Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)

Slides:

Advertisements

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Advertisements

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Impact of Smart Grid, ICT on Environment and Climate Change David Su Advanced Network Technologies National Institute of Standards and Technology ITU Symposium.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Cloud computing security related works in ITU-T SG17

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

September 30, 2011 OASIS Open Smart Grid Reference Model: Standards Landscape Analysis.

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Security Controls – What Works

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

Eurasian Corporate Governance Roundtable

SUSTAINABLE ENERGY REGULATION AND POLICY-MAKING FOR AFRICA Module 14 Energy Efficiency Module 14: DEMAND-SIDE MANAGEMENT.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

Patricia de Suzzoni, Chair of ERGEG Customer Working Group Citizens’ Energy Forum, London, September 2009 Regulatory aspects of smart metering in.

RETHINKING THE ELECTRICITY GRID RETHINKING THE ELECTRICITY GRID 14 May 2012 Presented by: PATRICIA DE SUZZONI ADVISOR TO THE CHAIR OF CRE (French Energy.

Overview of ITU-T Study Group 5 “Environment and Climate Change” Cristina Bueti, Adviser, ITU.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

1 SmartMeter™ Delivering Customer Benefits Jana Corey Director, Policy Planning Integrated Demand-side Management Pacific Gas and Electric Company.

Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Evolving IT Framework Standards (Compliance and IT)

Management Information Systems

Lessons Learned in Smart Grid Cyber Security

Instituto de Investigaciones Eléctricas

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

SMART GRID: Privacy Awareness and Training – Information for Consumers A Starting Point April 2012 SGIP-CSWG Privacy Group 1 DRAFT v8.

Andrea Ricci - ISIS Brussels, 12 April 2012 Smart Grids: Overview of the study and main challenges 1.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Frans Oosterhuis, 2012 EEEN forum, Leuven, 9 February 2012 Evaluating environmental law and policy in The Netherlands: experiences from the ‘STEM’ programme.

A National approach to Cyber security/CIIP: Raising awareness.

1 February 2005 Briefing Sessions Draft Regulations Using Water for Recreational Purposes.

An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

1 User Policy (slides from Michael Ee and Julia Gideon)

Eliza de Guzman HTM 520 Health Information Exchange.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

The strategy for improved electricity distribution maintenance 9 June 2008.

Consumer Education and Information (Session Ib: Tools to empower consumers) Edin Zametica Advisor to SERC, Bosnia and Herzegovina Chair of the ECRB Customers.

Small School Thin Client Network Using Windows OS.

1 Electricity Industry – Municipal Tariff Issues and NERSA Approval Processes Compiled by Nhlanhla Ngidi.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

© OECD/IEA 2010 Towards smart and energy efficient systems Vida Rozite The Role of Standardization for Smart Grids in Realizing Their Energy-Efficiency.

An Overview of the Smart Metering Programme in GB.

Describe the potential of IT to improve internal and external communications By Jim Green.

International Telecommunication Union Committed to connecting the world Overview of ITU-T/SG5 “Environment and climate change” Ahmed Zeddam Chairman of.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Here Renewable Energy Independent Power Producer Programme Bidder’s Conference 16 August 2012 Andrew Etzinger Senior General Manager Eskom.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

EuropeAid Migration & Development EU perspective 7 March 2013, Brussels.

A Global Approach to EMF Management and Standards Mike Wood Vice Chairman, ITU-T SG5, WP2 11th Symposium on ICT, Environment and Climate Change 21 April.

Leverage What’s Out There

EIUG Energy Intensive Users Group Comments on the Energy Bill

An ICT role in key sectors of development of society.

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Smart Electric Meter Market to cross $10bn by 2024: Global Market Insights.

Glenn Parsons, GTSC-9 Chair, ISACC

Institutional Framework, Resources and Management

ETSI Standardization Activities on Smart Grids

Glenn Parsons, GTSC-9 Chair, ISACC

Smart Grid Market

Presentation transcript:

Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)

AIM To review the design of the Johannesburg Metro’s AMI systems in terms of security and privacy; and to evaluate this design with respect to local regulations (e.g. POPI Act; NRS049) and accepted international recommendations like NIST Guidelines for Smart Grid Cybersecurity (NIST-IR 7628).

Introduction Globally, huge amount of financial assistance has been provided by governments to support the deployment of Smart Meters system due to the system’s ability to improve efficiency, grid integration of clean energy sources, recoup financial losses and ensure security of supply through DSM. City Power and Eskom have been deploying smart metering in the Johannesburg Metro.

Global deployment of smart meters (NES, 2014)

Source: GigaOM, Software Group, IBM Institute for Business Value

Introduction Cont…. Challenges of smart meter technology Public resistance in some countries due to privacy and security concern.  Detailed information about a customer’s energy consumption = user patterns = household’s activity.  Legal implication: The Protection of Personal Information Act puts the responsibility of securing personal data onto the person controlling the data (POPI Act, 2013). Standards build trust into the system and ensures that the system has interoperability and portability function which is critical for functional audits

Research Questions Is the design of the smart metering system by the Johannesburg Metro Utilities in line with international best practices and standards in terms of security and privacy? What challenges were unique to South Africa and required changes which are not fully covered by the International standard framework? How will POPI impact Operations? What information is necessary in order to analyse the security and privacy of a deployed smart metering system?

Research Methodology S emi-structured interviews used in qualitative research NISTIR 7628 “Guidelines for Smart Grid Cyber Security” Other accepted smart meter and smart grid standards, Local legislation such as the POPI Act (2013) and the utilities' threat models that define the final design chosen.

Key Findings Vendor Systems Landis+Gyr and Itron: 2 main vendors with AMI in the Johannesburg Metro. Their equipment and services they provide are in line with international recommendations, such as NIST- IR 7628, and follow best practices. The vendor systems are compliant with the standard. The use of Zigbee Standard was found to have a vulnerability that can be exploited under certain conditions.

Key Findings cont…. Communication standards As recommended by NIST-IR 7628, the standards used in the smart grid should be open standards. Communication standards cannot be objectively superior to one another because in most implementations, there are trade-offs that depend on the user’s requirements. The biggest challenge for communication standards is interoperability.(Erlinghagen et al. 2015).

Analysis and Recommendations 1. Utility policy regarding PII 2. Relationships with vendors 3. In-house data management 5. Smart grid security Manager 6. Meter reading frequency 7. Data retention 8. Event response 9. Local regulations 10. New technologies and developments

Current Development NERSA is still looking at framework that would enable homes and businesses to receive credit for feeding surplus power to the grid. The NRS049 WG published a call to the Industry in order to obtain input on the revised specification  The WG recommends the used of IDIS-ZA DSM/COSEM security standard

Conclusion T he widespread deployment of smart meters amplifies the consequences of security vulnerability. Remote disconnection must be carefully protected to avoid misuse, which could have serious consequences. Practices such as security by design can assist in ensuring the overall security of the system. The utilities’ and vendors’ company policies and procedures should prioritize the security and privacy aspects of this technology and these priorities should be reflected in the daily operations of these companies.

Thank you!

References Anderson, R., & Fuloria, S. (2010). Who controls the off switch. Proceedings of the IEEE SmartGridComm. Brown, I. (2014). Britain's smart meter programme: A case study in privacy by design. International Review of Law, Computers & Technology, 28(2), City Power, (2015a). 6 (Accessed on 12 February 2015) 6 City Power. (2015b) ( Accessed on 10 March 2015) Cohen, D., & Crabtree, B. (2006). Qualitative research guidelines project. Cuijpers, C., & Koops, B. J. (2013). Smart metering and privacy in Europe: lessons from the Dutch case. In European data protection: coming of age (pp ). Springer Netherlands. Erlinghagen, S., Lichtensteiger, B.,& Markard, J., 2015: Smart meter communication standards in Europe–a comparison. Renewable and Sustainable Energy Reviews, 43, Eskom (2015 ) (Accessed 19 February 2015)

References NIST-IR-7628 (2014) Accessed on 15 February 2015) POPI ACT, (2013). (Accessed on 12 February 2015) SAICA, (2015). onalInformationAct/tabid/3335/language/en-ZA/Default.aspx (Accessed on 12 February 2015) onalInformationAct/tabid/3335/language/en-ZA/Default.aspx Torr, P. (2005). Demystifying the threat modeling process. Security & Privacy, IEEE, 3(5), Zic, J. J., Groot, M., Liu, D., Jang, J., & Wang, C. (2012). Hardware security device facilitated trusted energy services. Mobile Networks and Applications,17(4),