Framework for threat modelling for a power utility: case of Zimbabwe Power Utility Company

Abstract

The purpose of this study was analyse threats that are inherent in the prepaid electricity meter system and to propose a framework for threat modelling. This framework can be effectively used by power utilities power utilities in particular and other prepaid meter system organisations to achieve end-to-end actionable insights on prepaid electricity metering infrastructure. The study used a qualitative case research methodology with a single unit of analysis. A purposive sampling technique was used to select suitable participants. Data was collected from power utility engineers and security experts using semi-structured interviews and focus group in order to triangulate the research findings. The findings of the study indicated that at the present moment there are very few frameworks that can be explicitly used to model threat to prepaid electricity infrastructure. This has exposed the infrastructure to various attacks such as physical bypass, cyber-attack and mechanically induced attack. We therefore recommend the adoption of an explicit framework for modelling threat in prepaid metering infrastructure.