Threat Modeling of AMI

  • Inger Anne Tøndel
  • Martin Gilje Jaatun
  • Maria Bartnes Line
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7722)


The introduction of an advanced metering infrastructure (AMI) into the power grid forces the power industry to address information security threats and consumer privacy more extensively than before. The industry needs practical advice on methods and tools to use in this context. Threat modeling is well-known among information security professionals as a method for investigating a system’s vulnerabilities. This paper documents the threat modeling of one actual AMI configuration. The results are both a demonstration of how these techniques can be applied to AMI, and a documentation of risks associated with this specific AMI configuration.


Smart Grid Advanced Metering Infrastructure Information Security Privacy Threat Modeling STRIDE 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cleveland, F.: Cyber security issues for Advanced Metering Infrastructure (AMI). In: 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, pp. 1–5 (July 2008)Google Scholar
  2. 2.
    Line, M.B., Tøndel, I.A., Jaatun, M.G.: Cyber security challenges in Smart Grids. In: 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies (ISGT Europe), pp. 1–8 (December 2011)Google Scholar
  3. 3.
    The Smart Grid Interoperability Panel - Cyber Security Working Group: NISTIR 7628: Guidelines for smart grid cyber security (2010)Google Scholar
  4. 4.
    The Advanced Security Acceleration Project (ASAP-SG): Security Profile for Advanced Metering Infrastructure (2010)Google Scholar
  5. 5.
    Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press (2004)Google Scholar
  6. 6.
    Shostack, A.: Experiences threat modeling at microsoft. In: Modeling Security Workshop (2008),
  7. 7.
    Schneier, B.: Attack Trees – Modeling security threats. Dr. Dobb’s Journal (July 2001)Google Scholar
  8. 8.
    Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology 51(5), 916–932 (2009)CrossRefGoogle Scholar
  9. 9.
    Meland, P.H., Tøndel, I.A., Jensen, J.: Idea: Reusability of threat models – two approaches with an experimental evaluation. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 114–122. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Jaatun, M.G., Tøndel, I.A.: Covering your assets in software engineering. In: The Third International Conference on Availability, Reliability and Security (ARES 2008), Barcelona, Spain, pp. 1172–1179 (2008)Google Scholar
  11. 11.
    Qi, H., Wang, X., Tolbert, L.M., Li, F., Peng, F.Q., Ning, P., Amin, M.: A Resilient Real-Time System Design for a Secure and Reconfigurable Power Grid. IEEE Transactions on Smart Grid 2(4) (December 2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Inger Anne Tøndel
    • 1
  • Martin Gilje Jaatun
    • 1
  • Maria Bartnes Line
    • 1
  1. 1.SINTEF ICTTrondheimNorway

Personalised recommendations