A concept for engineering smart grid security requirements based on SGAM models


The Smart Grid Architecture Model (SGAM) is widely used for modelling, requirements engineering and gap analysis. In this paper, a formal method for engineering security requirements with SGAM is proposed. Asset security classes, risks and vulnerabilities are modelled formally and a method for deducing security requirements from these entities in the context of an SGAM model is developed. A reference implementation of this method is presented, which allows the automated extraction of security requirements from SGAM models. This set of requirements can serve as an initial starting point for a thorough security analysis. Experience from practical application demonstrates the usefulness of the proposed approach.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5


  1. 1.

    Bruinenberg J, Colton L, Darmois E, Dorn J, Doyle J, Elloumi O, Englert H, Forbes R, Heiles J, Hermans P, Kuhnert J, Rumph FJ, Uslar M, Wetterwald P (2012) CEN-CENELEC-ETSI smart grid co-ordination group smart grid reference architecture. Technical Report, CEN, CENELEC, ETSI

  2. 2.

    Dänekas C, Neureiter C, Rohjans S, Uslar M, Engel D (2014) Towards a model-driven-architecture process for smart grid projects. In: Benghozi PJ, Krob D, Lonjon A, Panetto H (eds) Digital enterprise design & management, vol 261 of advances in intelligent systems and computing, pp 47–58. Springer International Publishing

  3. 3.

    Englert H, Uslar M (2012) Europäisches Architekturmodell für Smart Grids—Methodik und Anwendung der Ergebnisse der Arbeitsgruppe Referenzarchitektur des EU Normungsmandats M/490. In Tagungsband VDE-Kongress 2012, Stuttgart, 2012

  4. 4.

    European Commission (2011) M/490 Standardization Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment

  5. 5.

    Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security requirements engineering methods. Requir Eng Spec Issue Secur Requir Eng 15(1):7–40

    Google Scholar 

  6. 6.

    Hesse W (2014) Ontologie und Weltbezug—vom philosophischen Weltverstaendnis zum Konstrukt der Informatik. Informatik-Spektrum 37(4):298–307

  7. 7.

    IEC (2007) 62351–1 TS Ed.1: Data and communication security—part 1: introduction and overview

  8. 8.

    Mattle P, Neureiter C, Kupzog F (2013) Projekt SGMS—INTEGRA Übergang zu netz- und marktgeführtem Betrieb im Smart Grid. In: Proceedings of the fourth workshop on communications for energy systems, Vienna, Austria, Sept 2013, pp 44–52

  9. 9.

    NERC. NERC CIP-002-5.1 to CIP-011-1 Cyber security, 20012

  10. 10.

    Neureiter C, Eibl G, Veichtlbauer A, Engel D (2013) Towards a framework for engineering smart-grid-specific privacy requirements. In: Proceedings IEEE IECON, special session on energy informatics, Vienna, Austria, Nov 2013, pp 4803–4808

  11. 11.

    Smart Grid Coordination Group (2012) Smart grid information security. Technical report, CEN-CENELEC-ETSI

  12. 12.

    The Smart Grid Interoperability Panel Cyber Security Working Group (2010) NISTIR 7628–guidelines for smart grid cyber security, vol 1–3

  13. 13.

    Uslar M, Rohjans S, Specht M, Trefke J, Dänekas C, Vazquez JMG, Rosinger C, Bleiker R (2012) Standardization in smart grids: introduction to IT-related methodologies, architectures and standards (power systems). Springer, Berlin

    Google Scholar 

Download references


The financial support by the Austrian Federal Ministry of Economy, Family and Youth and the Austrian National Foundation for Research, Technology and Development is gratefully acknowledged. Funding by the Austrian Federal Ministry for Transport, Innovation and Technology and the Austrian Research Promotion Agency (FFG) under Project 838793, “INTEGRA”, is gratefully acknowledged.

Author information



Corresponding author

Correspondence to Christian Neureiter.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Neureiter, C., Eibl, G., Engel, D. et al. A concept for engineering smart grid security requirements based on SGAM models. Comput Sci Res Dev 31, 65–71 (2016). https://doi.org/10.1007/s00450-014-0288-2

Download citation


  • SGAM
  • Security
  • Requirements engineering
  • Patterns
  • Risk assessment