Cyber security requirements engineering for low-voltage distribution smart grid architectures using threat modeling

Incorporating renewable energy into a grid still poses a challenge, that can only be tackled with precise measurement and control. Transferring power from producer to consumer as locally as possible in order to maximize efficiency requires measurement and control functions to be present on the low-voltage grid level. This can only be achieved by massively interconnected, ICT-enhanced sensors and actuators. Interconnecting the former, in turn exposes the grid to various threats from cyberattacks. This creates the need for a holistic, structured and comprehensive approach to engineering a low-voltage smart grid architecture that allocates its resources in such a way that cyber security is preserved. While known previous work either lacks a risk-based approach, comprehensiveness or best practices, this article provides a smart grid-specific methodology that combines risk assessment and threat modeling to generate a holistic set of security requirements. Furthermore, it presents best practices to secure an archetypal smart low-voltage grid architecture based on a concrete example. It considers threats on the architectural, protocol, and device level, while also considering environmental constraints to assure security using mainly state-of-the-art mitigation measures.