Assessing Loss Event Frequencies of Smart Grid Cyber Threats: Encoding Flexibility into FAIR Using Bayesian Network Approach

  • Anhtuan LeEmail author
  • Yue Chen
  • Kok Keong Chai
  • Alexandr Vasenev
  • Lorena Montoya
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 175)


Assessing loss event frequencies (LEF) of smart grid cyber threats is essential for planning cost-effective countermeasures. Factor Analysis of Information Risk (FAIR) is a well-known framework that can be applied to consider threats in a structured manner by using look-up tables related to a taxonomy of threat parameters. This paper proposes a method for constructing a Bayesian network that extends FAIR, for obtaining quantitative LEF results of high granularity, by means of a traceable and repeatable process, even for fuzzy input. Moreover, the proposed encoding enables sensitivity analysis to show how changes in fuzzy input contribute to the LEF. Finally, the method can highlight the most influential elements of a particular threat to help plan countermeasures better. The numerical results of applying the method to a smart grid show that our Bayesian model can not only provide evaluation consistent with FAIR, but also supports more flexible input, more granular output, as well as illustrates how individual threat components contribute to the LEF.


Cyber threat Loss event frequency Threat assessment 



This work was partially supported by the JPI Urban Europe initiative through the IRENE project.


  1. 1.
    Knapp, E.D., Samani, R.: Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure. Elsevier Science, Burlington (2013)Google Scholar
  2. 2.
    IRENE, D2.1: threats identification and ranking (2015).
  3. 3.
    Jung, O., Besser, S., Ceccarelli, A., Zoppi, T., Vasenev, A., Montoya Morales, A.L., et al.: Towards a collaborative framework to improve urban grid resilience. In: Presented at the IEEE International Energy Conference, ENERGYCON 2016, Leuven, Belgium (2016)Google Scholar
  4. 4.
    NIST, Risk management guide for information technology systems (2002)Google Scholar
  5. 5.
    Farahmand, F., Navathe, S.B., Sharp, G.P., Enslow, P.H.: A management perspective on risk of security threats to information systems. Inf. Technol. Manage. 6, 203–225 (2005)CrossRefGoogle Scholar
  6. 6.
    Sun, L., Srivastava, R.P., Mock, T.J.: An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. J. Manage. Inf. Syst. 22, 109–142 (2006)CrossRefGoogle Scholar
  7. 7.
    Peltier, T.R.: Information Security Risk Analysis. CRC Press, New York (2005)CrossRefGoogle Scholar
  8. 8.
    Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)CrossRefGoogle Scholar
  9. 9.
    Jones, J.: An introduction to factor analysis of information risk (fair). Norwich J. Inf. Assur. 2, 67 (2006)Google Scholar
  10. 10.
    Vasenev, A., Montoya, L., Ceccarelli, A., Le, A., Ionita, D.: Threat navigator: grouping and ranking malicious external threats to current and future urban smart grids. In: Presented at the SmartGifts Conference on Smart Grid Inspired Future Technologies (2016)Google Scholar
  11. 11.
    RMI. FAIR basic risk assessment guide (2007).
  12. 12.
    Dui, H., Zhang, L.-L., Sun, S.-D., Si, S.-B.: The study of multi-objective decision method based on Bayesian network. In: 2010 IEEE 17th International Conference on Industrial Engineering and Engineering Management (IE&EM), pp. 694–698 (2010)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2017

Authors and Affiliations

  • Anhtuan Le
    • 1
    Email author
  • Yue Chen
    • 1
  • Kok Keong Chai
    • 1
  • Alexandr Vasenev
    • 2
  • Lorena Montoya
    • 2
  1. 1.School of Electric EngineeringQueen Mary University of LondonLondonUK
  2. 2.University of TwenteEnschedeThe Netherlands

Personalised recommendations