Incorporating FAIR into Bayesian Network for Numerical Assessment of Loss Event Frequencies of Smart Grid Cyber Threats

In today’s cyber world, assessing security threats before implementing smart grids is essential to identify and mitigate the risks. Loss Event Frequency (LEF) is a concept provided by the well-known Factor Analysis of Information Risk (FAIR) framework to assess and categorize the cyber threats into five classes, based on their severity. As the number of threats is increasing, it is possible that many threats might fall under the same LEF category, but FAIR cannot provide any further mechanism to rank them. In this paper, we propose a method to incorporate the FAIR’s LEF into Bayesian Network (BN) to derive the numerical assessments to rank the threat severity. The BN probabilistic relations are inferred from the FAIR look-up tables to reflect and conserve the FAIR appraisal. Our approach extends FAIR functionality by providing a more detailed ranking, allowing fuzzy inputs, enabling the illustration of input-output relations, and identifying the most influential element of a threat to improve the effectiveness of countermeasure investment. Such improvements are demonstrated by applying the method to assess cyber threats in a smart grid robustness research project (IRENE).