Conference PaperPDF Available

Drafting a Cybersecurity Framework profile for Smart Grids in EU: a goal-based methodology

  • Independent Scholar
  • Autostrade Per L'Italia SpA
Drafting a Cybersecurity Framework profile for
Smart Grids in EU: a goal-based methodology
Tanja Pavleska1, Helder Aranha2, Massimiliano Masi3, and Giovanni Paolo
1Jozef Stefan Institute, Ljubljana, Slovenia
2Independent Scholar, Lisbon, Portugal
3Tiani ”Spirit” GmbH, Vienna, Austria
4Independent Scholar, Rome, Italy
Abstract. As for any other Critical Infrastructure, the design and im-
plementation of a Smart Grid shall satisfy the demand for a strong se-
curity posture, while complying with regulatory requirements and main-
taining an high level of interoperability among heterogeneous compo-
nents. In this paper, we provide a goal-based methodology to ensure the
fulfillment of the relevant security goals at design time. The methodology
enables system architects to devise an adequate set of countermeasures
in view of the selected security goals. In order to obtain a cybersecurity
profile suitable for the protection of Smart Grids and in particular for
Virtual power Plants in Europe, we build upon best practices and ac-
cepted standards, such as the security posture defined by the NIST Cy-
bersecurity Framework and the ISO standards that are widely adopted
by the EU Critical Infrastructure. In addition, we provide some infor-
mative references to demonstrate how they can these frameworks and
standards can be integrated into the proposed methodology.
Keywords: Cybersecurity Framework ·Goal-based ·Profiles ·Smart
Grid Security ·RMIAS
1 Introduction
Critical infrastructures demand high security postures: cyber-physical attacks
targeted at the infrastructures may endanger human safety, disrupt critical
production processes and even affect a country’s economy. Security posture
re[resents the security status of enterprise networks, information and systems
based on information security resources (e.g., people, hardware, software, poli-
cies) and capabilities in place to manage the defense of the enterprise and to
react as the situation changes [1]. The advent of automation and digitization
results in critical infrastructures being increasingly interlinked, dramatically in-
creasing their attack surfaces [2]. Government and regulatory agencies, such as
2 T. Pavleska et al.
the European Union Agency for Cybersecurity (ENISA) and the Department
of Homeland Security (DHS) in the USA provide security guidelines to support
the implementation of high security standards for critical infrastructures. These
guidelines are based on the application of international standards (such as ISO
27001 for IT security, or ISA 62443 for Operational Technology security) profiled
for the specific context of Critical Infrastructures. The European Directive on
security of network and information systems (NIS) [3] and the US Presidential’s
Policy Directive 21 [4] lay down the legal foundations for every infrastructure
owner to adhere to in the respective policy domains. However, defining the proper
security approach for a specific critical infrastructure instance is a complex and
cumbersome task, since it depends on a very specific set of requirements and
risk assessments.
The National Institute of Standards and Technology (NIST) has drafted a
cybersecurity framework (NIST CSF) [5] aimed at harmonising the security pos-
ture of critical infrastructures by defining a set of cybersecurity activities regu-
lated by the international security standards and a methodology to complement
the risk management process, helping organizations in the implementation of a
cybersecurity plan. The framework is broadly used and it can be applied across
many critical sectors. In Italy, it is adopted to define the mandatory requirements
for certain critical infrastructures to operate in the country [6].
The Smart Grid is a complex critical infrastructure employing innovative
products and services together with intelligent monitoring, control, and com-
munication to distribute electric power. It is geographically distributed across
different regions or countries, making the implementation of countermeasures
such as physical security, typically from the ISO 27001 family, a complex task.
This task is even more difficult in the case of Virtual Power Plants (VPPs), where
a swarm of small and medium-scale Distributed Energy Resources (DERs) con-
suming and/or producing electricity are connected through a central control
system called the Virtual Power Plant Operator (VPPOP) [7]. Such an environ-
ment is a complex system characterized by a high level of heterogeneity of the
connected assets and of their owners and by a decentralized governance model,
even in presence of a central VPPOP. Although DER operators vary from local
households to professional operators, each has to maintain high security levels
and adhere to the regulatory requirements. It has already been demonstrated
that it is possible to facilitate this task by implementing a methodology for elic-
iting security countermeasures that can be employed by people with no security
skills [8]. In the World Smart Grid Forum of 2013 security was declared as an
urgent priority [9]. Moreover, the NIST framework, and in particular the NIST
CSF were recognized and proclaimed as the means for protection of the critical
infrastructures, denoting the NIST CSF employment as a guiding principle for
the Smart Grid projects worldwide. In this paper, we rely on the same goal-based
methodology to draft a cybersecurity framework profile tailored to protect VPPs
in the EU Smart Grid. Such a profile can highlight both the relevant counter-
measures and the adequate solutions that the VPP operators can adopt to meet
the required level of security when they connect to the Smart Grid.
Towards a profile for EU Smart Grids 3
Given the highly distributed nature and the diverse set of devices that are
part of the Smart Grid, interoperability comes as a complementary requirement
to be addressed together with cybersecurity. Recognizing this, the US Depart-
ment of Homeland Security and NIST have cooperated to devise a security profile
of the framework adapted to smart grids [10]. The profile references the same
standards of the NIST CSF. However, those standards are not specific to the
Smart Grid and they do not account for the protocol-specific security issues set
by the VPPs. These requirements are addressed by other initiatives unrelated
to the NIST framework, such as ISO 61850 / 60870-5-104 and OpenADR [11].
Creating a CSF profile that would account for all Smart Grid scenarios is thus
extremely difficult, as it must encompass all aspects related to security, from the
power plant situated in the local household (e.g., a photovoltaic panel) to the
more complex Intelligent Energy Devices (IEDs). To facilitate this task, we pro-
pose a methodology which, given a set of pre-selected high level security goals,
allows the drafting of such profiles. This methodology complements the exist-
ing threat-and risk-based approaches to security and profiling (like NIST and
ENISA), with the goal-based Reference Model for Information Assurance and
Security (RMIAS) [12] to enable the attainment of a strong security posture at
design-time. Our contribution is hence twofold: first, we introduce our methodol-
ogy and provide an algorithmic approach to integrate it with the existing models;
then, we employ this method to support the architectural development process
for secure Smart Grids solutions and pave the way towards the definition of a
profile that is readily applicable to the EU Smart Grids.
The paper is organised as follows: In Section 2 we place our work among
the related approaches and point out the significance of our contribution in
relation to the state of the art. In Section 3, we provide the required theoretical
background to understand the cybersecurity framework and its contextualization
to the Smart Grid. Section 4 introduces our methodology, which in Section 5 is
used to draft a profile based on ISO 61850, which is the standard used for SG
in Europe, but is not part of the NIS CSF. In Section 6 we touch upon future
work and conclude.
2 Related work
The NIS Directive aims at ensuring high level of network and information secu-
rity across Europe [3]. As a response to the directive requirements, ENISA, na-
tional governments and National Regulatory Authorities engaged in joint work in
order to achieve harmonized implementation. Three non-binding technical docu-
ments were provided as guidance to the NRAs across EU member states [13–15].
Thus, the presented work is also an effort to bridge the existing technical so-
lutions with the regulatory policies and standardization requirements. In that
sense [16] provide a holistic account of “security requirements profiles” in an or-
ganization by assembling a set of ”modular security safeguards”. However, they
are concerned only with the technical aspects and mainly serve the solution
4 T. Pavleska et al.
The Integrating the Energy Systems [17] and VHPReady [18] initiatives cre-
ated specifications aimed at achieving interoperability among the entities in this
distributed scenario. The ISO standards 61850 and 60870-5-104 have been se-
lected to report measurements and send functional schedules control messages
between the VPP and the DERs. The EU mandated CEN, CENELEC and
ETSI [19] to produce a framework for standards-based establishment and sus-
tainability of Smart Grids. The central result of this tripartite Smart Grid Work
Group is a model of architectural viewpoints encompassing a broad range of
Smart Grid aspects: from the field devices, to functionalities required by software
components, and definition of business requirements. In addition to this Smart
Grid Architectural Model, SGAM [20, 21] the Work Group offers a methodology
for the creation of SG specific solution models [22] enabling the evaluation of
quality and security aspects [23]. It is worth noting that the definition of the
standards does not include security. Both in OpenADR and in ISO 61850, secu-
rity is treated in separate documents [24]. Basic security requirements such as
channel encryption, role-based access control, and key management are handled
referring to ISO 62351 [23].
NIST released a profile for improving Smart Grid security infrastructure [5].
The profile is made considering the high penetration of DERs, following four
common security-related business objectives: safety, power system reliability, re-
silience, and grid modernization. However, considering that it is a profile of the
NIST CSF core, it is essentially a threat-and risk-based approach. Similar in
the objectives to NIST CSF are ENISA technical guidelines on security mea-
sures. Both ENISA and NIST CSF require a running system with a history of
behaviour in order to derive evaluations and recommendations for improving
cybersecurity postures. However, the implementation of Smart Grids after the
EU mandate M/490 requires design interventions and reasoning within the ar-
chitectural model itself, which significantly limits the applicability of the NIST
CSF for this purpose.
There is criticism about security design frameworks deemed to be too focused
on the technical aspects and falling short in detecting and addressing potential
design conflicts [25]. An example of this is a system that should implement
both anonymity and auditability. By joining the goal-based approach included
in our methodology with the threat-view offered by NIST and ENISA, not only
the creation of profiles at design time is allowed, but the issue of contradictory
requirements in technology management is also addressed.
3 Contextual Considerations
Several standards exist for the design and implementation of a Smart Grid [26].
The Smart Grid is composed of actuators and monitoring devices to realise the
modernization of energy transmission, distribution and consumption. Such de-
vices require the secure exchange of messages either over public internet or IoT
networks (e.g. LoRaWAN, Sigfox, or 5G). Interoperability is a crucial aspect
of the Smart Grid scenario. The numerous and diverse hardware and software
Towards a profile for EU Smart Grids 5
versions installed, from the small household’s photovoltaic panels to the power
plants, require a strong architectural approach that joins all the required view-
points and desired capabilities into a single operating solution that is reliable
and secure. This is particularly true for the orchestration of the power supplied
by the distributed energy resources, where the USA and Europe follow different
approaches. While in the USA the standards produced by the OpenADR al-
liance are mainly used, in Europe ISO 61850 and 60870-5-104 are the prominent
ones [17, 20]. In the VPP it is required to have reliable energy measurements
from the DERs to be used as time series where the operator can simulate and
predict the necessary amount of power that the energy market will require in
a way that is efficient yet profitable. In turn, the VPP sends control messages,
named functional schedules, (FSCH) to DERs, to initiate the energy production.
To support the security capability of such architectures, both the NIST and
the ENISA defined guidelines for improving their Cybersecurity: the CSF, under
the mandate of the Cybersecurity Enhancement Act of 2014 as a technology-
neutral framework guides critical infrastructure operators and owners in their
cybersecurity activities, by considering the cybersecurity risks as part of the risk
evaluation process. The ENISA guidelines, on the other hand sublime an exten-
sive list of national and international EU electronic communications standards
into a set of security objectives divided by domain [13].
The CSF is divided into three parts: i) the Core, a set of cybersecurity activ-
ities, outcome and informative references to best practices and standards that
are common across Critical Infrastructures, ii) the Tiers, a methodology for an
organisation to view risks and the process used to manage the risk, and iii) the
profiles, i.e., the outcome based on business needs that an organisation has se-
lected from the core. The Core itself is aimed to fulfill five functions: Identify,
Protect, Detect, Respond, and Recover. To do that, it further identifies 23 Cat-
egories divided into 108 Subcategories for each function. The ENISA guidelines
outline 25 security objectives, each analyzed through various security measures
and supported by evidence testifying that an objective was met. The security
measures are grouped in 3 sophistication levels, whereas the security objectives
are divided in 7 domains of application.
Both NIST and ENISA follow a threat/risk based approach, requiring an
implemented system with history of behaviours that would allow to devise the
set of necessary countermeasures (e.g., the NIST gap analysis). In contrast, our
methodology allows security reasoning in abstract architectural models, hence
not requiring (but also not ruling out) any operational system in place We employ
it for the VPP use case, where the need to have security over the DER-VPP
communication is established. To do this, RMIAS, NIST CSF and ISO 62351
(as it will emerge during the application of the methodology) are put together
into play to provide a cybersecurity framework profile for the EU Smart Grid.
The detailed methodological approach of how this is realized, as well as the
structural definition of the methodology itself are provided in Section 5.
6 T. Pavleska et al.
4 Methodology
In this section, a methodology is proposed that complements the threat-based
approaches outlined previously and is adjusted to the Smart Grid context. Then,
the architectural considerations of the methodology are addressed and a proce-
dure is established through which the enterprise architect is enabled to perform
security reasoning at system design time, in close collaboration with security
and business experts.
4.1 Security Considerations
The NIST CSF requires a live system and the history of its behavior to derive
a specific threat model by which a risk assessment is made (as specified by the
implementation tiers [5, Section 2.2]). Instead, the proposed methodology guides
the profiling, i.e. the selection of relevant countermeasures, without being limited
to NIST core or ENISA guidelines only. The result of its application is a CSF
profile created upon the goals set at design time. It is important to note that for
any architectural change, the re-applying of the methodology creates another
profile or target, which in turn enables keeping track of the security posture
evolution (going from current, to target).
At the basis of the methodology stands the Reference Model for Informa-
tion Assurance and Security (RMIAS), which provides a general methodological
cycle considering the full lifecycle of the Information System, from inception to
operation, monitoring and retirement. It integrates the identification of assets
to protect, their categorization into a security taxonomy, the prioritization of
security goals to be achieved in relation to the assets, the selection of counter-
measures in view of the security goals and monitoring the effectiveness of the
applied measures over time. Being a goal-based approach, RMIAS has been suc-
cessfully combined with threat-based approaches as described in [27]. Figure 1
depicts the application of RMIAS to a Smart Grid system, which is represented
in the core diagram with all its assets: Network, Hardware, People, Information,
RMIAS is composed of the following security aspects (i.e. dimensions) to pro-
vide a goal-based view: Security Development Life Cycle (SDLC, represented in
green), Information Classification (which corresponds to the RMIAS taxonomy),
Security Goals (in orange) and Countermeasures (in blue). As such:
The SDLC illustrates how security is built up along the Information System
life cycle;
Information Taxonomy characterizes the nature of information being pro-
Security Goals contain a broadly applicable list of eight security goals: Confi-
dentiality; Integrity; Availability; Accountability; Authentication; Trust Es-
tablishment; Non-repudiation; Privacy and Auditability.
Countermeasures categorize the countermeasures available for asset protec-
Towards a profile for EU Smart Grids 7
Fig. 1. Relation of the methodology to the overall Smart Grid system
It is assumed that the organization already has an SDLC established —
RMIAS only builds on it. We harmonise the set of countermeasures provided
by NIST and ENISA by exploiting the inner relationships between NIST sub-
categories and ENISA guidelines to Security Objectives (see Figure 3, where
ENISA guidelines are mapped to the CSF according to the profiling NIST tool
shown therein). To address the threats and vulnerabilities of the system, the
goal-based model is complemented by a threat-view which is represented by the
purple blocks in Figure 1.
4.2 Architectural considerations
The methodology expresses security as an architectural concern to be addressed
when designing Smart Grids. For efficiency reasons, it assumes a joint work be-
tween the business representatives (experts on what to protect), security experts
(who know how to protect) and the solution architect (Smart Grid technical
expert), orchestrated by the latter. As represented in Figure 2, SGAM interop-
erability layers (themselves architecture viewpoints [23]) are the departing point
of a series of methodological steps intended to produce a subset of coherent, syn-
ergistic countermeasures that fulfill the security goals considered for the assets
to protect. Starting from the bottom up (e.g., from the field devices up to the
business concerns) the information assets are identified and evaluated in Step 1.
This is done for all stages in assets’ lifecycle, as captured by Step 2. An asset
can be in different categories, depending on the specific SDLC stage in Step 3
(e.g., it can become public after an initial classification). The information assets,
their category, and the Business Objectives from NIST CSF are an input to the
Risk Analysis in Step 4, and asset categories are then prioritized according to
risk in Step 5. Security Goals that mitigate said risks are then selected for the
8 T. Pavleska et al.
Fig. 2. Instantiating the methodology with SGAM architecture model and NIST Cy-
bersecurity Framework for SmartGrids
corresponding categories in Step 6. In Step 7 the countermeasures are chosen,
either from the available guidelines (e.g., the NIST CSF core or ENISA guide-
lines) or from external requirements. Finally, in Step 8, the countermeasures are
integrated into a CSF profile.
Algorithm 1 outlines the exact procedure from the described above: starting
with a superset of countermeasures from which we want to create a profile, we
loop over SGAM layers and the stages of the SDLC. In line 4 the taxonomy (cat-
egory) of the assets is defined as an RMIAS tuple <form, state, location,
sensitivity>. Then, in line 5, we perform risk analysis following the guidance
of the Implementation Tiers of NIST CSF, for each information object defined
in the taxonomy, after which the countermeasures are selected from the counter-
measures set. This allows for a rigorous and repeatable process that the architect
can reuse until he considers the definition of the profile satisfactory. Notably, it-
erating over all SGAM layers is important: security concerns may emerge at any
level of scale [28].
When choosing the set of adequate countermeasures, some adjustments should
be performed between the NIST CSF and the ENISA guidelines in order to en-
able seamless employment of both frameworks. This adjustment is depicted in
Figure 3. The upper left corner shows the NIST profiling tool based on which
the mapping between the ENISA objectives (presented centrally in the figure)
and the NIST categories is performed. The upper right corner shows a visual
guidance of how the mapping should be read when switching between the ENISA
objectives and the NIST profiling categories. Thus, the seven domains from the
Towards a profile for EU Smart Grids 9
Algorithm 1: The goal based methodology
Result: A CSF profile
1Profiling the countermeasure set (as, e.g., in Figure 2);
2foreach SGAM Layer do
3foreach stage of the System Development Life Cycle do
4— Define a taxonomy of the assets, as <form, state, location,
5— Perform risk analysis using a CSF Implementation Tier to
determine the security goals relevant for the taxonomy objects;
6— Select the security countermeasures for the obtained goals from the
countermeasure set.
ENISA guidelines (D1-D7), together with their 25 objectives are mapped as
Business objectives: No domain is mapped to this category
Cybersecurity requirements: D1 (SO1 – SO4), D3 (SO9 – SO12)
Technical environment: D5 (SO16 – SO18), D7 (SO21 – SO25)
Operating methodologies: D2 (SO5 – SO8), D4 (SO13 – SO15), D6 (SO19 –
From this, it becomes evident that the 25 ENISA objectives can be fully mapped
to the NIST CSF, but not vice versa, as the Business objectives are not accounted
for by the ENISA guidelines. This implies that during the contextualisation of
its security objectives, some security measures may be rendered inadequate. Our
methodology helps alleviate this issue by enabling the adjustment of the security
objectives to a viable outcome right from the solution design. As a result, it:
Drastically diminishes the amount of analysis necessary to select the appli-
cable NIST subcategories for [asset category-security goal] tuples, resulting
from the risk assessment when selecting the appropriate countermeasures
(notably, each NIST objective prescribes dozens of subcategories, each of
which may be applicable to several business goals); and
Helps identify missing or conflicting security requirements and countermea-
sures obtained from the threat-based approaches. This is also highlighted in
the following section.
To provide a more general account of the methodology, the example provided
in the next section is using the NIST CSF for Smart Grid profile to show the
applicability of the proposed methodology.
5 Application Example
To show the applicability of the proposed methodology and to provide a proof of
its viability potential, this section provides an example of how it can be applied
10 T. Pavleska et al.
Fig. 3. Adjusting (profiling) ENISA to the NIST CSF to be integrated into the method-
to the NIST Cybersecurity framework for Smart Grids, using an SGAM-based
model to the VPPOP scenario. The example consists of a preparatory stage
and a main procedure and follows the methodology presented in the previous
section. First, the following preparatory steps are performed for the pre-selection
of subcategories from [10] when designing cost-effective countermeasures for risk
An SDLC is selected consisting of the following stages: 1. Security require-
ments engineering, 2. Security Design, 3. Security countermeasures imple-
mentation, 4. Security Management and monitoring and 5. Secure retirement
of an information system.
A set of Business Objectives from the NIST CSF for Smart Grids is created,
containing the following objectives: Maintain Safety, Maintain Power Sys-
tem Reliability, Maintain Power System Resilience and Support Grid Mod-
A system architecture based on SGAM is available (thus including also the
referenced standards)
We start applying the procedure shown in Figure 2. For each SGAM layer,
we define a taxonomy entry for each information asset [29]. (Steps 1, 2, and 3).
Towards a profile for EU Smart Grids 11
In the VPPOP scenario, control messages (the ”FSCH”) may have the following
<form:electronic, state:transmission, location:restricted,
sensitivity:top secret>
Clearly, the definition comes from the fact that Smart Grid control messages rep-
resents the most sensitive assets to be protected, since they may hinder safety if
compromised. Since the location is ”restricted” and the sensitivity ”top secret”,
two natural goals emerge after using, e.g., a Tier 3 Repeatable risk analysis: CON-
FIDENTIALITY and ACCOUNTABILITY, with high priority (Steps 4, 5 and
6). In order to implement the security countermeasures for those two additional
goals, the architect needs to choose specific security countermeasures. In [23,22]
the message implementing the FSCH follows ISO 61850. This results in the intro-
duction of the ISO 62351 countermeasures in Step 7, as required by the SGAM
Security group [23]. The introduction of this latter standard also enhances the
available informative references for the basic NIST CSF core. For example, ISO
62351 introduces authorization through Role Based Access Control that could
be used as a reference for PR.AC-4 ”Access Permissions and authorizations are
managed, incorporating the principles of least privilege and separation of du-
ties”, while the TLS is PR.DS-2 “Data-in-transit is protected”. The need for
network segregation is already defined by PR.AC-5 “Network integrity is pro-
tected” and referenced to ISA 62443. However, although the PR.PT-1 “Audit
logs are determined, documented, implemented, and reviewed in accordance with
policy” could potentially fulfill the ACCOUNTABILITY requirement, the infor-
mative references do not define any syntax or semantics for them. In order to be
able to perform forensic analysis or continuous monitoring, it is of paramount
importance for the requirement to have harmonised audit trail entries among
a multitude of DERs, from different vendors with different software versions.
This countermeasure is lacking both from the ISO 62351, OpenADR, and the
cybersecurity framework.
After all the cycles over the layers and the asset’s SDLC, we obtain a tailored
CSF profile for an architectural model of Smart Grid which operates in the EU,
with a rigorous and repeatable process using as informative references all the
relevant EU standards.
6 Conclusions
The design and implementation of Smart Grids systems and subsystems must
adhere to high standards and regulatory requirements, while satisfying the de-
mand for strong security posture and interoperability. This paper proposed a
methodology that joins a goal-based approach with a threat-view on cyberse-
curity for Smart Grids. The methodology enables the devising of an adequate
set of countermeasures in view of a pre-selected number of security goals. The
work relies on standardized solutions to facilitate the task of creating cyberse-
curity profiles compatible with the existing practices. It assists the architects of
12 T. Pavleska et al.
Smart Grid solutions in fulfilling the requirement to account for desired security
goals at design time. Since the methodology relies on standardized solutions and
combines several formal models to attain its goal, as part of our future work we
will focus on its formalization and piloting in a real-world setting. Moreover, to
provide a full assistance to the architects, we will provide the tools necessary for
model and quality-attributes checking.
Although critical infrastructures have similar business objectives, Smart Grid
has a peculiarity in that the DERs may span different technological and legal
domains, they can even reside in different countries, exposing a complex attack
surface. A similar domain (also listed in the NIS directive’s critical infrastruc-
tures) is the domain of Cooperative Intelligent Transport Systems. Similarly to
the Smart Grid, those system communicate with stations that are geographi-
cally distributed. The type of information shared can be the results of a mixed
IT/OT/IoT computation, yet result in another complex attack surface. In such
settings, the implementation of concepts like defense-in-depth requires rigorous
and repeatable approaches. For this reason we aim at enhancing the proposed
methodology to cover those complex aspects as well.
1. NIST Computer Security Resource Center. Definition of Security Posture, 2020
(accessed July 10, 2020).
2. Europol. Attacks On Critical Infrastructures, 2020 (accessed July 10, 2020). https:
3. The European Parliament and the Council of European Union. Directive (EU)
2016/1148 of the European Parliament And of the Council of 6 July 2016 con-
cerning measures for a high common level of security of network and information
systems across the Union, 2016.
4. The White House. Presidential Policy Directive – Critical Infras-
tructure Security and Resilience, 2013 (accessed July 10, 2020).
presidential-policy-directive-critical- infrastructure-security-and-resil.
5. NIST. Framework for Improving Critical Infrastructure Cybersecurity, 2018.
6. Presidency of the Council of Ministers. The Italian Cybersecurity Action Plan, 2017
(access July 10, 2020).
wp-content/uploads/2019/05/Italian-cybersecurity-action- plan-2017.
7. Despina Koraki and Kai Strunz. Wind and solar power integration in electricity
markets and distribution networks through service-centric virtual power plants.
IEEE Transactions on Power Systems, 33(1):473–485, 2018.
8. Helder Aranha, Massimiliano Masi, Tanja Pavleska, and Giovanni Paolo Sellitto.
Enabling security-by-design in smart grids: An architecture-based approach. In
15th European Dependable Computing Conference, EDCC 2019, Naples, Italy,
September 17-20, 2019, pages 177–179. IEEE, 2019.
9. IEC International Electrotechnical Commission, SGCC State Grid Corporation of
China (CN), VDE Association for Electrical, Electronic & Information Technolo-
gies (DE). World Smart Grid Forum. Technical report, IEC, 2013.
Towards a profile for EU Smart Grids 13
10. Jeffrey Marron, Avi Gopstein, Nadya Bartol, and Valery Feldman. NIST Technical
Note 2051: Cybersecurity Framework Smart Grid Profile, 2019.
11. The OpenADR Alliance. OpenADR, 2020 (accessed July 10, 2020). https://www.
12. Yulia Cherdantseva, Jeremy Hilton, Omer F. Rana, and Wendy Ivins. A mul-
tifaceted evaluation of the reference model of information assurance & security.
Comput. Secur., 63:45–66, 2016.
13. ENISA. Technical Guideline on Security Measures. Technical guidance on the
security measures in Article 13a, 2014.
14. ENISA. Guideline on Threats and Assets. Technical guidance on threats and assets
in Article 13a, 2015.
15. ENISA. Technical Guideline on Incident Reporting. Technical guidance on incident
reporting in Article 13a, 2014.
16. Albin Zuccato. Holistic security management framework applied in electronic com-
merce. Comput. Secur., 26(3):256–265, 2007.
17. Marion Gottschalk, Gerald Franzl, Matthias Frohner, Richard Pasteka, and Math-
ias Uslar. From integration profiles to interoperability testing for smart energy
systems at connectathon energy. Energies, 11:3375, 12 2018.
18. VHPReady. The Communication Standard for Smart Grids, 2020 (accessed July
10, 2020).
19. The European Commission. Mandate M/490, 2013 (accessed July 10,
20. Marion Gottschalk, Mathias Uslar, and Christina Delfs. The Smart Grid Archi-
tecture Model – SGAM, pages 41–61. Springer, 01 2017.
21. CEN-CENELEC-ETSI. CEN-CENELEC-ETSI Smart Grid Coordination Group
Smart Grid Reference Architecture, 2012.
22. Christian Neureiter, G¨unther Eibl, Dominik Engel, Stefanie Schlegel, and Mathias
Uslar. A concept for engineering smart grid security requirements based on sgam
models. Comput. Sci., 31(1–2):65–71, May 2016.
23. CEN-CENELEC-ETSI. CCEN-CENELEC-ETSI Smart Grid Coordination Group
Smart Grid Information Security, 2012.
24. Ahmed Elgargouri, Reino Virrankoski, and Mohammed Elmusrati. IEC 61850
based smart grid security. Proceedings of the IEEE International Conference on
Industrial Technology, 2015, 03 2015.
25. Rebecca Mercuri. Uncommon criteria. Commun. ACM, 45:172, 01 2002.
26. Eric D. Knapp and Joel Thomas Langill. Industrial Network Security: Securing
Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial
Control Systems. Syngress Publishing, 2nd edition, 2014.
27. Tanja Pavleska, Helder Aranha, Massimiliano Masi, Eric Grandry, and Gio-
vanni Paolo Sellitto. Cybersecurity evaluation of enterprise architectures: The
e-SENS case. In PoEM 2019, Luxembourg, November 27-29, 2019, Proceedings,
volume 369 of Lecture Notes in Business Information Processing, pages 226–241.
Springer, 2019.
28. Gridwise Architectural Council. Smart Grid Interoperability Maturity Model.,
29. Helder Aranha, Massimiliano Masi, Tanja Pavleska, and Giovanni Paolo Sellitto.
Securing mobile e-health environments by design: A holistic architectural approach.
In 2019 International Conference on Wireless and Mobile Computing, Networking
and Communications, WiMob 2019, Barcelona, Spain, October 21-23, 2019, pages
1–6. IEEE, 2019.
ResearchGate has not been able to resolve any citations for this publication.
Conference Paper
Full-text available
Energy Distribution Grids are considered critical infrastructure and over time, the Distribution System Operators (DSOs) have developed sophisticated engineering practices to improve their resilience in case of attacks or faults. Over the last years, due to the so called "Smart Grid" evolution, this infrastructure has become a distributed system where prosumers (consumers who produce and share surplus energy through the grid) can plug-in distributed energy resources (DERs) and manage a bi-directional flow of data and power enabled by advanced information, communication and control infrastructure. This new scenario introduces new challenges as well, as the prosumers possess neither the skills nor the knowledge to assess the risk or secure the environment from cyber threats. By employing and adjusting the Reference Model of Information Assurance & Security (RMIAS), our proposal is aimed at supporting the prosumers in a stop-a-gap approach to cybersecurity, reducing their risk of being directly targeted and establishing their collective responsibility as grid's gatekeepers.The framework moves from security goals (envisaged by the DSOs and easily adopted by the prosumers) and guides the users towards the adoption of adequate security countermeasures, without being constrained to a specific threat model.
Conference Paper
Full-text available
Employing wireless devices, like sensors and remote controllers, in medical workflows has become the norm in healthcare treatments, substantially increasing the quality of patient care. Medical data gathered and processed by the hardware and software components continuously traverses the existing IT infrastructures ranging from hospital datacenters to regional healthcare information exchanges. Recent regulations classify such IT infrastructures as critical, mandating precise and specific security requirements. The provision of security is thus not only a technical, but a legal requirement as well. Any vulnerability in a medical device may endanger the patients' privacy, and even their lives. The availability of security expertise, however, cannot be assumed as guaranteed throughout the whole life cycle of the medical devices, mainly due to the scarcity of security experts, among other things. We propose a holistic approach that addresses the challenge of scarce security expertise during the operational phases and is specially devised for mobile medical devices interconnected through healthcare IT infrastructures. Moreover, the model tackles security issues at design time, providing solution archi-tectures that incorporate the security concerns. It combines well-established methodologies and reference models: the former used in the field of Industrial Internet of Things (IIoT) to build robust architectures, and the later employed to guarantee information assurance and security.
Full-text available
The project Integrating the Energy System (IES) Austria recognises interoperability as key enabler for the deployment of smart energy systems. Interoperability is covered in the Strategic Energy Technology Plan (SET-Plan) activity A4-IA0-5 and provides an added value because it enables new business options for most stakeholders. The communication of smart energy components and systems shall be interoperable to enable smooth data exchange, and thereby, the on demand integration of heterogeneous systems, components and services. The approach developed and proposed by IES, adopts the holistic methodology from the consortium Integrating the Healthcare Enterprise (IHE), established by information technology (IT) vendors in the health sector and standardised in the draft technical report ISO DTR 28380-1, to foster interoperable smart energy systems. The paper outlines the adopted IES workflow in detail and reports on lesson learnt when trial Integration Profiles based on IEC 61850 were tested at the first Connectathon Energy instalment, organised in conjunction with the IHE Connectathon Europe 2018. The IES methodology is found perfectly applicable for smart energy systems and successfully enables peer-to-peer interoperability testing among vendors. The public specification of required Integration Profiles, to be tested at subsequent Connectathon Energy events, is encouraged.
Conference Paper
Full-text available
This paper discusses mainly the requirements of enhanced IEC 61850 security parameters for smart grid. Since IEC 61850 has been specified in 2003, smart grid was developed rapidly. This modern grid requires reliable, flexible, efficient and secured communication standards. Recent researches confirm that IEC 61850 meets the first three requirements, yet its security is still an issue due to certain factors, such as threats from the internet because of the mapping to TCP/IP stack and the duration of handshake process. First section of the research states a literature of IEC 61850 and its performance in smart grid. Second section outlines an overview of IEC61850 security issues as well as the current smart grid security requirements. Third section outlines possible solutions to increase IEC 61850's security in order to meet these requirements based on laboratory tests and results. fourth section handles a discussion of the innovated security standard IEC 62351 that will be the future solution for IEC 61850 security issues.
Full-text available
The Smart Grid Architecture Model (SGAM) is widely used for modelling, requirements engineering and gap analysis. In this paper, a formal method for engineering security requirements with SGAM is proposed. Asset security classes, risks and vulnerabilities are modelled formally and a method for deducing security requirements from these entities in the context of an SGAM model is developed. A reference implementation of this method is presented, which allows the automated extraction of security requirements from SGAM models. This set of requirements can serve as an initial starting point for a thorough security analysis. Experience from practical application demonstrates the usefulness of the proposed approach.
A virtual power plant (VPP) is formulated and developed as a service-centric aggregator that enables the market integration of distributed energy resources and simultaneously supports co-operation with the distribution system operator (DSO) in addressing the issue of network usage. A suitable schedule of interactions and communications between aggregators, market operators, system operators, generators, and consumers, regarding electricity market participation and network operation is proposed and presented in a sequence diagram. The cooperation on congestion management in the distribution network is highlighted as solution to relieve network constraints via the optimal adjustment of active and reactive power of VPP resources while maximizing renewable energy integration across the pool under management. The VPP reduces uncertainty affiliated with input data by employing the latest forecasts through a rolling horizon approach in the planning stage. Thanks to the flexibility of the VPP to perform rescheduling in accordance with agreements it negotiated with its resources, it becomes possible to refrain from undesirable curtailments. Both the marketintegrative and the service-centric roles of the VPP are verified through modeling and simulation with a benchmark European distribution network. The results confirm the added value of the proposed VPP in enhancing the integration of wind and solar power.
Within this chapter, the development and the application of architecture models are introduced on the basis of the Smart Grid Architecture Model (SGAM). First, a definition and the purpose of this architecture model are described. Secondly, the connections to the Use Case Methodology and the IHE profiles are shown. Additionally, the use case example from Sect. 2. 3 is demonstrated in the SGAM. Finally, the current status in AAL for an own Use Case Template and architecture model is discussed.
As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems-energy production, water, gas, and other vital systems-becomes more important, and heavily mandated. Industrial Network Security, Second Edition arms you with the knowledge you need to understand the vulnerabilities of these distributed supervisory and control systems.
The evaluation of a conceptual model, which is an outcome of a qualitative research, is an arduous task due to the lack of a rigorous basis for evaluation. Overcoming this challenge, the paper at hand presents a detailed example of a multifaceted evaluation of a Reference Model of Information Assurance & Security (RMIAS), which summarises the knowledge acquired by the Information Assurance & Security community to date in one all-encompassing model. A combination of analytical and empirical evaluation methods is exploited to evaluate the RMIAS in a sustained way overcoming the limitations of separate methods. The RMIAS is analytically evaluated regarding the quality criteria of conceptual models and compared with existing models. Twenty-six semi-structured interviews with IAS experts are conducted to test the merit of the RMIAS. Three workshops and a case study are carried out to verify the practical value of the model. The paper discusses the evaluation methodology and evaluation results.