Threat Modeling of AMI
The introduction of an advanced metering infrastructure (AMI) into the power grid forces the power industry to address information security threats and consumer privacy more extensively than before. The industry needs practical advice on methods and tools to use in this context. Threat modeling is well-known among information security professionals as a method for investigating a system’s vulnerabilities. This paper documents the threat modeling of one actual AMI configuration. The results are both a demonstration of how these techniques can be applied to AMI, and a documentation of risks associated with this specific AMI configuration.
KeywordsSmart Grid Advanced Metering Infrastructure Information Security Privacy Threat Modeling STRIDE
Unable to display preview. Download preview PDF.
- 1.Cleveland, F.: Cyber security issues for Advanced Metering Infrastructure (AMI). In: 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, pp. 1–5 (July 2008)Google Scholar
- 2.Line, M.B., Tøndel, I.A., Jaatun, M.G.: Cyber security challenges in Smart Grids. In: 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies (ISGT Europe), pp. 1–8 (December 2011)Google Scholar
- 3.The Smart Grid Interoperability Panel - Cyber Security Working Group: NISTIR 7628: Guidelines for smart grid cyber security (2010)Google Scholar
- 4.The Advanced Security Acceleration Project (ASAP-SG): Security Profile for Advanced Metering Infrastructure (2010)Google Scholar
- 5.Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press (2004)Google Scholar
- 6.Shostack, A.: Experiences threat modeling at microsoft. In: Modeling Security Workshop (2008), http://www.comp.lancs.ac.uk/modsec/program.php
- 7.Schneier, B.: Attack Trees – Modeling security threats. Dr. Dobb’s Journal (July 2001)Google Scholar
- 10.Jaatun, M.G., Tøndel, I.A.: Covering your assets in software engineering. In: The Third International Conference on Availability, Reliability and Security (ARES 2008), Barcelona, Spain, pp. 1172–1179 (2008)Google Scholar