Assessment of Information Security Levels in Power Communication Systems Using Evidential Reasoning

The purpose of this paper is to present a framework for assessing information security in power communication systems. The framework consists of dividing the communication system to be analyzed into its subcomponents and linking these to relevant evaluation criteria. In this study, the information security standard ISO 17799 has been used as a point of reference to define such evaluation criteria. The framework involves collecting data to evaluate each individual criterion and aggregating these evaluations using a robust algorithm. To cater for the many uncertainties in evaluating information security, the evaluation of the individual subcomponents is aggregated using a Dempster-Shafer based algorithm for evidential reasoning. This algorithm incorporates the many insecure facts and incomplete data that are inherent in large scale systems. The overall result is a set of indicators which highlight the level of information security within a studied communication system. The paper is concluded with a description of a case study in which the framework was applied to a communication system used for automatic meter reading (AMR). Experiences from this application are described in the paper.