Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior

• An automated algorithm to generate a game-theoretic model of the power network.
• A generic security metric to calculate security measure estimates of every security state.
• A solution to infer security measures by passively observing and actively querying operators.
• We validate EliMet on an emulated power system control network infrastructure.

To protect complex power-grid control networks, efficient security assessment techniques are required. However, efficiently making sure that calculated security measures match the expert knowledge is a challenging endeavor. In this paper, we present EliMet, a framework that combines information from different sources and estimates the extent to which a control network meets its security objective. Initially, EliMet passively observes system operators' online reactive behavior against security incidents, and accordingly refines the calculated security measure values. To make the values comply with the expert knowledge, EliMet actively queries operators regarding those states for which sufficient information was not gained during the passive observation. Finally, EliMet makes use of the estimated security measure values for predictive situational awareness by ranking potential cyber-physical contingencies that the security administrators should plan for upfront. Our experimental results show that EliMet can optimally make use of prior knowledge as well as automated inference techniques to minimize human involvement and efficiently deduce the expert knowledge regarding individual states of that particular system.