The electricity grid is an important critical infrastructure that is undergoing major changes, due to the Internet of Things (IoT) and renewable energy, heading towards the smart grid. However, besides the many good promises of the smart grid, such as better peak control, cheaper maintenance, and more open energy markets, there are many new security threats evolving, especially from the IoT side, and also from the diversification of the systems and practices that the smart grid brings. We thus see the need for more light-weight and dynamic methods for conducting security analyses of systems applicable at (re)design time, intended to help system engineers build secure systems from the start. As a consequence, the methods should also look more at the functionalities (exposure/protection) of the system than at the possible attacks.

In this paper we propose a methodology called Smart Grid Security Classification (SGSC) developed for complex systems like the smart grid, focusing on the specifics of Advanced Metering Infrastructure (AMI) systems. Our methodology is built upon the Agence nationale de la sécurité des systémes d’information (ANSSI) standard methodology for security classification of general Information and Communication Systems (ICS). Analyses performed following our method easily translate into ANSSI valid reports. Our SGSC is related to methods of risk analysis with the difference that our classification method has the purpose to assign a system to a security class, based on (combinations of) scores given to the various exposure aspects of the system and the respective protection mechanisms implemented; without looking at attackers. There are multiple uses of SGSC, such as offering indications to decision-makers about the security aspects of a system and for deciding purchasing strategies, for regulatory bodies to certify various complex infrastructure systems, but also for system/security designers to make easier choices of correct functionalities that would allow to reach a desired level of security. Particularly useful for smart grid systems is the discussion and mapping that we do of the SGSC methodology to a complex AMI infrastructure description derived from real deployments being done in ongoing Norwegian smart grid upgrades.

电网是重要的重要基础设施，由于物联网（IoT）和可再生能源的影响，电网正朝着智能电网发展。但是，除了智能电网的许多美好前景，例如更好的峰值控制，更便宜的维护和更开放的能源市场外，还有许多新的安全威胁正在演变，尤其是在物联网方面，以及系统和产品的多样化。智能电网带来的实践。因此，我们看到需要更轻巧，动态的方法来对（重新）设计时适用的系统进行安全性分析，以帮助系统工程师从一开始就构建安全的系统。结果，这些方法还应该更多地关注系统的功能（暴露/保护），而不是可能的攻击。

在本文中，我们提出了一种针对智能电网等复杂系统开发的方法，称为智能电网安全分类（SGSC），重点关注高级计量基础架构（AMI）系统的细节。我们的方法是建立在系统信息安全国家标准（ANSSI）的通用信息和通信系统（ICS）安全分类的标准方法之上的。按照我们的方法进行的分析可以轻松转换为ANSSI有效报告。我们的SGSC与风险分析的方法有关，不同之处在于我们的分类方法旨在根据对系统各个暴露方面的得分（组合）以及所实现的相应保护机制，将系统分配给安全等级。 ; 不看攻击者。SGSC有多种用途，例如为决策者提供有关系统安全性的指示，以及用于确定购买策略的信息，使监管机构可以认证各种复杂的基础架构系统，还可以使系统/安全设计人员更轻松地选择正确的功能，可以达到所需的安全级别。对于智能电网系统特别有用的是，我们对SGSC方法的讨论和映射到从正在进行的挪威智能电网升级中进行的实际部署中得出的复杂AMI基础结构描述。而且还使系统/安全设计人员可以更轻松地选择正确的功能，以实现所需的安全级别。对于智能电网系统特别有用的是，我们对SGSC方法的讨论和映射到从正在进行的挪威智能电网升级中进行的实际部署中得出的复杂AMI基础结构描述。而且还使系统/安全设计人员可以更轻松地选择正确的功能，以实现所需的安全级别。对于智能电网系统特别有用的是我们对SGSC方法的讨论和映射到从正在进行的挪威智能电网升级中进行的实际部署中得出的复杂AMI基础结构描述。