Team for Research in
Ubiquitous Secure Technology

AMI System Security Requirements
Coalton Bennett, Bobby Brown, Brad Singletary, Darren Highfill, Doug Houseman, Frances Cleveland, Howard Lipson, James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield, Sharon Li

Citation
Coalton Bennett, Bobby Brown, Brad Singletary, Darren Highfill, Doug Houseman, Frances Cleveland, Howard Lipson, James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield, Sharon Li. "AMI System Security Requirements". Utility Communication Architecture International User Group (UCAIUG), December, 2008.

Abstract
This document provides the utility industry and vendors with a set of security requirements for Advanced Metering Infrastructure (AMI). These requirements are intended to be used in the procurement process, and represent a superset of requirements gathered from current cross industry accepted security standards and best practice guidance documents. This document provides substantial supporting information for the use of these requirements including scope, context, constraints, objectives, user characteristics, assumptions, and dependencies. This document also introduces the concept of requirements for security states all modes, with requirements delineated for security states. These requirements are categorized into three areas: 1) Primary Security Services, 2) Supporting Security Services and 3) Assurance Services. The requirements will change over time corresponding with current security threats and countermeasures they represent. The AMI-SEC Task Force presents the current set as a benchmark, and the authors expect utilities and vendors to tailor the set to individual environments and deployments. While these requirements are capable of standing on their own, this document is intended to be used in conjunction with other 2008 deliverables from the AMI-SEC Task Force, specifically the Risk Assessment, the Architectural Description, the Component Catalog (in development as of this writing), and the Implementation Guide (to be developed late 2008). This document also discusses the overall process for usage of this suite.

Electronic downloads

Citation formats  
  • HTML
    Coalton Bennett, Bobby Brown, Brad Singletary, Darren
    Highfill, Doug Houseman, Frances Cleveland, Howard Lipson,
    James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield,
    Sharon Li. <a
    href="http://www.truststc.org/pubs/668.html"
    ><i>AMI System Security
    Requirements</i></a>, Utility Communication
    Architecture International User Group (UCAIUG), December,
    2008.
  • Plain text
    Coalton Bennett, Bobby Brown, Brad Singletary, Darren
    Highfill, Doug Houseman, Frances Cleveland, Howard Lipson,
    James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield,
    Sharon Li. "AMI System Security Requirements".
    Utility Communication Architecture International User Group
    (UCAIUG), December, 2008.
  • BibTeX
    @manual{BennettBrownSingletaryHighfillHousemanClevelandLipson08_AMISystemSecurityRequirements,
        author = {Coalton Bennett and Bobby Brown and Brad
                  Singletary and Darren Highfill and Doug Houseman
                  and Frances Cleveland and Howard Lipson and James
                  Ivers and Jeff Gooding and Jeremy McDonald and
                  Neil Greenfield and Sharon Li},
        title = {AMI System Security Requirements},
        organization = {Utility Communication Architecture International
                  User Group (UCAIUG)},
        month = {December},
        year = {2008},
        abstract = {This document provides the utility industry and
                  vendors with a set of security requirements for
                  Advanced Metering Infrastructure (AMI). These
                  requirements are intended to be used in the
                  procurement process, and represent a superset of
                  requirements gathered from current cross industry
                  accepted security standards and best practice
                  guidance documents. This document provides
                  substantial supporting information for the use of
                  these requirements including scope, context,
                  constraints, objectives, user characteristics,
                  assumptions, and dependencies. This document also
                  introduces the concept of requirements for
                  security states all modes, with requirements
                  delineated for security states. These requirements
                  are categorized into three areas: 1) Primary
                  Security Services, 2) Supporting Security Services
                  and 3) Assurance Services. The requirements will
                  change over time corresponding with current
                  security threats and countermeasures they
                  represent. The AMI-SEC Task Force presents the
                  current set as a benchmark, and the authors expect
                  utilities and vendors to tailor the set to
                  individual environments and deployments. While
                  these requirements are capable of standing on
                  their own, this document is intended to be used in
                  conjunction with other 2008 deliverables from the
                  AMI-SEC Task Force, specifically the Risk
                  Assessment, the Architectural Description, the
                  Component Catalog (in development as of this
                  writing), and the Implementation Guide (to be
                  developed late 2008). This document also discusses
                  the overall process for usage of this suite.},
        URL = {http://www.truststc.org/pubs/668.html}
    }
    

Posted by Coalton Bennett on 29 Mar 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.