Bayesian and Multi-Objective Decision Support for Real-Time Incident Mitigation in Critical Infrastructure

Critical infrastructure increasingly relies on interconnected cyber-physical systems whose security incidents can escalate rapidly into safety and operational failures. Existing decision-support approaches struggle to support real-time incident response because they rely on static assumptions, incomplete vulnerability data, and single-objective risk models that do not adequately capture trade-offs between attack likelihood, impact severity, and system availability. This paper proposes a real-time, adaptive decision-support framework for incident mitigation in critical infrastructure that combines hierarchical system modelling with Bayesian probabilistic reasoning. The framework leverages probabilistic graphical models (Bayesian Networks) constructed from system architecture and vulnerability data, and employs confidence-calibrated exposure estimation to integrate complementary vulnerability scoring metrics under epistemic uncertainty. Mitigation strategies are explored as countermeasure portfolios and refined using multi-objective optimisation to identify Pareto-optimal trade-offs suitable for time- and resource-constrained response scenarios. Frequency-based heuristics are applied to prioritise robust mitigation actions across optimisation runs. The framework is evaluated on three representative cyber-physical attack scenarios, demonstrating its ability to adapt to evolving threats and provide actionable decision support under real-time constraints, thereby enhancing the operational resilience of critical infrastructure.