CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems

Mostafa Shokry; Ali Ismail Awad; Mahmoud Khaled Abd-Ellah; Ashraf A.M. Khalaf

doi:10.1007/978-3-031-20601-6_39

CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems

Mostafa Shokry, Ali Ismail Awad, Mahmoud Khaled Abd-Ellah, Ashraf A.M. Khalaf

Research output: Chapter in Book/Report/Conference proceeding › Chapter (peer-reviewed) › peer-review

5 Citations (Scopus)

Abstract

The risk assessment process is one of the most important tasks that must be performed on critical infrastructure systems to detect security vulnerabilities and risks. The risk assessment task is used to evaluate the likelihood and the impact of the potential threats on the critical assets of any system by determining the threats, the unwanted incidents, and the mitigation techniques to reduce these risks. The advanced metering infrastructure (AMI) system is considered one of the critical infrastructure systems and part of the smart grid system. AMI collects electricity consumption data from the customer’s residence to the electricity data center through bidirectional communication channels to be analyzed. This paper conducts a risk assessment process on the AMI system using the CORAS risk assessment model and CORAS risk assessment tool v1.4 to identify possible risks. The study applies the eight steps of the CORAS model to the AMI system from determining the critical assets in the AMI system to determining the mitigation techniques that can be applied to overcome the existing security vulnerabilities. In the end, this study provides a better understanding of the AMI security risks toward identifying adequate security perimeters for AMI systems.

Original language	English
Title of host publication	Lecture Notes on Data Engineering and Communications Technologies
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	449-459
Number of pages	11
DOIs	https://doi.org/10.1007/978-3-031-20601-6_39
Publication status	Published - 2023

Publication series

Name	Lecture Notes on Data Engineering and Communications Technologies
Volume	152
ISSN (Print)	2367-4512
ISSN (Electronic)	2367-4520

Keywords

Advanced metering infrastructure (AMI)
CORAS risk assessment model
Risk assessment
Security threats
Smart grids

ASJC Scopus subject areas

Information Systems
Media Technology
Computer Science Applications
Computer Networks and Communications
Electrical and Electronic Engineering

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-031-20601-6_39

Cite this

Shokry, M., Awad, A. I., Abd-Ellah, M. K., & Khalaf, A. A. M. (2023). CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems. In Lecture Notes on Data Engineering and Communications Technologies (pp. 449-459). (Lecture Notes on Data Engineering and Communications Technologies; Vol. 152). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-20601-6_39

CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems. / Shokry, Mostafa; Awad, Ali Ismail; Abd-Ellah, Mahmoud Khaled et al.
Lecture Notes on Data Engineering and Communications Technologies. Springer Science and Business Media Deutschland GmbH, 2023. p. 449-459 (Lecture Notes on Data Engineering and Communications Technologies; Vol. 152).

Research output: Chapter in Book/Report/Conference proceeding › Chapter (peer-reviewed) › peer-review

Shokry, M, Awad, AI, Abd-Ellah, MK & Khalaf, AAM 2023, CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems. in Lecture Notes on Data Engineering and Communications Technologies. Lecture Notes on Data Engineering and Communications Technologies, vol. 152, Springer Science and Business Media Deutschland GmbH, pp. 449-459. https://doi.org/10.1007/978-3-031-20601-6_39

Shokry M, Awad AI, Abd-Ellah MK, Khalaf AAM. CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems. In Lecture Notes on Data Engineering and Communications Technologies. Springer Science and Business Media Deutschland GmbH. 2023. p. 449-459. (Lecture Notes on Data Engineering and Communications Technologies). doi: 10.1007/978-3-031-20601-6_39

@inbook{0bdf41552222409e9b2d75772ddd9347,

title = "CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems",

abstract = "The risk assessment process is one of the most important tasks that must be performed on critical infrastructure systems to detect security vulnerabilities and risks. The risk assessment task is used to evaluate the likelihood and the impact of the potential threats on the critical assets of any system by determining the threats, the unwanted incidents, and the mitigation techniques to reduce these risks. The advanced metering infrastructure (AMI) system is considered one of the critical infrastructure systems and part of the smart grid system. AMI collects electricity consumption data from the customer{\textquoteright}s residence to the electricity data center through bidirectional communication channels to be analyzed. This paper conducts a risk assessment process on the AMI system using the CORAS risk assessment model and CORAS risk assessment tool v1.4 to identify possible risks. The study applies the eight steps of the CORAS model to the AMI system from determining the critical assets in the AMI system to determining the mitigation techniques that can be applied to overcome the existing security vulnerabilities. In the end, this study provides a better understanding of the AMI security risks toward identifying adequate security perimeters for AMI systems.",

keywords = "Advanced metering infrastructure (AMI), CORAS risk assessment model, Risk assessment, Security threats, Smart grids",

author = "Mostafa Shokry and Awad, {Ali Ismail} and Abd-Ellah, {Mahmoud Khaled} and Khalaf, {Ashraf A.M.}",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.",

year = "2023",

doi = "10.1007/978-3-031-20601-6_39",

language = "English",

series = "Lecture Notes on Data Engineering and Communications Technologies",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "449--459",

booktitle = "Lecture Notes on Data Engineering and Communications Technologies",

address = "Germany",

}

TY - CHAP

T1 - CORAS Model for Security Risk Assessment in Advanced Metering Infrastructure Systems

AU - Shokry, Mostafa

AU - Awad, Ali Ismail

AU - Abd-Ellah, Mahmoud Khaled

AU - Khalaf, Ashraf A.M.

PY - 2023

Y1 - 2023

N2 - The risk assessment process is one of the most important tasks that must be performed on critical infrastructure systems to detect security vulnerabilities and risks. The risk assessment task is used to evaluate the likelihood and the impact of the potential threats on the critical assets of any system by determining the threats, the unwanted incidents, and the mitigation techniques to reduce these risks. The advanced metering infrastructure (AMI) system is considered one of the critical infrastructure systems and part of the smart grid system. AMI collects electricity consumption data from the customer’s residence to the electricity data center through bidirectional communication channels to be analyzed. This paper conducts a risk assessment process on the AMI system using the CORAS risk assessment model and CORAS risk assessment tool v1.4 to identify possible risks. The study applies the eight steps of the CORAS model to the AMI system from determining the critical assets in the AMI system to determining the mitigation techniques that can be applied to overcome the existing security vulnerabilities. In the end, this study provides a better understanding of the AMI security risks toward identifying adequate security perimeters for AMI systems.

AB - The risk assessment process is one of the most important tasks that must be performed on critical infrastructure systems to detect security vulnerabilities and risks. The risk assessment task is used to evaluate the likelihood and the impact of the potential threats on the critical assets of any system by determining the threats, the unwanted incidents, and the mitigation techniques to reduce these risks. The advanced metering infrastructure (AMI) system is considered one of the critical infrastructure systems and part of the smart grid system. AMI collects electricity consumption data from the customer’s residence to the electricity data center through bidirectional communication channels to be analyzed. This paper conducts a risk assessment process on the AMI system using the CORAS risk assessment model and CORAS risk assessment tool v1.4 to identify possible risks. The study applies the eight steps of the CORAS model to the AMI system from determining the critical assets in the AMI system to determining the mitigation techniques that can be applied to overcome the existing security vulnerabilities. In the end, this study provides a better understanding of the AMI security risks toward identifying adequate security perimeters for AMI systems.

KW - Advanced metering infrastructure (AMI)

KW - CORAS risk assessment model

KW - Risk assessment

KW - Security threats

KW - Smart grids

UR - http://www.scopus.com/inward/record.url?scp=85142633433&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85142633433&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-20601-6_39

DO - 10.1007/978-3-031-20601-6_39

M3 - Chapter (peer-reviewed)

AN - SCOPUS:85142633433

T3 - Lecture Notes on Data Engineering and Communications Technologies

SP - 449

EP - 459

BT - Lecture Notes on Data Engineering and Communications Technologies

PB - Springer Science and Business Media Deutschland GmbH

ER -