A bayesian network based critical infrastructure risk model

Abstract

Critical infrastructures (CIs) provide important services to society and economy, like electricity, or communication networks to enable telephone calls and internet access. CI services are expected to provide safety and security features like data Confidentiality and Integrity as well as to ensure service Availability (CIA). The complexity and interdependency of CI services makes it hard for CI providers to guarantee those features or even to be able to monitor the CIA risk by taking into account that an incident in one CI service can cascade to another CI service due to a dependency. CI security modelling tries to address some of the problems by providing a model for on-line risk monitoring. The model displays risk on the CI service level and can capture the dependencies to other CI services and include them in risk estimation. In this work Bayesian networks (BNs) are introduced to the CI security model to provide a method to derive CI service risk and allow features like risk prediction and handling of interdependencies. To the best of our knowledge this is the first time that BNs are used for on-line risk estimation in CIs. © Springer-Verlag Berlin Heidelberg 2013.