man-related threats, as well as their increasing dependency on
ICT systems and uncertainties of influent factors, urge to adopt
integrated approaches for security assessment and control.
Moreover, the need to analyze high impact events (causes of past
blackouts) calls for the adoption of the risk concept to perform
more in-depth security analyses. The present paper describes a
probabilistic risk-based methodology, developed within the EU
research project AFTER, aiming to perform risk assessment
(including hazard, vulnerability, and impact analysis) of the
integrated power and ICT systems. The paper focuses on the
steps to build the assessment framework based on:
threat/vulnerability identification and classification, contingency
modeling, power system response modeling and computation of
risk indicators for operation and operational planning purposes.