To main content

Assessing Information Security Risks of AMI: What Makes it so Difficult?

Assessing Information Security Risks of AMI: What Makes it so Difficult?

Category
Part of a book/report
Abstract
A rich selection of methods for information security risk assessments exist, but few studies evaluate how such methods are used, their perceived ease-of-use, and whether additional support is needed. Distribution system operators (DSOs) find it difficult to perform information security risk assessments of Advanced Metering Infrastructure (AMI).We have performed a case study in order to identify these difficulties and the reasons for them. Our findings indicate that the risk assessment method in itself is not the main challenge. The difficulties regard competence; more specifically, insight in possible information security threats and vulnerabilities, being able to foresee consequences, and making educated guesses about probability. Improved guidelines can be a valuable aid, but including information security experts as participants in the process is even more important.
Language
English
Affiliation
  • SINTEF Digital / Software Engineering, Safety and Security
  • SINTEF Digital / Mathematics and Cybernetics
Year
2015
Publisher
SciTePress
Book
1st International Conference on Information Systems Security and Privacy (ICISSP 2015), ESEO, Angers, Loire Valley - France, 9-11 February 2015
ISBN
978-989-758-081-9
Page(s)
56 - 63