论文信息 - Assessing Loss Event Frequencies of Smart Grid Cyber Threats: Encoding Flexibility into FAIR Using Bayesian Network Approach

Assessing Loss Event Frequencies of Smart Grid Cyber Threats: Encoding Flexibility into FAIR Using Bayesian Network Approach

Assessing loss event frequencies (LEF) of smart grid cyber threats is essential for planning cost-effective countermeasures. Factor Analysis of Information Risk (FAIR) is a well-known framework that can be applied to consider threats in a structured manner by using look-up tables related to a taxonomy of threat parameters. This paper proposes a method for constructing a Bayesian network that extends FAIR, for obtaining quantitative LEF results of high granularity, by means of a traceable and repeatable process, even for fuzzy input. Moreover, the proposed encoding enables sensitivity analysis to show how changes in fuzzy input contribute to the LEF. Finally, the method can highlight the most influential elements of a particular threat to help plan countermeasures better. The numerical results of applying the method to a smart grid show that our Bayesian model can not only provide evaluation consistent with FAIR, but also supports more flexible input, more granular output, as well as illustrates how individual threat components contribute to the LEF.

Yue Chen | Kok Keong Chai | Lorena Montoya | Alexandr Vasenev | Anhtuan Le

[1] Shamkant B. Navathe,et al. A Management Perspective on Risk of Security Threats to Information Systems , 2005, Inf. Technol. Manag..

[2] Shu-dong Sun,et al. The study of multi-objective decision method based on Bayesian network , 2010, 2010 IEEE 17Th International Conference on Industrial Engineering and Engineering Management.

[3] Thomas Peltier,et al. Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[4] Sandford Bessler,et al. Towards a collaborative framework to improve urban grid resilience , 2016, 2016 IEEE International Energy Conference (ENERGYCON).

[5] Rajendra P. Srivastava,et al. An Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions , 2006, J. Manag. Inf. Syst..

[6] Mohamed Cheriet,et al. Taxonomy of information security risk assessment (ISRA) , 2016, Comput. Secur..

[7] G. Stoneburner,et al. Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[8] Andrea Ceccarelli,et al. Threat Navigator: Grouping and Ranking Malicious External Threats to Current and Future Urban Smart Grids , 2016, SmartGIFT.

[9] Eric D. Knapp,et al. Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure , 2013 .