Anatomy of an intrusion detection system for AMI


Palo Alto, CA, U.S.A. — (METERING.COM) — February 8, 2013 – With the deployment of advanced metering infrastructure (AMI) technology significantly increasing the attack surface that utilities have to protect, there is a critical need for efficient monitoring solutions to supplement protective measures and keep the infrastructure secure.

With this in mind the Electric Power Research Institute (EPRI) has published guidelines for an AMI intrusion detection system, based on current industrial and academic efforts to address the challenge of detecting security events across the range of AMI networks and devices.

Among the findings in the report are that intrusion detection solutions for AMI systems are still at an early stage of development. However, they must be scalable and adapt to resource constraints.

The seven characteristics identified are:

  1. Monitoring of AMI communications at the head-end is necessary but not sufficient, and it also necessary to instrument field devices or to deploy sensors in the field.
  2. Monitoring of embedded operating systems in devices deployed in the field with host-based intrusion detection systems is critical. The capability should be combined with an efficient patch distribution and management mechanism.
  3. Network-based intrusion detection systems should leverage the deterministic nature of energy system communications through the implementation of a white list approach.
  4. Intrusion detection system developers should embrace formal verification tools to validate the design of checkers for both host- and network-based intrusion detection systems.
  5. The deployment of intrusion detection system sensors in the field requires strong protection mechanisms and separate communication channels to prevent the system from becoming compromised.
  6. The monitoring architecture should scale to AMIs made of millions of devices.
  7. Finally, any security solution deployed in the smart grid environment has to be highly practical by reinforcing security layers without affecting the core mission of delivering energy.

The study, “Intrusion Detection System for Advanced Metering Infrastructure,” was prepared by Robin Berthier at University of Illinois at Urbana-Champaign.

It is intended to help utilities and vendors to understand intrusion detection requirements, gaps in existing approaches, and research problems that need to be solved to build and deploy a scalable and comprehensive security monitoring solution.