On Cybersecurity Incident Response Decision Support System in Smart Grids

The growing complexity of control systems in smart grids has increased their vulnerability to cyber-attacks. In this paper, we introduce a modular decision support system to help system operators prioritize and select countermeasures following a cyber-incident. The proposed system combines attack graph analysis with multi-criteria decision-making techniques, enabling the evaluation of response actions based on customizable priorities such as cost, technical impact, and time required for deployment. Its architecture includes three independent components: a data management module, a decision-making engine, and a user interface, allowing integration of external knowledge bases and various decision strategies. The system is evaluated by analyzing its runtime behavior, optimization performance, and consistency with established cybersecurity standards and guidelines. Results show that the decision support system enhances operator capability in selecting effective countermeasures and provides a structured foundation for systematically comparing decision-making techniques in cyber-incident response for industrial control environments.