allows the automated extraction of security requirements from SGAM models. This set of requirements can serve as an initial starting point for a thorough security analysis. Experience from practical application demonstrates the usefulness of the proposed approach.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bruinenberg J, Colton L, Darmois E, Dorn J, Doyle J, Elloumi O, Englert H, Forbes R, Heiles J, Hermans P, Kuhnert J, Rumph FJ, Uslar M, Wetterwald P (2012) CEN-CENELEC-ETSI smart grid co-ordination group smart grid reference architecture. Technical Report, CEN, CENELEC, ETSI
Dänekas C, Neureiter C, Rohjans S, Uslar M, Engel D (2014) Towards a model-driven-architecture process for smart grid projects. In: Benghozi PJ, Krob D, Lonjon A, Panetto H (eds) Digital enterprise design & management, vol 261 of advances in intelligent systems and computing, pp 47–58. Springer International Publishing
Englert H, Uslar M (2012) Europäisches Architekturmodell für Smart Grids—Methodik und Anwendung der Ergebnisse der Arbeitsgruppe Referenzarchitektur des EU Normungsmandats M/490. In Tagungsband VDE-Kongress 2012, Stuttgart, 2012
European Commission (2011) M/490 Standardization Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment
Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security requirements engineering methods. Requir Eng Spec Issue Secur Requir Eng 15(1):7–40
Hesse W (2014) Ontologie und Weltbezug—vom philosophischen Weltverstaendnis zum Konstrukt der Informatik. Informatik-Spektrum 37(4):298–307
IEC (2007) 62351–1 TS Ed.1: Data and communication security—part 1: introduction and overview
Mattle P, Neureiter C, Kupzog F (2013) Projekt SGMS—INTEGRA Übergang zu netz- und marktgeführtem Betrieb im Smart Grid. In: Proceedings of the fourth workshop on communications for energy systems, Vienna, Austria, Sept 2013, pp 44–52
NERC. NERC CIP-002-5.1 to CIP-011-1 Cyber security, 20012
Neureiter C, Eibl G, Veichtlbauer A, Engel D (2013) Towards a framework for engineering smart-grid-specific privacy requirements. In: Proceedings IEEE IECON, special session on energy informatics, Vienna, Austria, Nov 2013, pp 4803–4808
Smart Grid Coordination Group (2012) Smart grid information security. Technical report, CEN-CENELEC-ETSI
The Smart Grid Interoperability Panel Cyber Security Working Group (2010) NISTIR 7628–guidelines for smart grid cyber security, vol 1–3
Uslar M, Rohjans S, Specht M, Trefke J, Dänekas C, Vazquez JMG, Rosinger C, Bleiker R (2012) Standardization in smart grids: introduction to IT-related methodologies, architectures and standards (power systems). Springer, Berlin
Acknowledgments
The financial support by the Austrian Federal Ministry of Economy, Family and Youth and the Austrian National Foundation for Research, Technology and Development is gratefully acknowledged. Funding by the Austrian Federal Ministry for Transport, Innovation and Technology and the Austrian Research Promotion Agency (FFG) under Project 838793, “INTEGRA”, is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Neureiter, C., Eibl, G., Engel, D. et al. A concept for engineering smart grid security requirements based on SGAM models. Comput Sci Res Dev 31, 65–71 (2016). https://doi.org/10.1007/s00450-014-0288-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00450-014-0288-2