A paper from the Electric Power Research Institute (EPRI) Cybersecurity research team, “Intrusion Detection System for Advanced Metering Infrastructure,” investigates current industrial and academic efforts to address detecting security events across the range of advanced metering infrastructure (AMI) networks and devices.
The document is intended to give AMI vendors and asset owners a clear understanding of monitoring requirements of AMI and to identify key research challenges related to intrusion-detection technology and large-scale deployment.
The effective design and deployment of intrusion-detection systems (IDSes) in a utility’s AMI environment have several characteristics that differentiate them from design and deployment in traditional information technology environments. For example, deploying a perimeter IDS might not provide the coverage necessary for an AMI system. Because there tends to be mesh networks in addition to IP-based backhaul networks, positioning an IDS at the AMI head-end system could miss malicious activity in the mesh network. In addition, there can be scalability issues as some utilities deploy millions of meters in their service territories.
This document includes monitoring requirements for the core components of an AMI: collection engine, meter data management system, data collection unit, and meters; and does not cover the home area network or third-party communication equipment.
Here are three key takeaways from the report:
· IDS solutions for AMI systems are still at an early stage of development.
· AMI IDS solutions must be scalable and adapt to resource constraints.
· Various types of IDS sensors are recommended for the meter, field-area network and AMI head-end system.