(1/10/2016) – In this deliverable D1.4 the final set of security & privacy goals for the SEGRID use cases is defined. The SEGRID project has defined five use cases that are exemplary for the gradually evolving system concept of Smart Grids in Europe. The use cases will be used to identify new cyber-threats and vulnerabilities as well as the gap between available and needed cyber security solutions for Smart Grids. The SEGRID use cases have been selected considering:

  1. the relevance for new business, economic growth, and supporting the introduction of more sustainable and locally generated power, and
  2. addition of new functionality and components that inherently will introduce new vulnerabilities and a wider cyber-attack surface.

In this deliverable D1.4 the final set of security & privacy goals for the SEGRID use cases is defined. This deliverable is the final update of the first report on the security & privacy goals (D1.3).

A security goal is defined as “a specific need to protect a certain interest of a stakeholder”. The focus of the deliverable has been on drafting security goals on:

  • traditional information security properties (i.e. confidentiality, integrity and availability)
  • system security properties, such as: system integrity, robustness and resilience.

These security properties have been elaborated on, and a stepwise approach has been defined to draft security goal.

A privacy goal is defined as “a specific need to protect personal data when it is collected, transferred, processed, and/or stored by a stakeholder”. For the drafting of privacy goals we have assessed the EU Data Protection Directive 95/46/EC [8], the recently accepted General Data Protection Regulation (GDPR) [7], and the set of eleven privacy principles for ICT systems as defined in ISO/IEC 29100:2011 [9].

However, since SEGRID is a technical oriented project focused on enhancing the protection of Smart Grids against cyber-attacks, the eight privacy design strategies defined in “Privacy Design Strategies” by J.-H. Hoepman [10] better match with this purpose. These privacy design strategies are: Minimise, Hide, Separate, Aggregate, Inform, Control, Enforce, and Demonstrate. Also for drafting privacy goals a stepwise approach has been defined. This stepwise approach has been applied to draft the set of privacy goals for the three SEGRID use cases which cover elements where personal data is collected, transferred, processed and/or stored.

SEGRID D1_4 Final report on the security and privacy goals – PU – Final