International Journal of Computer Science and Business Informatics

The purpose of this study was analyse threats that are inherent in the prepaid electricity meter system and to propose a framework for threat modelling. This framework can be effectively used by power utilities power utilities in particular and other prepaid meter system organisations to achieve end-to-end actionable insights on prepaid electricity metering infrastructure. The study used a qualitative case research methodology with a single unit of analysis. A purposive sampling technique was used to select suitable participants. Data was collected from power utility engineers and security experts using semi-structured interviews and focus group in order to triangulate the research findings. The findings of the study indicated that at the present moment there are very few frameworks that can be explicitly used to model threat to prepaid electricity infrastructure. This has exposed the infrastructure to various attacks such as physical bypass, cyber-attack and mechanically induced attack. We therefore recommend the adoption of an explicit framework for modelling threat in prepaid metering infrastructure.

Bakari, J. K. (2007). A Holistic Approach for Managing ICT Security in Non-Commercial Organisations: A Case Study in a Developing Country.

Bertino, E., Martino, L. D., Paci, F., & Squicciarini, A. C. (2010). Security for web services and service-oriented architectures. Security for Web Services and Service-Oriented Architectures, 1–226. http://doi.org/10.1007/978-3-540-87742-4

http://www.arrow.dit.ie/cgi/viewcontent.cgi?article=1012&context=engschcivcon

Burns, S. F. (2005). Threat Modeling: A Process To Ensure Application Security, (January) SANS Institute

Ciampa, M., (2009). Security and Guide to Network Security Fundamentals. 3rd edition. Boston: Cengage Learning.

Excellence, N. (2013). Deliverable D6 . 3 : Advanced Report on Smart Environments.

Hämmerli, B., Svendsen, N. K. & Lopez, J. 2013. Critical Information Infrastructures Security: 7th International Workshop, CRITIS 2012, Lillehammer, Norway, September 17-18, 2012. Revised Selected Papers, Springer Berlin Heidelberg.

Hardy, G. M. (2012) Beyond Continuous Monitoring : Threat Modeling for Real-time Response, (October) SANS Institute

Marek, P., & Paulina, J. (2006). The OCTAVE methodology as a risk analysis tool for business resources. International Multiconference Computer Science and IT …, 485–497. Retrieved from:http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:The+OCTAVE+methodology+as+a+risk+analysis+tool+for+business+resources#2

Mcgrath, M., & Lennon, R. (2013). Letterkenny Institute of Technology Threat Modelling for Legacy Enterprise Applications, (August).

Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., & Murukan, A. (2003). Chapter 3 – Threat Modeling, (June).

Microsoft. (2012). Introduction to Microsoft Security Development Lifecycle (SDL) Threat Modeling. Retrieved from http://www.cs.berkeley.edu/~daw/teaching/cs261-f12/hws/Introduction_to_Threat_Modeling.pdf

Miyogo, C. N., Ondieki, S., & Nashappi, G. (2013). An Assessment of the Effect of Prepaid Service Transition in Electricity Bill Payment on KP Customers , a Survey of Kenya Power , West Kenya Kisumu, 3(9), 88–97.

Pabla A.S., (2008). Electric Power Distribution, 5th edition. New Delhi: Tata McGraw-Hill. Available at: http//www.books.google.com/books/about/Electric_Power_Distribution.html?id...

Schneier, B. (1999). Attack Trees. Dr Dobbs Journal, 24(12), 21–29. Retrieved from http://www.schneier.com/paper-attacktrees-ddj-ft.html

Tøndel, A. I. , Jaatun, M. G. & Line, M. B. (2012). SecurityThreats in DemoSteinkjer_v1.pdf. SINTEF ICT and Telenor, 1.

Ucedavelez, T., & Partner, M. (2012). Real world threat modelling using the pasta methodology. pp.2-61. Available at: https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf

Williams, L. (2007). Threat Models Software Security Touchpoints: Purpose of Threat Modeling, 1–15.

Yin, R.K. (2014) Application of case study research: Design and Methods. 5th edition. London: Sage publications.

Zhang, X., & Xu, S. (2006). TDDC03 Projects , Spring (2006): A Comparison of Attack Trees , Threat Modeling and OCTAVE.