Traditional power generation, transmission and distribution system are facing a lot of challenges when facing an integration of innovative information and communication technologies. Significant transformation of Electrical Power and Energy Systems (EPES) should be done with securing such systems, not only because the EPES is one of the critical infrastructures upon which a lot of other infrastructures depend, but also because a failure in the logical security would have an impact on the physical EPES assets. Therefore, cyber-security must be a top priority in the entire framework of energy security.
Main purpose and goal
The SDN-microSENSE
requirements includes information that will/should be used by all project
partners, providing a clear vision of the project functionalities, thus
allowing them to better plan and coordinate their activities towards a fully
functional platform.
Besides that the
identified requirements will allow the SDN-microSENSE reference architecture to
be successfully implemented. At the end both the requirements and the architecture
specification will be used for the “Pilot, Demonstration & Evaluation” phase,
allowing the definition of the Integration plan and testing, and other tasks
related to the validation of both system components of the overall SDN
architecture. For that to be successful
requirements will be strictly followed and implemented, ensuring seamless
integration of all architectural components and successful platform deployment.
Challenge
The project
complexity brings many challenges in defining the right deployment path. Also,
the constant evolution of Information and Communication Technology (ICT)
affects the complexity of EPES, leading to the introduction of diverse types of
stakeholders such as: Energy providers, Network operators, Consumers, Energy
service providers, Policy makers, Manufacturers.
Identifying
“User & Stakeholder, Security and Privacy Requirements” at the energy
domain was another challenge faced by the project, reflected by the fact that
the relevant deliverable took many iterations before reaching is final form. At
the end the deliverable successfully presented all requirements for the
different experimental energy studies carried out in the project, as well as
some ethical aspects of the project. It also incorporated requirements stemming
from the national regulatory framework of the countries where the project’s
pilots will be carried out.
Requirements Overview
Stakeholder (user) requirements were obtained from the
partners playing the role of end-users,
while functional and non-functional
requirements were obtained through a collaborative effort of all technical
partners. To support that two survey questionnaires were distributed and
conducted in order to gather the required information from the relevant
partners. Functional requirements
were extracted through the analysis of the main use cases, while non-functional requirements, apart from
reflecting the stakeholder needs, also incorporated regulatory compliance
requirements and conventional best practices in the EPES operational
environment. Furthermore, the relevant legal
frameworks for the execution of the pilots of the project in five countries
namely Bulgaria, Spain, Norway, Sweden and Greece, were analysed to identify
prerequisites for conducting these pilots.
In order to identify the regulatory
requirements regarding ethics, privacy, data protection and information
security, extensive research was conducted on European laws and regulations
using a doctrinal approach. Relevant laws, guidelines and case laws were
identified and analysed, leading to the identification of the corresponding
ethical, data protection and security framework.
Concept and approach
Several broad
methodologies were employed to identify the “User & Stakeholder, Security
and Privacy Requirements”. Initially, relevant information was collected and
analysed, followed by feedback and validation exercises. Regarding information
collection, multiple sources were used, including: State-Of-the-Art (SOTA),
legal instruments, the General Data Protection Regulation (GDPR), the Network
and Information Security directive (NIS); ISO standards, as well
as guidance documents from regulatory authorities. The output obtained from the exercises was reviewed and validated
through expert analysis and partner evaluation, including further desktop
research from the technical, legal, academic and industrial experts of the
project.