Cybersecurity Risk Assessment in Advanced Metering Infrastructure

One of the current Internet of Things (IoT) systems emerging nowadays is the advanced metering infrastructure (AMI) system. The AMI system was intended to gather the electricity consumption customer's data on electricity use before transmitting it to the electricity service providers (ESP) for processing, storage, and analysis. The AMI system faces new security challenges because of the integration of information and communication technology (ICT) with the conventional electric power grid. One precaution that can be utilized to raise the AMI system's security level is the risk assessment process. The risk assessment procedure is one measure that may be used to increase the security level of the AMI system. Our main contribution to this chapter is an evaluation of the present cybersecurity risks to the AMI system. By evaluating security risks, it is possible to identify the crucial assets that need to be protected and any potential vulnerabilities, threat probabilities, and ramifications. The risk matrix for the potential dangers is also set up to evaluate them and select the best risk management strategy. Nine risk scenarios have been discovered in this study concerning each AMI layer and component. The likelihood, impact, and risk degree for each scenario are also determined. A sample of a mitigation approach is put out to bring the risk level down to manageable. This chapter covers the two pillars of work, which are the AMI system and information security risk assessment. It illustrates the essential elements, the objective, and the AMI system's tiers. Furthermore, it demonstrates the information security risk assessment objective, including the required steps for performing the risk assessment process and the different risk analysis approaches. The chapter shows the results of assessing the potential cybersecurity risks of the AMI system. It determines the existing critical assets, vulnerabilities, the probability in which the attack will occur, the impact of these attacks on the AMI system, and the risk levels associated with samples of attack scenarios. The AMI system provides advanced features than the traditional electricity grid as energy monitoring, recording, data collection, load management, and advanced control capabilities. One of the existing examples of an IoT system is the AMI system, which uses IT to digitize the conventional electricity grid.