Advanced metering infrastructure reference model with automated cyber security analysis

Abstract: European Union has set a target to install nearly 200 million smart metersspread over Europe before 2020, this leads into a vast increase of sensitiveinformation flow for Distribution System Operators (DSO’s), simultaneously thisleads to raised cyber security threats. The in and outgoing information of the DSOneeds to be processed and stored by different Information technology (IT)- andOperational Technology (OT)-systems depending on the information. High demandsare therefore required of the enterprise cyber security to be able to protect theenterprise IT- and OT-systems. Sensitive customer information and a variety ofservices and functionality is examples that could be fatal to a DSO if compromised.For instance, if someone with bad intentions has the possibility to tinker with yourelectricity, while you’re away on holiday. If they succeed with the attack and shuttingdown the house electricity, your food stored in your fridge and freezer would mostlikely to be rotted, additionally damage from defrost water leaking could cause severedamaging on walls and floors. In this thesis, a detailed reference model of theadvanced metering architecture (AMI) has been produced to support enterprisesinvolved in the process of implementing smart meter architecture and to adapt to newrequirements regarding cyber security. This has been conduct using foreseeti's toolsecuriCAD, foreseeti is a proactive cyber security company using architecturemanagement. SecuriCAD is a modeling tool that can conduct cyber security analysis,where the user can see how long time it would take for a professional penetrationtester to penetrate the systems in the model depending of the set up and defenseattributes of the architecture. By varying defense mechanisms of the systems, fourscenarios have been defined and used to formulate recommendations based oncalculations of the advanced meter architecture. Recommendation in brief: Use smalland distinct network zones with strict communication rules between them. Do diligentsecurity arrangements for the system administrator PC. The usage of IntrusionProtection System (IPS) in the right fashion can delay the attacker with a percentageof 46% or greater.