Improving Impact Assessment Using Fuzzy Sets in CISIApro 2.0 Model

Cyberattacks against critical infrastructures pose a significant risk, impacting operational efficiency, economic stability, and reputation. Evaluating the domino-effect of these attacks is a challenge, especially as operators struggle to understand their impact. In this paper, we use the proven Mixed Holistic-Reductionist (MHR) method. We focus on assessing the consequences of adverse events and recovery actions within networked infrastructures, especially in the cyber-physical domain, where interdependencies are crucial. The CISIApro 2.0 simulator uses the MHR approach to assess the impact of negative and positive events on the functionality of different infrastructure elements. In particular, we improve the simulator by incorporating uncertainty through triangular fuzzy numbers. These numbers represent imprecise data that capture uncertainty more realistically than single crisp values. By modeling different cyber threats and attacks, we assess their effects on dimensions such as confidentiality, integrity, and availability for each element of the model. Interestingly, our results remain coherent even when the information is incomplete or inaccurate.