ABSTRACT
This chapter proposes the STECA (Security Threats, Effects and Criticality Analysis) approach to perform security assessment of Smart Grids. STECA starts from a vulnerability point of view and moves on towards threat analysis and criticality assessment. The experience of CRITICAL Software industrial assessment projects ended up providing most of the incentive for development of the STECA process due to the gaps found. Additionally, it guarantees compatibility with main standards: in fact, the reference data to build the threat libraries are extracted from the standard, and it is easy to define a correspondence between main steps of the STECA process and the steps of methodologies in. After the report is concluded, meaning all threats in all the weak spots are analysed and addressed, the STECA process iteration is finished. Based on the STECA results new security requirements may be derived or the existing ones may be improved; those new/updated requirements will lead to improvements in the system safety architecture and design.
