IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v15y2023i12p9812-d1174992.html
   My bibliography  Save this article

When Security Risk Assessment Meets Advanced Metering Infrastructure: Identifying the Appropriate Method

Author

Listed:
  • Mostafa Shokry

    (Department of Infrastructure and Information Security, Ministry of Electricity and Renewable Energy, Cairo 11517, Egypt)

  • Ali Ismail Awad

    (College of Information Technology, United Arab Emirates University, Al Ain P.O. Box 15551, United Arab Emirates
    Centre for Security, Communications and Network Research, University of Plymouth, Plymouth PL4 8AA, UK)

  • Mahmoud Khaled Abd-Ellah

    (Faculty of Artificial Intelligence, Egyptian Russian University, Cairo 11829, Egypt)

  • Ashraf A. M. Khalaf

    (Department of Electrical Engineering, Faculty of Engineering, Minia University, Minia 61519, Egypt)

Abstract

Leading risk assessment standards such as the NIST SP 800-39 and ISO 27005 state that information security risk assessment (ISRA) is one of the crucial stages in the risk-management process. It pinpoints current weaknesses and potential risks, the likelihood of their materializing, and their potential impact on the functionality of critical information systems such as advanced metering infrastructure (AMI). If the current security controls are insufficient, risk assessment helps with applying countermeasures and choosing risk-mitigation strategies to decrease the risk to a controllable level. Although studies have been conducted on risk assessment for AMI and smart grids, the scientific foundations for selecting and using an appropriate method are lacking, negatively impacting the credibility of the results. The main contribution of this work is identifying an appropriate ISRA method for AMI by aligning the risk assessment criteria for AMI systems with the ISRA methodologies’ characteristics. Consequently, this work makes three main contributions. First, it presents a comprehensive comparison of multiple ISRA methods, including OCTAVE Allegro (OA), CORAS, COBRA, and FAIR, based on a variety of input requirements, tool features, and the type of risk assessment method. Second, it explores the necessary conditions for carrying out a risk assessment for an AMI system. Third, these AMI risk assessment prerequisites are aligned with the capabilities of multiple ISRA approaches to identify the best ISRA method for AMI systems. The OA method is found to be the best-suited risk assessment method for AMI, and this outcome paves the way to standardizing this method for AMI risk assessment.

Suggested Citation

  • Mostafa Shokry & Ali Ismail Awad & Mahmoud Khaled Abd-Ellah & Ashraf A. M. Khalaf, 2023. "When Security Risk Assessment Meets Advanced Metering Infrastructure: Identifying the Appropriate Method," Sustainability, MDPI, vol. 15(12), pages 1-17, June.
    • Handle: RePEc:gam:jsusta:v:15:y:2023:i:12:p:9812-:d:1174992
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/15/12/9812/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/15/12/9812/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Hansen, Aaron & Staggs, Jason & Shenoi, Sujeet, 2017. "Security analysis of an advanced metering infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 18(C), pages 3-19.
    2. Seppo Borenius & Pavithra Gopalakrishnan & Lina Bertling Tjernberg & Raimo Kantola, 2022. "Expert-Guided Security Risk Assessment of Evolving Power Grids," Energies, MDPI, vol. 15(9), pages 1-25, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Jianguo Ding & Attia Qammar & Zhimin Zhang & Ahmad Karim & Huansheng Ning, 2022. "Cyber Threats to Smart Grids: Review, Taxonomy, Potential Solutions, and Future Directions," Energies, MDPI, vol. 15(18), pages 1-37, September.
    2. Diao, Xiaoxu & Zhao, Yunfei & Smidts, Carol & Vaddi, Pavan Kumar & Li, Ruixuan & Lei, Hangtian & Chakhchoukh, Yacine & Johnson, Brian & Blanc, Katya Le, 2024. "Dynamic probabilistic risk assessment for electric grid cybersecurity," Reliability Engineering and System Safety, Elsevier, vol. 241(C).
    3. Barra, P.H.A. & Coury, D.V. & Fernandes, R.A.S., 2020. "A survey on adaptive protection of microgrids and distribution systems with distributed generators," Renewable and Sustainable Energy Reviews, Elsevier, vol. 118(C).
    4. Jasiūnas, Justinas & Lund, Peter D. & Mikkola, Jani, 2021. "Energy system resilience – A review," Renewable and Sustainable Energy Reviews, Elsevier, vol. 150(C).
    5. Shrestha, Manish & Johansen, Christian & Noll, Josef & Roverso, Davide, 2020. "A Methodology for Security Classification applied to Smart Grid Infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 28(C).
    6. Michał Bajor & Marcin Niemiec, 2022. "An Asynchronous AAA Blockchain-Based Protocol for Configuring Information Systems," Energies, MDPI, vol. 15(18), pages 1-19, September.
    7. Aichhorn, Andreas & Etzlinger, Bernhard & Unterweger, Andreas & Mayrhofer, René & Springer, Andreas, 2018. "Design, implementation, and evaluation of secure communication for line current differential protection systems over packet switched networks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 23(C), pages 68-78.
    8. Md Shafiullah & Akib Mostabe Refat & Md Ershadul Haque & Dewan Mabrur Hasan Chowdhury & Md Sanower Hossain & Abdullah G. Alharbi & Md Shafiul Alam & Amjad Ali & Shorab Hossain, 2022. "Review of Recent Developments in Microgrid Energy Management Strategies," Sustainability, MDPI, vol. 14(22), pages 1-30, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:15:y:2023:i:12:p:9812-:d:1174992. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.