This past Tuesday, July 14, WireIE CTO Tim Brown presented “Opportunities in the World of Open Mobile”, at the 25th Annual Caribbean Association of National Telecommunication Organizations’ (CANTO) Conference and Trade Exhibition in Trinidad & Tobago.

A PDF of the presentation may be found here.

Security is imperative for any type of network – not just Advanced Metering Infrastructures (AMI’s). This can be achieved through the use of policy outlining a basic set of goals and standards and specific procedures.

Threats to AMI security include:
1.    Unencrypted communications
2.    Physical tampering
3.    Key management
4.    Denial of Service (DoS)
5.    Repudiation
6.    Communications monitoring
7.    Fault tolerance
8.    Attacking the system using test development software

There are daily activities that are utilized to maintain security through practice such as verifying system security and monitoring the daily health of the system.

First step in this process is to Define Secure State of the System. A system can be deemed “secure” only if authenticated subjects are able to access what they are authorized to.

Auditing the system is crucial in maintaining network security. Minor audits should be conducted once there is a change to the system in order to verify the security controls are in proper maintenance.

Introducing an incident response policy helps outline what constitutes an incident and what the response should be. These provide classifications of events, escalation list, documentation guidelines, reporting and process flow.

Information systems are strengthened if a security processes are integrated with policy, monitoring, auditing and incident handling. Furthermore, a consistent maintenance of not only the AMI system, but the network security policies is required on a regular basis to maintain the effectiveness and validity of the system as time passes. These measures help ensure a system is in a secure state at any given time.