Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)

Published byJonah Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)"— Presentation transcript:

1 Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)

2 AIM To review the design of the Johannesburg Metro’s AMI systems in terms of security and privacy; and to evaluate this design with respect to local regulations (e.g. POPI Act; NRS049) and accepted international recommendations like NIST Guidelines for Smart Grid Cybersecurity (NIST-IR 7628).

3 Introduction Globally, huge amount of financial assistance has been provided by governments to support the deployment of Smart Meters system due to the system’s ability to improve efficiency, grid integration of clean energy sources, recoup financial losses and ensure security of supply through DSM. City Power and Eskom have been deploying smart metering in the Johannesburg Metro.

4 Global deployment of smart meters (NES, 2014)

5 Source: GigaOM, Software Group, IBM Institute for Business Value

6 Introduction Cont…. Challenges of smart meter technology Public resistance in some countries due to privacy and security concern.  Detailed information about a customer’s energy consumption = user patterns = household’s activity.  Legal implication: The Protection of Personal Information Act puts the responsibility of securing personal data onto the person controlling the data (POPI Act, 2013). Standards build trust into the system and ensures that the system has interoperability and portability function which is critical for functional audits

7

8 Research Questions Is the design of the smart metering system by the Johannesburg Metro Utilities in line with international best practices and standards in terms of security and privacy? What challenges were unique to South Africa and required changes which are not fully covered by the International standard framework? How will POPI impact Operations? What information is necessary in order to analyse the security and privacy of a deployed smart metering system?

9 Research Methodology S emi-structured interviews used in qualitative research NISTIR 7628 “Guidelines for Smart Grid Cyber Security” Other accepted smart meter and smart grid standards, Local legislation such as the POPI Act (2013) and the utilities' threat models that define the final design chosen.

10 Key Findings Vendor Systems Landis+Gyr and Itron: 2 main vendors with AMI in the Johannesburg Metro. Their equipment and services they provide are in line with international recommendations, such as NIST- IR 7628, and follow best practices. The vendor systems are compliant with the standard. The use of Zigbee Standard was found to have a vulnerability that can be exploited under certain conditions.

11 Key Findings cont…. Communication standards As recommended by NIST-IR 7628, the standards used in the smart grid should be open standards. Communication standards cannot be objectively superior to one another because in most implementations, there are trade-offs that depend on the user’s requirements. The biggest challenge for communication standards is interoperability.(Erlinghagen et al. 2015).

12 Analysis and Recommendations 1. Utility policy regarding PII 2. Relationships with vendors 3. In-house data management 5. Smart grid security Manager 6. Meter reading frequency 7. Data retention 8. Event response 9. Local regulations 10. New technologies and developments

13 Current Development NERSA is still looking at framework that would enable homes and businesses to receive credit for feeding surplus power to the grid. The NRS049 WG published a call to the Industry in order to obtain input on the revised specification  The WG recommends the used of IDIS-ZA DSM/COSEM security standard

14 Conclusion T he widespread deployment of smart meters amplifies the consequences of security vulnerability. Remote disconnection must be carefully protected to avoid misuse, which could have serious consequences. Practices such as security by design can assist in ensuring the overall security of the system. The utilities’ and vendors’ company policies and procedures should prioritize the security and privacy aspects of this technology and these priorities should be reflected in the daily operations of these companies.

15 Thank you!

16 References Anderson, R., & Fuloria, S. (2010). Who controls the off switch. Proceedings of the IEEE SmartGridComm. Brown, I. (2014). Britain's smart meter programme: A case study in privacy by design. International Review of Law, Computers & Technology, 28(2), 172-184. City Power, (2015a). http://www.joburg.org.za/index.php?option%3Dcom_content%26view%3Darticle%26id%3D6393%26catid%3D88%26Itemid%3D26 6 (Accessed on 12 February 2015) http://www.joburg.org.za/index.php?option%3Dcom_content%26view%3Darticle%26id%3D6393%26catid%3D88%26Itemid%3D26 6 City Power. (2015b) https://www.citypower.co.za/Pages/Energy-Management.aspx ( Accessed on 10 March 2015)https://www.citypower.co.za/Pages/Energy-Management.aspx Cohen, D., & Crabtree, B. (2006). Qualitative research guidelines project. Cuijpers, C., & Koops, B. J. (2013). Smart metering and privacy in Europe: lessons from the Dutch case. In European data protection: coming of age (pp. 269-293). Springer Netherlands. Erlinghagen, S., Lichtensteiger, B.,& Markard, J., 2015: Smart meter communication standards in Europe–a comparison. Renewable and Sustainable Energy Reviews, 43, 1249-1262. Eskom (2015 ) http://www.eskom.co.za/OurCompany/MediaRoom/SystemStatusBulletins/Documents/SyStatus321.pdf (Accessed 19 February 2015) http://www.eskom.co.za/OurCompany/MediaRoom/SystemStatusBulletins/Documents/SyStatus321.pdf

17 References NIST-IR-7628 (2014) http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf Accessed on 15 February 2015)http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf POPI ACT, (2013). http://www.justice.gov.za/legislation/acts/2013-004.pdf (Accessed on 12 February 2015)http://www.justice.gov.za/legislation/acts/2013-004.pdf SAICA, (2015). https://www.saica.co.za/Technical/LegalandGovernance/Legislation/ProtectionofPers onalInformationAct/tabid/3335/language/en-ZA/Default.aspx (Accessed on 12 February 2015) https://www.saica.co.za/Technical/LegalandGovernance/Legislation/ProtectionofPers onalInformationAct/tabid/3335/language/en-ZA/Default.aspx Torr, P. (2005). Demystifying the threat modeling process. Security & Privacy, IEEE, 3(5), 66-70. Zic, J. J., Groot, M., Liu, D., Jang, J., & Wang, C. (2012). Hardware security device facilitated trusted energy services. Mobile Networks and Applications,17(4), 564-577.

Download ppt "Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)"

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Impact of Smart Grid, ICT on Environment and Climate Change David Su Advanced Network Technologies National Institute of Standards and Technology ITU Symposium.

Impact of Smart Grid, ICT on Environment and Climate Change David Su Advanced Network Technologies National Institute of Standards and Technology ITU Symposium.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
UCAIug HAN SRS v2.0 Summary August 12, 2010. 2 Scope of HAN SRS in the NIST conceptual model.

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
September 30, 2011 OASIS Open Smart Grid Reference Model: Standards Landscape Analysis.

September 30, 2011 OASIS Open Smart Grid Reference Model: Standards Landscape Analysis.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.
Eurasian Corporate Governance Roundtable

Eurasian Corporate Governance Roundtable
SUSTAINABLE ENERGY REGULATION AND POLICY-MAKING FOR AFRICA Module 14 Energy Efficiency Module 14: DEMAND-SIDE MANAGEMENT.

SUSTAINABLE ENERGY REGULATION AND POLICY-MAKING FOR AFRICA Module 14 Energy Efficiency Module 14: DEMAND-SIDE MANAGEMENT.
SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.
Patricia de Suzzoni, Chair of ERGEG Customer Working Group Citizens’ Energy Forum, London, 29-30 September 2009 Regulatory aspects of smart metering in.

Patricia de Suzzoni, Chair of ERGEG Customer Working Group Citizens’ Energy Forum, London, September 2009 Regulatory aspects of smart metering in.

Similar presentations

Ads by Google