Abstract
Advanced metering systems deployed in Europe are enablers of distributed power production where prosumers can feed surplus energy into the grid. Successfully managing complex energy systems requires real-time data access, flexible production and rapid demand response. The accompanying need for data storage capacity and processing power has rendered cloud services an attractive option. However, at this time, European cyber security legislation related to advanced metering systems does not reflect the broad usage of cloud technology.
This chapter describes an advanced metering system reference model based on the cloud profiles of five distribution grid operators. It identifies cloud-related gaps in current European Union cyber security legislation applicable to advanced metering systems. The gaps are identified via a holistic mapping of security principles from prominent cloud security frameworks to existing European Union legislation. A novel, advanced metering system security policy framework that covers all the identified cloud security gaps is specified. The security policy framework is an important first step towards cloud-ready security legislation for advanced metering systems. Authorities overseeing cyber security and energy resources can employ the policy framework as a starting point for a broad debate among the various stakeholders to institute cloud-ready security policies for advanced metering systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
C. Alaton and F. Tounquet, Benchmarking Smart Metering Deployment in the EU-28, Final Report, Directorate-General for Energy, European Commission, Brussels, Belgium, 2019.
Australian Cyber Security Centre, Cyber Security Principles, Canberra, Australia (www.cyber.gov.au/acsc/view-all-content/guidance/cyber-security-principles), 2022.
D. Avancini, J. Rodrigues, S. Martins, R. Rabelo, J. Al-Muhtadi and P. Solic, Energy meter evolution in smart grids: A review, Journal of Cleaner Production, vol. 217, pp. 702–715, 2019.
R. Bago and M. Campos, Smart meters for improved energy demand management: The Nordic experience, in Eco-Friendly Innovation in Electricity Transmission and Distribution Networks, J. Bessede (Ed.), Woodhead Publishing, Sawston, United Kingdom, pp. 339–361, 2015.
Cloud Security Alliance, Top Threats to Cloud Computing – The Egregious 11, Seattle, Washington (cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-egregious-eleven), August 6, 2019.
Cloud Security Alliance, Cloud Controls Matrix (CCM), Seattle, Washington (cloudsecurityalliance.org/research/cloud-controls-matrix), 2022.
C. Cuijpers and B. Koops, Smart metering and privacy in Europe: Lessons from the Dutch case, in European Data Protection: Coming of Age, S. Gutwirth, R. Leenes, P. de Hert and Y. Poullet (Eds.), Springer, Dordrecht, The Netherlands, pp. 269–293, 2013.
EME Analys, Introduction of AMI Systems in Sweden and Europe (in Swedish), Stockholm, Sweden (docplayer.se/994318-Inforandet-av-ams-system-i-sverige-och-europa.html), 2007.
S. Eskeland, Temporal anonymity in the AMS scenario without TTPs, Proceedings of the Twelfth European Conference on Software Architecture: Companion Proceedings, article no. 57, 2018.
European Commission, 2012/148/EU: Commission Recommendation of 9 March 2012 on Preparations for the Roll-Out of Smart Metering Systems, Document 32012H0148, Brussels, Belgium, 2012.
European Commission, Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency” and Repealing Regulation (EU) 526/2013, and on Information and Communication Technology Cybersecurity Certification (“Cybersecurity Act”), COM/2017/0477 Final, Document 52017PC0477, Brussels, Belgium, 2017.
European Commission, Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions – The European Green Deal, COM/2019/640 Final, Document 52019DC0640, Brussels, Belgium, 2019.
European Network of Transmission System Operators for Electricity, ENTSO-E and the EU DSO Entity submit the network code on cybersecurity for ACER review, News Release, Brussels, Belgium (www.entsoe.eu/news/2022/01/14/entso-e-and-the-eu-dso-entity-submit-the-network-code-on-cybersecurity-for-acer-review), January 14, 2022.
European Parliament and the Council of the European Union, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Document 31995L0046, Brussels, Belgium, 1995.
European Parliament and the Council of the European Union, Directive 2014/32/EU of the European Parliament and the Council of 26 February 2014 on the Harmonization of the Laws of the Member States Relating to Making Available on the Market of Measuring Instruments, Document 32014L0032, Brussels, Belgium, 2014.
European Parliament and the Council of the European Union, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), Document 32016R0679, Brussels, Belgium, 2016.
European Parliament and the Council of the European Union, Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union, Document 32016L1148, Brussels, Belgium, 2016.
European Parliament and the Council of the European Union, Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on Information and Communications Technology Cybersecurity Certification and Repealing Regulation (EU) No. 526/2013 (Cybersecurity Act), Document 32019R0881, Brussels, Belgium, 2019.
European Parliament and the Council of the European Union, Directive (EU) 2019/944 of the European Parliament and of the Council of 5 June 2019 on Common Rules for the Internal Market for Electricity and Amending Directive 2012/27/EU, Document 32019L0944, Brussels, Belgium, 2019.
European Union Agency for Network and Information Security, ENISA Smart Grid Security: Recommendations for Europe and Member States, Heraklion, Greece, 2012.
European Union Agency for Network and Information Security, Smart Grid Threat Landscape and Good Practice Guide, Heraklion, Greece, 2013.
Federal Office for Information Security, Mapping from the BSI Cloud Computing Compliance Controls Catalog (C5) to ISO/IEC 27017, Bonn, Germany, 2018.
M. Fenwick, W. Kaal and E. Vermeulen, Regulation tomorrow: What happens when technology is faster than the law? American University Business Law Review, vol. 6(3), pp. 561–594, 2017.
International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 27001:2013 Information Technology – Security Techniques – Information Security Management Systems – Requirements Standard, Geneva, Switzerland, 2013.
International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 27002:2013 Information Technology – Security Techniques – Code of Practice for Information Security Controls Standard, Geneva, Switzerland, 2013.
International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 27015:2015 Information Technology – Security Techniques – Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services Standard, Geneva, Switzerland, 2015.
C. Johnson, Analyzing the causes of the Italian and Swiss blackout, 28th September 2003, Proceedings of the Twelfth Australian Workshop on Safety-Critical Systems and Software and Safety-Related Programmable Systems, pp. 21–30, 2007.
Kamstrup, OMNIGRID – The digital substation, Skanderborg, Denmark (www.kamstrup.com/en-en/electricity-solutions/smart-electricity-meters/omnigrid), 2022.
Kamstrup, Services and training for electricity utilities, Skanderborg, Denmark (www.kamstrup.com/en-en/electricity-solutions/services), 2022.
National Cyber Security Centre, Cloud Security Guidance, London, United Kingdom (www.ncsc.gov.uk/collection/cloud/the-cloud-security-principles), 2018.
National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, Gaithersburg, Maryland (nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf), 2018.
Norwegian National Security Authority, The National Security Authority’s Basic Principles for ICT Security (in Norwegian), Oslo, Norway (nsm.no/getfile.php/133747-1592917276/Demo/Dokumenter/Veiledere/nsm_grunnprinsipper_for_ikt-2018.pdf), 2018.
C. Osaretin, Smart Meter and Energy Management in an Integrated Power System (www.researchgate.net/publication/305043932_Smart_Meter_and_Energy_Management_In_An_Integrated_Power_System), 2016.
Power Engineering International, Intervention saves 11bn-pound UK smart meter system from potential mass hack, Maarssen, The Netherlands, March 18, 2016.
H. Saele, K. Ingebrigtsen and M. Istad, Advanced Netering and Management Systems of the Future (in Norwegian), Report No. 34/2019, Norwegian Water Resources and Energy Directorate, Oslo, Norway (publikasjoner.nve.no/rapport/2019/rapport2019_34.pdf), 2019.
S. Sahoo, M. Hota and K. Barik, 5G networks, a new look into the future: Beyond all generation networks, American Journal of Systems and Software, vol. 2(4), pp. 108–112, 2014.
H. Shahinzadeh and A. Hasanalizadeh-Khosroshahi, Implementation of smart metering systems: Challenges and solutions, TELKOMNIKA Indonesian Journal of Electrical Engineering, vol. 12(7), pp. 5104–5109, 2014.
Siemens, Cloud-based apps and services for advanced metering infrastructure (AMI), Munich, Germany (new.siemens.com/global/en/products/energy/energy-automation-and-smart-grid/managed-services.html), 2022.
Smart Energy International, Puerto Rico smart meters believed to have been hacked – and such hacks likely to spread, Cape Town, South Africa, April 11, 2012.
Union for the Coordination of Transmission of Electricity, Final Report: System Disturbance on 4 November 2006, Brussels, Belgium (eepublicdownloads.entsoe.eu/clean-documents/pre2015/pu2015/publications/ce/otherreports/Final-Report-20070130.pdf), 2007.
U.S. Department of Energy, Advanced Metering Infrastructure and Customer Systems: Results from the Smart Grid Investment Grant Program, Washington, DC (www.energy.gov/sites/prod/files/2016/12/f34/AMI%20Summary%20Report_09-26-16.pdf), 2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Toftegaard, O., Hagen, J., Hämmerli, B. (2022). ARE EUROPEAN SECURITY POLICIES READY FOR ADVANCED METERING SYSTEMS WITH CLOUD BACK-ENDS?. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XVI. ICCIP 2022. IFIP Advances in Information and Communication Technology, vol 666. Springer, Cham. https://doi.org/10.1007/978-3-031-20137-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-20137-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20136-3
Online ISBN: 978-3-031-20137-0
eBook Packages: Computer ScienceComputer Science (R0)