Common set of information for AMI alarms recommended by EPRI


Palo Alto, CA, U.S.A. — (METERING.COM) — May 7, 2013 – A common definition of the structure, content, and semantics of advanced metering infrastructure (AMI) alarms and events would enable a new level of interoperability for the cybersecurity of AMI systems and accelerate the integration of AMI systems with security information and event management (SIEM) and intrusion detection systems (IDSs), according to a new EPRI report.

With the widespread deployment of large-scale AMI systems, utilities must address the task of managing the alarms and events that are generated by the meters. However, AMI systems do not easily integrate into SIEM systems and IDSs due to the fact that AMI vendors do not use standard data objects for representing the alarms and events that are generated by the meters.

The report, Advanced Metering Infrastructure (AMI) Security Objects, from EPRI’s cybersecurity research team, is aimed to address this issue by developing standard security objects for AMI systems.

Specifically the report considers the meter to AMI head-end interface and the head-end to SIEM interface, and includes only alarms and events generated by the meter and not the supporting AMI components such as the collection engine, technician service tool, or other AMI equipment at the head-end.

Other takeaways from the report are that many of the recommended security events and alarms are not currently in the ANSI C12.19 standard for AMI, but may be implemented in vendor-specific data tables.  

The report also recommends that AMI vendors should be engaged to support prototype implementations of the proposed alarms and events. Third party security application vendors may also be consulted to accelerate the integration of the proposed events and alarms with SIEMs and IDSs.