Abstract
The present report proposes a methodology for Smart Grid Security Classification (SGSC) having as target usage the complex systems in the smart grids and particularly Advanced Metering Infrastructures (AMI). Our methodology extends and refines the ANSSI standard methodology for security classification of general Information and Communication Systems (ICS) focusing on the specifics of smart grid AMI systems. As a consequence, analyses done following our method should be easily translated into ANSSI valid reports. Like any security classification, our method is related to methods of doing risk analysis with the difference that the classification method has the purpose to assign a level, or security class, to the system under evaluation. There are multiple purposes for having such an analysis, such as offering indications to decision making people on security aspects of a system and for deciding purchasing strategies, but also for regulatory bodies to certify various complex infrastructure systems like from the smart grid. As such, this report first presents relevant related before explaining thoroughly the ANSSI standard that we build on. Particularly useful for smart grid systems is the discussions and mapping that we do of the SGSC methodology to a complex AMI infrastructure description derived from the real deployments being done in Norwegian ongoing works of developing the national smart grid.