Methodology for the Evaluation of Resilience of ICT Systems for Smart Distribution Grids

Ensuring resilient operation and control of smart grids is fundamental for empowering their deployment, but challenging at the same time. Accordingly, this study proposes a novel methodology for evaluating resilience of Information and Communication Technology (ICT) systems for smart distribution grids. Analysing how the system behaves under changing operating conditions a power system perspective allows to understand how resilient the smart distribution grid is, but the resilience of the ICT system in charge of its operation affects the overall performance of the system and does, therefore, condition its resilience. With the aim of systematising the evaluation of ICT systems’ resilience, this study proposes to combine a standardized modelling of Smart Grids, the Smart Grid Architecture Model (SGAM), with a data structured diagram, the Entity Relationship Model (ERM). The architecture of smart distribution grids is analysed through SGAM. Then, their technical characteristics and functionalities are defined and represented in a ERM diagram. Finally, the attributes or properties of the system components are used to formulate resilience indicators against different types of disturbances. This methodology is then applied to analyse the resilience of a ICT platform being developed in EMPOWER H2020 project.


Introduction
The performance of traditional power transmission systems has usually been assessed by its ability to resist disturbances and to recover efficiently in case of failure.Existing resilience indices would give insight of the system reliability and its robustness against a set of disturbances (e.g., component failure) [1].As traditional transmission grids were static constructions with the relatively invariable task of transmitting power form a central power plant to a decentralized network of loads, it made sense to assess its performance with invariable and static metrics as the Average Service Availability Index (ASAI) among others [1].
These new grid elements, together with constant changes within the environment in which the distribution system operates, create new requirements for the power system to be fully performant.With the new functionalities that are being assessed to the distribution grid, sufficient robustness does no longer mean sufficient performance, as static robustness may be interfering with the flexibility of the grid, which is required to control the wide variety of new components that are being added.In other words, a transition is taking place in which the distribution grid is becoming a dynamic system that evolves towards new equilibria over time.All the above aspects are making more difficult to determine how resilient smart distributed systems are.
On the other hand, distribution grids are bringing not only new grid elements, but also new actors and roles.The electrical exchanges enabled by local generation, consumption and storage units, as well as by their derived flexibility, are leading to economic transactions which could be managed locally in the so-called local electricity markets [2], also known as micromarkets in some studies [3].
A key actor for the local energy markets deployment is the so-called Smart Energy Service Provider (SESP) [4,5].It is the entity responsible for the operation and control of the different units in these local electricity markets.Additionally, the SESP is their aggregator, trading electricity in wholesale markets.The SESP information exchange with these elements is possible thanks to Information and Communication Technologies (ICT) based platform.In this sense, in order to ensure a resilient operation of the distribution grid, the ICT platform itself, must be resilient too.The assessment of the resiliency of ICTs for smart distribution grids is the focus of this the present study.
The resilience concept, for its broadness and wide range of application, has lead to several studies in the literature.A review of approaches to resilience definition and assessment is performed in [6].The need for resilience metrics in energy systems is stated in [7], where a matrix-based approach is developed to generate resilience indicators.Focusing on resilience of distribution systems, it has been analysed from very different perspectives.The authors from [8] define and analyse the resilience of electric distribution systems integrating microgrids.The resilience of a distributed algorithm that operates and controls a microgrid has been analysed in [9].The potential of microgrids as a resilience resource is evaluated in [10].
Regarding resilience of ICT systems, some studies have analysed it without restricting the field of application of these ICT.Resilience in communication networks has been studied in [11], presenting principles for designing resilient networks and techniques to analyse network resilience.The requirements for resilient ICTs are described in [12], where the qualitative evaluation of resiliency is done in terms of ICT service continuation.If ICT service can still continue even if the ICT is affected by a disaster, the resiliency of such ICT is considered high.The resilience of control systems is addressed through an automated control approach in [13], identifying a resilient control problem where a linear dynamic system is subject to the replay and Denial-of-Service attacks.On the other hand, an approach for selecting architectures in a connected infrastructure system to increase resilience of the overall infrastructure system is presented in [14].
The specificities of the control and communication architecture of smart distribution grids, which imply different actors, roles, elements and functions compared to other systems, justify dedicated studies of resilience of ICT for their operation.However very few studies evaluate of the resilience of the ICT platforms for operating smart distribution grids.Additionally, most of them address their resilience focusing only on the vulnerabilities resulting from cyber attacks [15].
Taking into account the limited analysis of resilience of ICT systems in smart distribution grids, this paper proposes a novel methodology to evaluate it taking advantage of the combination of two existing tools.One is the standardized modelling of Smart Grids proposed by CENELEC [16], Smart Grid Architecture Model (SGAM) and the other one is an extended method for structuring data diagrams: the Entity Relationship Model (ERM).Although these are well-developed tools, their use to assess resiliency as proposed in this methodology is not being addressed in smart grids context.The novel methodology developed allows to determine the criticality of functions and elements involved in ICT systems for operating smart distribution grids in a systematic way.
This study is structured as follows.First, resilience concept is particularised for application in distribution grids (see Section 2).Then, a methodology to assess resilience of ICT systems for smart distribution grids is developed in Section 3, based on the Entity-Relationship model.Next, this methodology is applied to a case study in Section 4 to evaluate the resilience of a ICT platform for local energy markets operation.Finally, conclusions are drawn in Section 5.

Defining Resilience
Before developing the methodology for resilience evaluation of ICT systems, the resilience concept assumed is clarified.The traditional centrally operated transmission grid is a complex, but mainly steady system with only a few well defined functionalities and a rather static infrastructure.Therefore, much of the literature found in electrical engineering defines resilience based on the ability of a system to "bounce back" to its initial and invariable state after a disturbance.On the other hand, the transition towards decentralized smart distribution grids is characterized by the dynamics of integrating new technologies and new participants into the grid.Therefore, resilience for smart distributed power systems will have some additional features that take into account the grids capacity to evolve towards new equilibria.When interpreting the transmission grid as a single equilibrium system with invariable functionalities, it was sufficient to assess its ability to resist and recover from foreseeable disturbances.In other words, its resilience was assessed on its robustness and reliability.To take the recent power system evolutions on distribution grids into account, this paper will use a resilience definition considering the static and dynamic performance of the smart grids.As such, the definition of resilience in the context of smart distribution grids can be summarized as stated in [17]: "The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions".Taking into account the previous resilience definition and similarly to [18], resilience can be divided into five quantifiable characteristics: reliability, adaptive capacity, elasticity, plasticity, and evolvability.The first three terms are describing short term resilience or how the system reacts when a disturbance occurs.The last two terms, plasticity and evolvability, describe long term resilience, or the systems ability to evolve and adapt after undergoing disturbances.Moreover, a distinction is made between dynamic and static resilience characteristics.Table 1 gives an overview of the five resilience characteristics, classified according to the affected time frame.
Figure 1 represents a certain performance metric of a system in function of time, illustrating the different stages of a disturbance.The time period (t e −t 0 ) indicates the time during which the system is able to maintain its full performance while undergoing a disturbance, (t d −t e ) is the period in which performance decreases to a certain level in which the system remains for the time period (t s −t d ).Finally, recovery begins at t s and is complete at time t f .The following paragraphs describe how each of the five resilience characteristics relate to the performance curve in Figure 1.

Reliability
The term is used to describe how well a system can withstand anticipated disturbances, namely high probability, low impact events.For instance, power line failures are foreseeable failures, and can be resolved by building redundancy into the system, making it more reliable.The reliability of the system is about building a system that is robust enough to resist disturbances.Therefore reliability is a property that has to be implemented in the design stage of the system.It requires a top-down approach, by anticipating on the possible disturbances that can occur during the systems lifetime.Moreover, as reliability only assesses if a system is functional or non-functional, it is a static characteristic, that does not change over time.In Figure 1, the system is fully functional during the time period (t 0 −t e ).The longer this period, the more reliable the system is.

Adaptation Capacity
If a system cannot withstand a certain disturbance, it will be degraded to a lower level of performance, and this process is represented in time period (t d −t e ) in Figure 1.This period represents the adaptive capacity of a systemor how well the system can tolerate a disturbance before getting fully degraded.The longer this period, the more controlled the degradation will be, which can limit the overall damage caused by the disturbance, and indicates a higher ease of adaptation of the system.

Elasticity
Similar to metallurgy, elasticity in this context refers to the ability of a system to fully return or bounce back, to its original state after undergoing a deformation.In Figure 1, elasticity encompasses the time range from a fully degraded state of the system (t s −t d ) up to the recovery period (t f −t s ), included.If the system fails to fully recover the damage, then the loss of performance is irreversible and becomes a long term characteristic, described as plasticity.The more efficient the recovery, the more resilient the system.

Plasticity
As stated earlier, the terminology used in metallurgy can be applied in the context of resilience too.When a system undergoes irreversible damage, in other words, can no longer bounce back to its original equilibrium state, it loses its elasticity and the loss of system properties is described by plasticity.In Figure 1, this is shown by the difference between the initial fully performant state (at 100% performance rate), and the degraded state after recovery (at 80% performance rate).Once a system has plasticity, it won't change over time, hence it is a static characteristic.Plasticity is not a favorable characteristic of resilience, as an elastic system is much more flexible.

Evolvability
This term refers to the ease with which a system can adapt itself to changes or improve itself by learning from the disturbances it undergoes.For instance, Figure 1 shows how a system adapts its behavior after a first disturbance, resulting in improved operation during a second disturbance cycle, where the system recovery initiates faster and the recovery time is shorter (improved elasticity) and does not suffer from additional plasticity.Evolvability is a characteristic that changes over time, together with the changes undergone by disturbances.

Multidimensional Approach for Resilience Evaluation
To assess how a disturbance affects the performance of a control system for distribution grids, this paper proposes the methodology shown in Figure 2. First, the assessed system needs to be characterized.This includes identifying its main functionalities or High Level Functions (HLF) and representing the whole structure and elements involved through the Smart Grid Architecture Model (SGAM) (see Section 3.1).Then, the obtained structure is related to the system's main functionalities (e.g., remote monitoring, load and generation forecasting, communication with users and clients of the system) through a functional decomposition, as reflected in Section 3.2.
In order to specify the relationships between the different elements, the entities of the system defined by means of its properties (attributes) are identified in a conceptual Entity Relationship Model (ERM), according to Section 3.3.With the ERM, the share or importance of each of the system's entities in performing the main functionalities of the system can be identified.When a disturbance occurs in a certain element, the ERM model makes it possible to quantify the degree of impact it has on the overall performance of the system, for each of its main functionalities.
The entity-relationship model, together with the functional decomposition of assessed system form the basis for the presented resilience analysis framework (see Section 3.4).The resulting resilience evaluation framework gives an indication of the resilience of the control system with respect to the element in which the disturbance occurs.The more a disturbance affects the overall system performance, the less resilient the system is with regard to the involved element.
The before-described methodology will be applied to a particular case in Section 4.

Use Case Definition through SGAM Methodology
Prior to the evaluation of the resilience of a system, the involved elements and general operation procedures need to be analysed.This can be achieved determining the system technical architecture using the Smart Grid Architecture Model (SGAM) methodology.The Smart Grid Architecture Model (SGAM) is a three dimensional representation of the smart grid architecture established by the Smart Grid Coordination Group, a working group that is in charge of fulfilling the M/490 EU Mandate on smart grids standardization [16].
The SGAM distinguishes different levels of functionality of the smart grid by decomposing it into different layers of operability, zones, and domains.The Smart Grid zones are classified depending on the procedures involved: process, station, operation, enterprise and market.The Smart Grid domains can cover generation, transmission, distribution, Distributed Energy Resources (DER) and customer premises.There are five interoperability layers, namely the component, communication, information, function, and business layers, which represent the hierarchical levels on which stakeholders interact in a smart grid system.The SGAM model standardizes the definition of smart grid functionalities and allows to define use cases to describe its main functionalities or HLF.
The advantage of the multidimensional framework is that smart grid functionalities can be expressed independently from the physical set-up of the system or from its participants.As such, a system represented through an SGAM can be adopted by different technologies and actors, and can fit in different regulatory delimitations.

Functional Decomposition
According to this methodology, resilience is assessed by looking at how the main system functionalities are executed by a combination of multiple elements of the system.To do so, the main functionalities or HLFs are decomposed into a set of less complex functions.To analyze which element executes what part of each of the main HLFs, these functionalities are decomposed into a combination of secondary functions (SFs), which are in turn subdivided in a set of primary functions (PFs).
These functions get input parameters in brackets, and deliver an output accordingly.The following input types can be required:

•
Entities: they represent the physical components, actors or ICT links that execute the PFs.Some PFs require more than one entity to be executed, namely when the executing entity needs to send something to a receiving entity or when intermediary entities are required.Hence the possible entities are: executing entity: the entity performing the PF.-receiving entity: the entity receiving data from the executing entity.-intermediary entity: the entity that processes the output of the executing entity to complete the function execution.
• Attributes: they represent the data that is processed by the PF.They refer to a set of variables characterizing the concerned entity, and for the same attribute, the set can vary depending on the entity.For example, the attribute 'technical characteristics' would include maximal charging capacity if the entity would be a storage device, which wouldn't be included for a controllable load.There can be three types of attributes: primary attributes: they specify the basic attributes defined by entities (e.g., operational characteristics to notify if the device is operational or controllable, technical characteristics to detail the maximal capacity or the control strategy of an inverter, weather forecast information like irradiance or temperature, etc.) -composed attributes(): these are the result of applying a PF on primary attributes.Composed attributes are denoted by adding brackets, and the input parameters can be primary or composed attributes.They can be a combination of primary attributes, a calculation or a notification (e.g., report(), request(), command(), etc.).-set of attributes(): some entities will receive primary attributes from several identical executing entities, and aggregate these in a set of identical attributes with different values.This is comparable to an array in object oriented programming.A set of attributes is denoted by enclosing the input attribute type with square brackets.An example of its functionality is when a set of attributes is used to notify metering values, including several current, voltage or power values in the same array.

•
Time execution: it refers to the moment at which a function is executed.This can either be periodically or at discrete moments.
• Algorithm: it corresponds to the mathematical model that is used to calculate a certain output.The algorithm won't be specified in this work, it will be considered as a black box with input parameters, and returning composed attributes as output parameters.

Primary Functions
The PFs represent the basic actions that can be executed by different entities of the system.A sequence of PFs can be combined to form a SF.
The eight PFs identified are described below.
• set(executing entity, attributes, time resolution) This function represents the action of changing the values of a certain attribute for an entity.Most of the time, an entity will execute this PF after receiving a command from another entity, in other words in discrete time periods, but it can also be done periodically through an automated system.However, as the way distribution grids are managed is changing, new SFs and HLFs can arise, leading to new functionalities and therefore to the definition of new PFs.

Entity-Relationship Model
The Entity-Relationship (ER) diagram is used to define the relationships between elements of a certain system.In order to assess the resilience of a control system, the entire system is organized and represented graphically in an ER model.The ER diagram identifies the interactions between the system components and defines how each functionality is linked to the elements that participate in realizing this function.
An ER model uses three elements to represent a system and its functionalities: entities, attributes, cardinality and ordinality.

•
Entity: it defines a component of the system, regardless of being a physical element, an human operator or a digital communication line.Certain entities can be divided into more specific categories or sub-type entities.

•
Attributes: an entity is defined by attributes, representing the characteristics of the entity.Technical parameters are implemented in the ER model as attributes, but also unique identifiers and resilience indicators are implemented as attributes for each entity.The values of the attributes will vary for each instance of a certain entity and may vary during the operation time of the system.
• Methods: they correspond to the PFs discussed previously.Methods describe the relation between two entities, as they define how entities interact.

•
Cardinality and ordinality: they characterize the relationships between the entities.In particular, cardinality refers to the maximum number of times an instance in one entity can be associated with instances in the related entity.In contrast, ordinality refers to minimum number of times an instance in one entity can be associated with an instance in the related entity.Both are represented by a line and its endpoint.

Resilience Evaluation Framework
Once all the entities have been identified and the relationships between each of them have been represented in an ER diagram, it becomes possible to quantify resilience as a function of any change or disturbance that can affect the performance of the system.On the one hand, the system has to be resilient against discrete changes or disturbances.On the other hand, against continuous evolution of the system itself and its environment.Examples of discrete changes can be a cyber attack, a component failure or human error, while continuous changes are more related to regulatory changes, ageing infrastructure, new economical recessions or changes of mindset of different actors.
Each of these changes or disturbances have different effects on the operation of system.Some of these effects will cause a more severe damage than others.Therefore, to analyze the resilience it is necessary to identify the potential disturbances, their consequences and the set of attributes that quantify the consequences of the previously identified disturbances.The literature review already indicated that changes or disturbances can occur in three different dimensions: in the physical dimension, the ICT network (digital dimension) and in the socio-economical dimension [17].
The proposed resilience evaluation framework allows to assess the system resilience on different levels: either in function of a certain element of the system or in function of its main functionalities or resilience dimension.Thus, it is possible to apply the resilience analysis on general system level, as much as on each specific component level.According to this, system resilience can be improved by either making the control system less dependent on the element that is bringing the disturbance into the system or by improving the resilience of the element itself.

Resilience of High Level Function from the Dimensions Perspective
The first resilience assessing approach looks at the requirements of each HLF using the quality attributes of entities to define resilience indicators for each dimension of resilience: physical infrastructure, the socio-economic environment, and the ICT network.

Physical Dimension
The physical dimension of the system encompasses all the physical elements of the system, such as loads and generators, monitoring devices, computers, local controllers, cables and sensors, connected mobile phones, etc.This is the most tangible dimension where disturbances and changes can be easily anticipated: component failures, unsynchronized or delayed operation of devices, etc.

Digital Dimension
The digital dimension represents the ICT layer that is interconnecting and allows the operation of the physical elements of the distribution grid.It includes all the communication networks between the different grid components, the automation processes of the control system, the forecasting algorithms, the databases used for storage, etc.

Socio-Economic Dimension
The socio-economic dimension is placing the purely technical system composed of a physical and digital layer into a cultural context.The operation and performance of the control system that is analyzed depends to a large extent on how it is being used by its operators.In addition, it depends on the behavior of other participants (prosumers for example).Moreover, local policies and other existing technologies may limit the number of possibilities of the system, affecting its performance too.
In each dimension, specific resilience indicators are defined in function of the requirements that every component of the dimension has in order to perform the HLF.Indicators are chosen to cover all the five characteristics of resilience according to the adopted resilience definition in Section 2. As a result, one can assess which resilience dimension plays a more important role for the performance of the assessed HLF.
When the potential disturbances are evaluated, these attributes can serve as metrics to translate these disturbances into quantifiable consequences for the system.For example, to quantify the system resilience against a denial of service (DoS) attack, which sends a very large amount of requests to a certain monitoring device, one can use the quality attributes of the communication link entities quantifying the available memory space and data flux capacity to deal with the attack.

Resilience of HLF in Function of Component Criticality
The second resilience assessment approach is based on an importance analysis and criticality assessment.This approach makes use of the ER diagram to calculate the number of sequences of PFs that are necessary to perform a certain HLF.It makes use of the cardinality to multiply the number of PFs executed by an entity by the number of instances of that entity that are present in the system.The more a HLF is dependent on a specific entity, the more critical this entity is to the performance of the global system.

EMPOWER Project Description
The methodology described in Section 3 has been applied to evaluate the resilience of the ICT platform of the local market it operates, which is the focus of the EMPOWER H2020 project.Entitled Local Energy Retail Markets For Prosumer Smart Grid Power Services, EMPOWER belongs to the topic Modernising the European electricity grid: Distribution grid and retail market of the call Competitive Low-Carbon Energy of the HORIZON 2020 work programme 2014-2015.The project main objective is the local energy markets development.Innovative business models are being proposed and promoted to take advantage of the flexibility of generation, load and storage units at distribution level [20] and these models are setting the rules of the local markets operation [21].On the other hand, an ICT platform is being designed to manage this flexibility based on the suggested business models.The ICT platform enables and manages the operation of the system, exchanging the signals between the SESP, brain of the system, and the field elements in order to ensure maximum welfare.The resilience of the whole distribution grid is strongly dependent on the resilience of the ICT platform governing its operation, making then essential the quantification of the ICT resilience to understand the resilience of the whole system.

The Distribution Grid
The electric system analysed covers LV (Low Voltage) and MV (Medium Voltage) distribution grid and includes prosumers installations and DER facilities.The main actors intervening are prosumers, DER's owners, the Distribution System Operator (DSO) and the SESP.Prosumers, DERs and community neighbourhoods provide flexibility to the system and are rewarded based on SESP decisions.To participate in the local market they need to accomplish the contracts agreed with the SESP and provide the required information of the flexible sources.According to its SGAM representation, the system domains include Prosumers and DER installations up to the Distribution Grid.The zones identified as Market and Enterprise cover the control systems that make SESP operation possible (market, metering and control systems).The market system is responsible for the management of transactions needed to implement a local energy market.The control system is in charge of the management of the orders, scheduled and determined in the market system.The metering system manages the data obtained from the monitoring and control devices on the Field zone.They are mainly smart meters and local controllers, as depicted in Figure 3 with boxes named SM and LC respectively.They allow to connect the SESP with the zone where the electrical exchanges take place (Process Zone).The detailed interoperability layers, reflecting in detail the components needed, the communication protocols and networks used and the specific information exchanged are explained in [22]. ...

The ICT Platform
The SESP system, which operates the distribution grid through an ICT platform, is responsible for executing several functions to manage the smart distribution grid and its local energy market.A first responsibility of the SESP is to monitor the physical assets of the system (solar panels and appliances in households, storage devices, etc.).It also communicates with the participants of the distributed grid, such as the DSO and households.Moreover, the SESP uses data analytics to create control plans and sends the necessary commands to its physical assets for the execution of the control plans.The SESP signals are exchanged with field elements through Local Controllers (LC).SESP platform functionalities cover mainly three areas: communication with consumers, remote control execution and flexibility prediction.In order to perform them, 6 HLF have been identified and explained in next section.

EMPOWER Functional Descomposition
High Level Functions For this system, the following six functionalities or HLF of the SESP have been identified: • HLF 1-Asset managing: to manage the distributed energy resources of the local market participants, such as registering their technical and commercial characteristics or notifying the market participant of eventual resource status changes.• HLF 2-Forecasting: the SESP estimates future load and generation profiles on the basis of which it can then estimate the flexibility that will be available for the next dispatch in the local market.
• HLF 3-Control plan creation: given a flexibility request from the DSO and the forecasted flexibility prediction, the SESP calculates an optimal dispatch for each participating resource.• HLF 4-Remote control: based on the control plan created by the SESP, it sends control commands to the LCs of each participation resource to adapt their operation (production, consumption, turning on or off, etc.).

•
HLF 5-Monitoring: on field level, smart meters and other sensors are installed to periodically measure the consumption and generation values of each resource.Moreover, special events, for example when a device gets disconnected or when a customer denies to follow the instructions of the control commands, are also monitored by the SESP.• HLF 6-Customer Service: this HLF encompasses everything that is related to communication with the customer, such as graphical overviews of their production and consumption made available through smartphone or web browsers.It includes monthly billing notifications, contact for the help desk, etc.
These HLF represent the overall functionality of the SESP, and each of them consists of a series of sub-functions or use cases.

Primary and Secondary Functions
As an example, this section identifies the PFs and SFs between SESP and customer resources.Figure 4 is a graphical representation of the set of sequences to communicate between the SESP and the LC.The figure also indicates which attributes can be sent in each direction.The intermediary entity is always a communication link (CL), and the attributes can be request() when the SESP asks the local controller for status or characteristics information, and command() when the SESP sends orders to the LC.
The PFs from local controller to SESP are: In this case, the attributes can be the technical status, technical characteristics, operational characteristics or operational status.
The resulting SFs are a combination of the two previous sequences, the SF Request() when the SESP sends a request() attribute and the SF Command() when it sends a command() attribute: The time execution of these SF can be both periodical or event based.However, each used PF inside these SFs have an event-based time execution, as one PF triggers the next one to start its execution.

EMPOWER Entity-Relationship Model
The ERM of the system under analysis is reflected in Figure 5.All the communication links between entities are reflected there.From the ERM cardinality, it is possible to identify how often communication lines are used for each function.For instance, it can be noted that the communication line between SCADA and the local controller is used much more than the line between one specific load and the local controller.Hence, the resilience of the link between SCADA and local controller is much more representative for the overall resilience of the control system.

EMPOWER Resilience Evaluation Framework
As stated in Section 3.4, there are two approaches to assess the resilience of a system under the proposed methodology.The following sections give examples of these two approaches.

EMPOWER Resilience from the Dimensions Perspective
In order to exemplify the resilience assessment from the dimensions perspective, the HLF 5-Remote Monitoring from the EMPOWER system is addressed.
This HLF include the following use cases or sub-functions: handle meter data, handle event signals, detect local overriding of control plan and the logging of all actions and events.These sub-functions have to ensure that metering data from different meters are reliable and sent at desired frequency, that this data is archived securely and that this data is also reliable and at desired frequency reported to utility/customer.
For each resilience dimensions, it is needed to identify the requirements per each related entity and the potential disruptions prior to identify the resilience indicators.
The requirements per each related entity are: • Socio-economical dimension: -Reputation score of customer: the more active a customer participates, the better is his score, the more flexible he is for the system.-Level of transparency of agreements: if the customer knows about potential disruptions and their influences, the risk of disturbances is shared between the SESP operator and the customer, making the system more resilient.
These indicators based on attributes of the system entities are used to quantify the resilience and to determine which resilience dimension plays a more important role for the performance of the assessed HLF.

EMPOWER Resilience in Function of Component Criticality
Once again, the example of the HLF 5-Remote Monitoring can be taken as an illustration.In this HLF, the following sequences are executed: periodically handle metering data of all resources, store metering data in a database and report metering data to customer interface.
Assuming that N is the number of DER resources, the sequence dependencies for all N DER Resources are: • send(DER, DER unit controller, P, Q, V, I , 1 min) • send(DER unit controller, SCADA, P, Q, V, I , 1 min) • send(SCADA, SESP, P, Q, V, I , 1 min) In a similar way, if M is the number of CP resources, the sequence dependencies for all M customer premises (CP) resources are: In addition, to store these values in the SESP database, the following dependency is executed: • send(SESP, SESP database, Array of N attributes + Array of M attributes , 1 min) Finally, for each customer (a number C DER for DER customers and C CP for household customers) the following dependency is performed when reporting to customer interface: • send(SESP, Customer, individual update of P or P, Q, V, I , 1 min) Taking into account the number of each type of dependency and making use of the cardinality and component criticality to calculate the resilience of a certain HLF use case, the results obtained for the HLF 5-Remote Monitoring is:

Conclusions
This study has proposed a methodology to evaluate resilience of ICT platforms in Smart distribution grids.As these grids are introducing new elements, actors and roles in the electrical system, the resilience concept has been adapted to take them into consideration.The combination of a standardized modelling of Smart Grids (SGAM) with the Entity Relationship Model has been proposed to determine the criticality of functions -and elements involved-essential in the operation of these systems.
This methodology has been developed under the EMPOWER project to assess the resilience of a platform enabling the operation of a local energy market.A key actor identified in local energy markets is the SESP.Taking into account that the interaction between the SESP and the elements of the distribution grid is enabled by ICT platforms, the assessment of their resilience is fundamental to quantify the resilience of the whole system.This work also proposes paths for future research, such as the need for further development of quantitative resilience indicators for the dynamic performance of the system, which is only partly addressed in the proposed methodology.This will help to clarify how the proposed methodology handles dynamic disruptions in the system.

Figure 2 .
Figure 2. Workflow of the methodology.

Figure 4 .
Figure 4. Sequence of PFs to exchange data between the SESP and the Local Controller.

Figure 5 .
Figure 5. ER model of the EMPOWER smart distribution grid.

Table 1 .
The five characteristics of resilience.
• get(executing entity, intermediary entity, attributes, time execution) This function is executed after receiving a request message or periodically.It returns the values of the input parameters that can be primary or composed attributes.•calculate(executing entity, attributes, time execution, algorithm) This function is the basis for every computation that has to be performed.• aggregate(executing entity, attributes, time execution) This represents the action of putting together a set of attributes.For instance, when entities send the same attributes to a central entity, the latter will aggregate the received attributes for further data processing.
• distribute(executing entity, receiving entity, attributes, time execution) This represents the action of decomposing a set of attributes into individual attributes.It is the opposite function of the PF aggregate, and is executed when an entity receives a set of attributes from which each individual attribute needs to be transferred to a specific receiving entity.• store(executing entity, receiving entity, attributes, time execution) This function receives data from a certain entity and stores it into a database.• monitor(executing entity, attributes, time execution) This function is giving a trigger to its executing entity when values of attributes change.This change can be then used to execute other PFs.
Failure criticality Index.itranks the importance of elements based on a parameter of interest.Represents the contribution to system failure of a specific component.-Restorationcriticality index: percentage of times that system restoration results from the restoration of this component.It assesses the impact of restoration of a specific element.Average Packet Hop Count: average number of intermediate nodes through which the packets sent by a sender are routed (for example the number of meters traversed).