European Union regulations state that member nations are to roll out advanced metering systems to a majority of households within the decade. This will not only fundamentally change the energy supply landscape in Austria but also constitutes a major security challenge since all those households will be connected to the IT systems of domestic energy providers, resulting in a vast increase in the number of possible attack vectors for criminal or terrorist threats. So far there only exist standards for security properties of parts of the advanced metering infrastructure (AMI) such as the ones issued by NIST – National Institute of Standards and Technology, USA – or by BSI – Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security), DE. But these standards only allow for ex ante checks and certification of devices. Techniques and methods for operational monitoring of AMI are still lacking.
The goal of this project is the research of an integrated framework consisting of an Intrusion Detection System (IDS) and its organizational embedding. Conventional IDS do not meet the fundamentally different requirements in AMI. To accomplish this goal a formal definition of the advanced metering infrastructures will be developed (using a descriptive formalism to be selected within the project). Based on this definition a set of monitoring rules will be constructed. The main innovative characteristics of the approach are the fact that the rules will model normal behavior (as opposed to most other IDS that define abnormal situations) and that the rules will be applied on different levels of the AMI depending on the information available on that level. These rules are derived from experience and knowhow provided by the business partners (small to medium sized electricity providers) and from data gathered during a pilot project of AMI installation done by one of the business partners (the pilot project itself is not part of the research). This situation provides us with the unique opportunity to verify the validity of the monitoring rules in a real world scenario. An IDS based on these rules will be implemented as proof of concept.
Last but not least an expert in the field of privacy and data protection (Dr. Einzinger) will ensure compliance with relevant issues. The technical part of the project will be supplemented by the development of an organizational framework based on existing standards (such as ISO 2700x); the framework consists of policies that define all activities of the monitoring process including rules for alarm situations. The outcome of the project will be a solution to some of the inherent security problems of AMI as it provides an IDS specifically designed for this environment together with a framework for its successful integration into the organizational setting.