@techreport{Jaskolka2018ag,
	Abstract = {As the complexity of modern systems and networks continues to increase, assuring the safety, security, and reliability of distributed systems---including critical energy infrastructure systems---remains among the top priorities for governments and utility providers. This presents a wide range of complex challenges. Modern energy infrastructure depends on advanced metering infrastructure (AMI) systems which are responsible for gathering, measuring, and analyzing enormous amounts of energy consumption information which is used to make important decisions related to energy services including billing, monitoring, distribution, load balancing, and more. Therefore, ensuring the confidentially, integrity, availability, and accountability of this information is paramount. The connected nature of AMI dictates its criticality as failures experienced in one component of the system can cascade to other components throughout the infrastructure.

Against this backdrop, there is a need to develop a better understanding of the complex systems that we build and to ensure they are designed, managed, and operated in a manner that provides cyber-assurance. It is imperative that such systems be designed and built so that they meet their stringent security and resilience requirements, and in a way that there is evidence to support claims about the security and resilience of the system. The fundamental problem being addressed in this report is how to assure that AMI is developed with appropriate security and resilience properties.

Assuring that AMI is secure, and that it is acceptably resilient is a difficult task. Assurance cases offer a method for providing structured arguments to facilitate the assurance of critical system properties such as security and resilience. They represent combinations of structured claim decompositions in terms of the high-level claims, sub-claims, and supporting evidence related to the system design and implementation, and an argument or strategy, which is an informal proof, demonstrating that the claim decomposition supported by the evidence will achieve the required properties. This report presents a sketch of an assurance case template that can be used for arguing security and resilience properties of AMI components. The developed assurance case template is based on a study of the security and resilience goals, requirements, and characteristics of AMI and provides the basis for developing more in-depth evaluation and analysis of the security and resilience of smart metering devices and AMI as critical components of smart electricity grids. It also provides a discussion of the challenges faced, lessons learned, and next steps for future research in the development of advanced tools and methods for achieving cyber-assurance for critical infrastructure systems.},
	Author = {Jason Jaskolka},
	Institution = {Prepared for Natural Resources Canada},
	Month = {March},
	Pages = {1--34},
	Title = {Assurance Cases for Security and Resilience of Advanced Metering Infrastructure},
	Type = {Technical Report},
	Year = {2018}
}