Mitigating Cyber-Security Risks to Smart-Grid AMI
By Sanjeev Sharma on Feb 24, 2012
Today, utilities are committing to capital intensive investments in upgrading to smart-grid/metering infrastructure driven by government regulation and consumer awareness. However, in this process of becoming increasingly “smarter”, the digitization of the grid is blurring lines between operational, information and communication technologies. This inadvertently makes the grid highly vulnerable to cyber-attacks, physical sabotage and equipment malfunction in the “last-mile” i.e. Automated Metering Infrastructure (AMI). Key components of AMI are:
- Head-end Systems (HES)
- Meter Reading-Control Systems (MRC)
- Meter Data Management Systems (MDMS)
- Load Control Devices (LC)
The graphic below depicts the logical architecture of AMI, although in practice capabilities of multiple components (other than meters) could be encapsulated in the same application.
The table below describes the cyber-security requirements for AMI identified by Cyber Security Working Group (CSWG) of the Smart-Grid Interoperability Panel (SGIP), based on the NIST IR 7628 standard for Smart-Grid security.
BPM can drive improvements in securing the “last-mile” by enforcing smart-grid security guidelines such as NIST IR 7628. The benefits of greater control and visibility of the AMI processes as listed in the table above are as follows:
- Secure “Last Mile” in energy distribution from cyber-threats and physical attacks with predictive and real-time Fault Modes and Event Assessment (FMEA) for AMI processes
- Lower Regulatory Risk in terms of consumer litigation and disputes with automated audit trail of data flows across the AMI to limit and timely respond to data confidentiality breaches
- Improve Customer Satisfaction by preventing unwarranted disconnections arising from meter malfunction, human-error and data corruption
Clearly, there is an enormous promise in terms of energy conservation and lower carbon footprint in the transformation of the electric grid. However the infusion of information and communication technologies into the conventional electro-mechanical grid does creates unknown vulnerabilities that can bring the grid, if not society, to a halt. Securing the “last-mile” i.e. AMI will be crucial to realizing the promise of the smart-grid future.