SDN-microSENSE requirements
Traditional power generation, transmission and distribution system are facing a lot of challenges when facing an integration of innovative information and communication technologies. Significant transformation of Electrical Power and Energy Systems (EPES) should be done with securing such systems, not only because the EPES is one of the critical infrastructures upon which a lot of other infrastructures depend, but also because a failure in the logical security would have an impact on the physical EPES assets. Therefore, cyber-security must be a top priority in the entire framework of energy security.
Stakeholder (user) requirements were obtained from the partners playing the role of end-users, while functional and non-functional requirements were obtained through a collaborative effort of all technical partners. To support that two survey questionnaires were distributed and conducted in order to gather the required information from the relevant partners. Functional requirements were extracted through the analysis of the main use cases, while non-functional requirements, apart from reflecting the stakeholder needs, also incorporated regulatory compliance requirements and conventional best practices in the EPES operational environment. Furthermore, the relevant legal frameworks for the execution of the pilots of the project in five countries namely Bulgaria, Spain, Norway, Sweden and Greece, were analysed to identify prerequisites for conducting these pilots.
In order to identify the regulatory requirements regarding ethics, privacy, data protection and information security, extensive research was conducted on European laws and regulations using a doctrinal approach. Relevant laws, guidelines and case laws were identified and analysed, leading to the identification of the corresponding ethical, data protection and security framework.
Concept and approach
Several broad methodologies were employed to identify the “User & Stakeholder, Security and Privacy Requirements”. Initially, relevant information was collected and analysed, followed by feedback and validation exercises. Regarding information collection, multiple sources were used, including: State-Of-the-Art (SOTA), legal instruments, the General Data Protection Regulation (GDPR), the Network and Information Security directive (NIS); ISO standards, as well as guidance documents from regulatory authorities. The output obtained from the exercises was reviewed and validated through expert analysis and partner evaluation, including further desktop research from the technical, legal, academic and industrial experts of the project
|