Abstract
Assessing loss event frequencies (LEF) of smart grid cyber threats is essential for planning cost-effective countermeasures. Factor Analysis of Information Risk (FAIR) is a well-known framework that can be applied to consider threats in a structured manner by using look-up tables related to a taxonomy of threat parameters. This paper proposes a method for constructing a Bayesian network that extends FAIR, for obtaining quantitative LEF results of high granularity, by means of a traceable and repeatable process, even for fuzzy input. Moreover, the proposed encoding enables sensitivity analysis to show how changes in fuzzy input contribute to the LEF. Finally, the method can highlight the most influential elements of a particular threat to help plan countermeasures better. The numerical results of applying the method to a smart grid show that our Bayesian model can not only provide evaluation consistent with FAIR, but also supports more flexible input, more granular output, as well as illustrates how individual threat components contribute to the LEF.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Knapp, E.D., Samani, R.: Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure. Elsevier Science, Burlington (2013)
IRENE, D2.1: threats identification and ranking (2015). http://www.ireneproject.eu
Jung, O., Besser, S., Ceccarelli, A., Zoppi, T., Vasenev, A., Montoya Morales, A.L., et al.: Towards a collaborative framework to improve urban grid resilience. In: Presented at the IEEE International Energy Conference, ENERGYCON 2016, Leuven, Belgium (2016)
NIST, Risk management guide for information technology systems (2002)
Farahmand, F., Navathe, S.B., Sharp, G.P., Enslow, P.H.: A management perspective on risk of security threats to information systems. Inf. Technol. Manage. 6, 203–225 (2005)
Sun, L., Srivastava, R.P., Mock, T.J.: An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. J. Manage. Inf. Syst. 22, 109–142 (2006)
Peltier, T.R.: Information Security Risk Analysis. CRC Press, New York (2005)
Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)
Jones, J.: An introduction to factor analysis of information risk (fair). Norwich J. Inf. Assur. 2, 67 (2006)
Vasenev, A., Montoya, L., Ceccarelli, A., Le, A., Ionita, D.: Threat navigator: grouping and ranking malicious external threats to current and future urban smart grids. In: Presented at the SmartGifts Conference on Smart Grid Inspired Future Technologies (2016)
RMI. FAIR basic risk assessment guide (2007). http://www.riskmanagementinsight.com/media/docs/FAIR_brag.pdf
Dui, H., Zhang, L.-L., Sun, S.-D., Si, S.-B.: The study of multi-objective decision method based on Bayesian network. In: 2010 IEEE 17th International Conference on Industrial Engineering and Engineering Management (IE&EM), pp. 694–698 (2010)
Acknowledgments
This work was partially supported by the JPI Urban Europe initiative through the IRENE project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Le, A., Chen, Y., Chai, K.K., Vasenev, A., Montoya, L. (2017). Assessing Loss Event Frequencies of Smart Grid Cyber Threats: Encoding Flexibility into FAIR Using Bayesian Network Approach. In: Hu, J., Leung, V., Yang, K., Zhang, Y., Gao, J., Yang, S. (eds) Smart Grid Inspired Future Technologies. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 175. Springer, Cham. https://doi.org/10.1007/978-3-319-47729-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-47729-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47728-2
Online ISBN: 978-3-319-47729-9
eBook Packages: Computer ScienceComputer Science (R0)