Developing a Cybersecurity Risk Management Framework for Non-Technical Losses in National Power Distribution Companies

Abstract

Traditionally, power companies are the driving force behind a country’s economy and disturbances in its services have severe effects. Advanced metering infrastructure (AMI) grids are vulnerable to network & web security attacks. The objective of this study is to pinpoint the risk mitigation measures that should be integrated into the electric power advanced metering grids of Jordan. The study investigates and proposes a Risk Management Framework (RMF) to minimize the risks of power fraudulent activity. AMI is vulnerable to electricity losses and hence the need to develop a system that would help mitigate this risk. To develop the RMF, we integrate security and privacy into the management activities, to assist in the organizational preparation of the processes and technologies needed for the ongoing energy system IT and OT convergence and digital transformation poses more cybersecurity concerns and essential requirements. We used the Quantitative Risk Management process utilizing the NIST RMF standards for financial risk impacts mitigation of energy losses in the AMI grid. The dependencies and influences between the dimensions considered are investigated, information gathering, and the collection of work data were carried out and used for quantitative analysis. This paper presents a pilot project study in collaboration with EDCO the developed and proposed RMF requirements, risk assessment and, finally recommends the implementation of the selected security controls for the AMI profile protection to mitigate the identified cyber risk.