Traditional power generation, transmission and distribution system are facing a lot of challenges when facing an integration of innovative information and communication technologies. Significant transformation of Electrical Power and Energy Systems (EPES) should be done with securing such systems, not only because the EPES is one of the critical infrastructures upon which a lot of other infrastructures depend, but also because a failure in the logical security would have an impact on the physical EPES assets. Therefore, cyber-security must be a top priority in the entire framework of energy security.
Main purpose and goal
The SDN-microSENSE requirements includes information that will/should be used by all project partners, providing a clear vision of the project functionalities, thus allowing them to better plan and coordinate their activities towards a fully functional platform.
Besides that the identified requirements will allow the SDN-microSENSE reference architecture to be successfully implemented. At the end both the requirements and the architecture specification will be used for the “Pilot, Demonstration & Evaluation” phase, allowing the definition of the Integration plan and testing, and other tasks related to the validation of both system components of the overall SDN architecture. For that to be successful requirements will be strictly followed and implemented, ensuring seamless integration of all architectural components and successful platform deployment.
The project complexity brings many challenges in defining the right deployment path. Also, the constant evolution of Information and Communication Technology (ICT) affects the complexity of EPES, leading to the introduction of diverse types of stakeholders such as: Energy providers, Network operators, Consumers, Energy service providers, Policy makers, Manufacturers.
Identifying “User & Stakeholder, Security and Privacy Requirements” at the energy domain was another challenge faced by the project, reflected by the fact that the relevant deliverable took many iterations before reaching is final form. At the end the deliverable successfully presented all requirements for the different experimental energy studies carried out in the project, as well as some ethical aspects of the project. It also incorporated requirements stemming from the national regulatory framework of the countries where the project’s pilots will be carried out.
Stakeholder (user) requirements were obtained from the partners playing the role of end-users, while functional and non-functional requirements were obtained through a collaborative effort of all technical partners. To support that two survey questionnaires were distributed and conducted in order to gather the required information from the relevant partners. Functional requirements were extracted through the analysis of the main use cases, while non-functional requirements, apart from reflecting the stakeholder needs, also incorporated regulatory compliance requirements and conventional best practices in the EPES operational environment. Furthermore, the relevant legal frameworks for the execution of the pilots of the project in five countries namely Bulgaria, Spain, Norway, Sweden and Greece, were analysed to identify prerequisites for conducting these pilots.
In order to identify the regulatory requirements regarding ethics, privacy, data protection and information security, extensive research was conducted on European laws and regulations using a doctrinal approach. Relevant laws, guidelines and case laws were identified and analysed, leading to the identification of the corresponding ethical, data protection and security framework.
Concept and approach
Several broad methodologies were employed to identify the “User & Stakeholder, Security and Privacy Requirements”. Initially, relevant information was collected and analysed, followed by feedback and validation exercises. Regarding information collection, multiple sources were used, including: State-Of-the-Art (SOTA), legal instruments, the General Data Protection Regulation (GDPR), the Network and Information Security directive (NIS); ISO standards, as well as guidance documents from regulatory authorities. The output obtained from the exercises was reviewed and validated through expert analysis and partner evaluation, including further desktop research from the technical, legal, academic and industrial experts of the project.