A concept for engineering smart grid security requirements based on SGAM models

  • Christian Neureiter
  • Günther Eibl
  • Dominik Engel
  • Stefanie Schlegel
  • Mathias Uslar
Special Issue Paper


The Smart Grid Architecture Model (SGAM) is widely used for modelling, requirements engineering and gap analysis. In this paper, a formal method for engineering security requirements with SGAM is proposed. Asset security classes, risks and vulnerabilities are modelled formally and a method for deducing security requirements from these entities in the context of an SGAM model is developed. A reference implementation of this method is presented, which allows the automated extraction of security requirements from SGAM models. This set of requirements can serve as an initial starting point for a thorough security analysis. Experience from practical application demonstrates the usefulness of the proposed approach.


SGAM Security Requirements engineering Patterns Risk assessment 



The financial support by the Austrian Federal Ministry of Economy, Family and Youth and the Austrian National Foundation for Research, Technology and Development is gratefully acknowledged. Funding by the Austrian Federal Ministry for Transport, Innovation and Technology and the Austrian Research Promotion Agency (FFG) under Project 838793, “INTEGRA”, is gratefully acknowledged.


  1. 1.
    Bruinenberg J, Colton L, Darmois E, Dorn J, Doyle J, Elloumi O, Englert H, Forbes R, Heiles J, Hermans P, Kuhnert J, Rumph FJ, Uslar M, Wetterwald P (2012) CEN-CENELEC-ETSI smart grid co-ordination group smart grid reference architecture. Technical Report, CEN, CENELEC, ETSIGoogle Scholar
  2. 2.
    Dänekas C, Neureiter C, Rohjans S, Uslar M, Engel D (2014) Towards a model-driven-architecture process for smart grid projects. In: Benghozi PJ, Krob D, Lonjon A, Panetto H (eds) Digital enterprise design & management, vol 261 of advances in intelligent systems and computing, pp 47–58. Springer International PublishingGoogle Scholar
  3. 3.
    Englert H, Uslar M (2012) Europäisches Architekturmodell für Smart Grids—Methodik und Anwendung der Ergebnisse der Arbeitsgruppe Referenzarchitektur des EU Normungsmandats M/490. In Tagungsband VDE-Kongress 2012, Stuttgart, 2012Google Scholar
  4. 4.
    European Commission (2011) M/490 Standardization Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deploymentGoogle Scholar
  5. 5.
    Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security requirements engineering methods. Requir Eng Spec Issue Secur Requir Eng 15(1):7–40Google Scholar
  6. 6.
    Hesse W (2014) Ontologie und Weltbezug—vom philosophischen Weltverstaendnis zum Konstrukt der Informatik. Informatik-Spektrum 37(4):298–307Google Scholar
  7. 7.
    IEC (2007) 62351–1 TS Ed.1: Data and communication security—part 1: introduction and overviewGoogle Scholar
  8. 8.
    Mattle P, Neureiter C, Kupzog F (2013) Projekt SGMS—INTEGRA Übergang zu netz- und marktgeführtem Betrieb im Smart Grid. In: Proceedings of the fourth workshop on communications for energy systems, Vienna, Austria, Sept 2013, pp 44–52Google Scholar
  9. 9.
    NERC. NERC CIP-002-5.1 to CIP-011-1 Cyber security, 20012Google Scholar
  10. 10.
    Neureiter C, Eibl G, Veichtlbauer A, Engel D (2013) Towards a framework for engineering smart-grid-specific privacy requirements. In: Proceedings IEEE IECON, special session on energy informatics, Vienna, Austria, Nov 2013, pp 4803–4808Google Scholar
  11. 11.
    Smart Grid Coordination Group (2012) Smart grid information security. Technical report, CEN-CENELEC-ETSIGoogle Scholar
  12. 12.
    The Smart Grid Interoperability Panel Cyber Security Working Group (2010) NISTIR 7628–guidelines for smart grid cyber security, vol 1–3Google Scholar
  13. 13.
    Uslar M, Rohjans S, Specht M, Trefke J, Dänekas C, Vazquez JMG, Rosinger C, Bleiker R (2012) Standardization in smart grids: introduction to IT-related methodologies, architectures and standards (power systems). Springer, BerlinGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Christian Neureiter
    • 1
  • Günther Eibl
    • 1
  • Dominik Engel
    • 1
  • Stefanie Schlegel
    • 2
  • Mathias Uslar
    • 2
  1. 1.Josef Ressel Center for User-Centric Smart Grid Privacy, Security and ControlSalzburg University of Applied SciencesSalzburgAustria
  2. 2.OFFIS – Institute for Information TechnologyOldenburgGermany

Personalised recommendations