When Security Risk Assessment Meets Advanced Metering Infrastructure: Identifying the Appropriate Method

Mostafa Shokry, Ali Ismail Awad (), Mahmoud Khaled Abd-Ellah and Ashraf A. M. Khalaf
Additional contact information
Mostafa Shokry: Department of Infrastructure and Information Security, Ministry of Electricity and Renewable Energy, Cairo 11517, Egypt
Ali Ismail Awad: College of Information Technology, United Arab Emirates University, Al Ain P.O. Box 15551, United Arab Emirates
Mahmoud Khaled Abd-Ellah: Faculty of Artificial Intelligence, Egyptian Russian University, Cairo 11829, Egypt
Ashraf A. M. Khalaf: Department of Electrical Engineering, Faculty of Engineering, Minia University, Minia 61519, Egypt

Sustainability, 2023, vol. 15, issue 12, 1-17

Abstract: Leading risk assessment standards such as the NIST SP 800-39 and ISO 27005 state that information security risk assessment (ISRA) is one of the crucial stages in the risk-management process. It pinpoints current weaknesses and potential risks, the likelihood of their materializing, and their potential impact on the functionality of critical information systems such as advanced metering infrastructure (AMI). If the current security controls are insufficient, risk assessment helps with applying countermeasures and choosing risk-mitigation strategies to decrease the risk to a controllable level. Although studies have been conducted on risk assessment for AMI and smart grids, the scientific foundations for selecting and using an appropriate method are lacking, negatively impacting the credibility of the results. The main contribution of this work is identifying an appropriate ISRA method for AMI by aligning the risk assessment criteria for AMI systems with the ISRA methodologies’ characteristics. Consequently, this work makes three main contributions. First, it presents a comprehensive comparison of multiple ISRA methods, including OCTAVE Allegro (OA), CORAS, COBRA, and FAIR, based on a variety of input requirements, tool features, and the type of risk assessment method. Second, it explores the necessary conditions for carrying out a risk assessment for an AMI system. Third, these AMI risk assessment prerequisites are aligned with the capabilities of multiple ISRA approaches to identify the best ISRA method for AMI systems. The OA method is found to be the best-suited risk assessment method for AMI, and this outcome paves the way to standardizing this method for AMI risk assessment.

Keywords: advanced metering infrastructure; information security risk assessment; smart grids; smart cities; risk assessment methods; OCTAVE Allegro; CRAMM (search for similar items in EconPapers)
JEL-codes: O13 Q Q0 Q2 Q3 Q5 Q56 (search for similar items in EconPapers)
Date: 2023
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2071-1050/15/12/9812/pdf (application/pdf)
https://www.mdpi.com/2071-1050/15/12/9812/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jsusta:v:15:y:2023:i:12:p:9812-:d:1174992

Access Statistics for this article

Sustainability is currently edited by Ms. Alexandra Wu

More articles in Sustainability from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().