AMI system security requirements released


Knoxville, TN, U.S.A. — (METERING.COM) — March 11, 2009 – A set of AMI System Security Requirements has been released by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force – a first-of-its-kind for the utility industry that will help utilities procure and implement secure components and systems using a common set of security requirements.

Utility companies of the future will deliver energy and information to customers through a “smart” energy supply chain created by the convergence of electric, communication and information technologies that are highly automated for responding to the changing environment, electricity demands and customer needs. However, as the utility industry’s capabilities increase to serve the needs of a rapidly growing information society, the breadth and sophistication of the threat environment these smart grid solutions operate in also increases.

By bridging heterogeneous networks capable of exchanging information seamlessly across the AMI older proprietary and often manual methods of securing utility services will disappear as each is replaced by more open, automated and networked solutions.  The benefits of this increased connectivity depends upon robust security services and implementations that are necessary to minimize disruption of vital services and provide increased reliability, manageability and survivability of the electric grid.

The purpose of the AMI security specification is to provide the utility industry along with supporting vendor communities and other stakeholders a set of security requirements that should be applied to AMI implementations to ensure the high level of information assurance, availability and security necessary to maintain a reliable system and consumer confidence.

The requirements are categorized into three areas – primary security services, supporting security services, and assurance services.

Primary security services comprise confidentiality and privacy, integrity, availability, identification, authentication, authorization, non-repudiation, and accounting.

Supporting security services comprise anomaly detection services, boundary services, cryptographic services, notification and signaling services, resource management services, and trust and certificate services

Assurance services comprise development rigor, organizational rigor, handling/operating rigor, accountability, and access control.

“As our nation’s utilities quickly work to implement innovative smart grid technologies, it is critical that we work together to ensure cyber security is built in from the beginning,” said Hank Kenchington, deputy assistant secretary for R&D in the Department of Energy’s (DOE) Office of Electricity Delivery and Energy Reliability. “Building not only a smart grid but a secure grid is a priority for the DOE.”

DOE has the responsibility to coordinate the federal government’s activities in smart grid technologies and is working with the National Institute of Standards, the Federal Energy Regulatory Corporation and private sector stakeholders to develop a framework for smart grid interoperability standards including cyber security.

Building on collaborative efforts to standardize other aspects of AMI, eleven leading utilities joined together with the DOE to standardize the set of security requirements, which were developed by consulting commonly accepted practices in both industry and government.

The AMI-SEC Task Force, a part of the Utility Communications Architecture International Users Group (UCAIug), was established to define common requirements and produce standardized specifications for securing AMI system elements. Members include utility engineers, security domain experts, standards body representatives and industry-leading vendors.

Utilities contributing to this effort include American Electric Power, Austin Energy, BC Hydro, Consumers Energy, Dominion, Duke Energy, Kansas City Power & Light, Oncor, Pacific Gas & Electric, San Diego Gas & Electric and Southern California Edison.