الفهرس 
CHAPTER 1: INTRODUCTIONOnly 14 pages are availabe for public view
 |  | from | 125 |  |  |
| | | from | 125 | | |
Abstract
There is a paradigm shift from traditional power distribution systems to smart grids (SGs) due to information and communication technology (ICT) advances. An advanced metering infrastructure (AMI) is one of the main components of an SG. Although the advances in AMI and SG technologies have brought new operational benefits, they introduce new security and privacy challenges. Security has emerged as an imperative requirement to protect an AMI from attack. Currently, ensuring security is a major challenge in the design and deployment of an AMI.
Due to the AMI system’s significance and the vital data, it stores, the information security risk assessment (ISRA) process must be carried out on it. ISRA is the cornerstone of the risk management procedure that must be applied to any critical information infrastructure system, such as AMI. Today, there are many ISRA methods available, including Construct a Platform for Risk Analysis of Security Critical Systems (CORAS), NIST SP 800-30, OCTAVE Allegro (OA), and Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS).
Numerous ISRA techniques can be employed for any essential information infrastructure system. Consequently, the initial hurdle lies in identifying the most fitting approach for risk assessment that aligns with the distinct attributes of the AMI system. Subsequently, the second obstacle pertains to evaluating the AMI system’s vulnerability to potential risks using the suitable ISRA methodology.
The contributions of this thesis are fivefold: First, assessing the potential security risks for an AMI system using samples of ISRA methods such as CORAS and EBIOS. Second, identifying the appropriate ISRA method via matching the capability of several ISRA models with the specifications needed for assessing the AMI system. Third, assessing the potential security risks for an AMI system using the appropriate ISRA approaches. Fourth, it considers samples of attacks that exploit the existing vulnerabilities in the AMI system and the impact they can have on the performance of individual components and the overall AMI system. Fifth, it proposes various countermeasures that can mitigate the identified risks and threats.
This thesis makes several outcomes as follows, the OA method is found to be the best-suited risk assessment method for AMI, and this outcome paves the way to standardizing this method for AMI risk assessment. Through the OA implementation, eleven risk scenarios are identified that affect the confidentiality, integrity, or availability of an AMI system. This thesis provides a comprehensive coverage of AMI components concerning their security vulnerabilities and potential attacks. For completeness, this thesis recommends risk mitigation approaches such as encryption, authentication, and intrusion detection system (IDS) to limit the identified risks associated with an AMI system.
The forthcoming endeavor is centered around the practical implementation of OA risk assessment within a real-life context, serving as a case study to authenticate the acquired outcomes. This effort also involves the creation of hybrid risk assessment approaches suitable for application in the AMI system. Furthermore, the integration of machine learning holds the potential to augment the effectiveness of the risk assessment process.