To main content

Assessing Information Security Risks of AMI: What Makes it so Difficult?

Abstract

A rich selection of methods for information security risk assessments exist, but few studies evaluate how such
methods are used, their perceived ease-of-use, and whether additional support is needed. Distribution system
operators (DSOs) find it difficult to perform information security risk assessments of Advanced Metering
Infrastructure (AMI).We have performed a case study in order to identify these difficulties and the reasons for
them. Our findings indicate that the risk assessment method in itself is not the main challenge. The difficulties
regard competence; more specifically, insight in possible information security threats and vulnerabilities, being
able to foresee consequences, and making educated guesses about probability. Improved guidelines can be a
valuable aid, but including information security experts as participants in the process is even more important.

Category

Academic chapter/article/Conference paper

Language

English

Affiliation

  • SINTEF Digital / Software Engineering, Safety and Security
  • SINTEF Digital / Mathematics and Cybernetics

Year

2015

Publisher

SciTePress

Book

1st International Conference on Information Systems Security and Privacy (ICISSP 2015), ESEO, Angers, Loire Valley - France, 9-11 February 2015

ISBN

978-989-758-081-9

Page(s)

56 - 63

View this publication at Cristin