Assessing Loss Event Frequencies of Smart Grid Cyber Threats: Encoding Flexibility into FAIR Using Bayesian Network Approach
Assessing loss event frequencies (LEF) of smart grid cyber threats is essential for planning cost-effective countermeasures. Factor Analysis of Information Risk (FAIR) is a well-known framework that can be applied to consider threats in a structured manner by using look-up tables related to a taxonomy of threat parameters. This paper proposes a method for constructing a Bayesian network that extends FAIR, for obtaining quantitative LEF results of high granularity, by means of a traceable and repeatable process, even for fuzzy input. Moreover, the proposed encoding enables sensitivity analysis to show how changes in fuzzy input contribute to the LEF. Finally, the method can highlight the most influential elements of a particular threat to help plan countermeasures better. The numerical results of applying the method to a smart grid show that our Bayesian model can not only provide evaluation consistent with FAIR, but also supports more flexible input, more granular output, as well as illustrates how individual threat components contribute to the LEF.
KeywordsCyber threat Loss event frequency Threat assessment
This work was partially supported by the JPI Urban Europe initiative through the IRENE project.
- 1.Knapp, E.D., Samani, R.: Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure. Elsevier Science, Burlington (2013)Google Scholar
- 2.IRENE, D2.1: threats identification and ranking (2015). http://www.ireneproject.eu
- 3.Jung, O., Besser, S., Ceccarelli, A., Zoppi, T., Vasenev, A., Montoya Morales, A.L., et al.: Towards a collaborative framework to improve urban grid resilience. In: Presented at the IEEE International Energy Conference, ENERGYCON 2016, Leuven, Belgium (2016)Google Scholar
- 4.NIST, Risk management guide for information technology systems (2002)Google Scholar
- 9.Jones, J.: An introduction to factor analysis of information risk (fair). Norwich J. Inf. Assur. 2, 67 (2006)Google Scholar
- 10.Vasenev, A., Montoya, L., Ceccarelli, A., Le, A., Ionita, D.: Threat navigator: grouping and ranking malicious external threats to current and future urban smart grids. In: Presented at the SmartGifts Conference on Smart Grid Inspired Future Technologies (2016)Google Scholar
- 11.RMI. FAIR basic risk assessment guide (2007). http://www.riskmanagementinsight.com/media/docs/FAIR_brag.pdf
- 12.Dui, H., Zhang, L.-L., Sun, S.-D., Si, S.-B.: The study of multi-objective decision method based on Bayesian network. In: 2010 IEEE 17th International Conference on Industrial Engineering and Engineering Management (IE&EM), pp. 694–698 (2010)Google Scholar