Abstract
AI Planning (or Automated Planning) is a sub-field within AI which has been applied to several information security sub-fields, particularly vulnerability detection and incident response. Compared to other AI techniques such as machine learning, AI planning has the advantage of requiring no data or datasets to train. Instead, an entity within a domain is modelled, describing the relevant features of an environment, the goals, constraints, and the actions available to the entity. This paper surveys the traditional field of automated planning and explores its application to the field of information security and in particular, automating cyber incident response. Relevant AI planning techniques are then applied to implement a prototype which demonstrates the feasibility of automating incident response, focusing on False Data Injection Attacks (FDIA) against smart grid as a use case. The effectiveness of this prototype is validated on a digital twin power delivery system at The University of Queensland Industry 4.0 Energy Testlab. The effectiveness of this prototype is quantitatively assessed with reference to best industry practice before discussing the strengths and weaknesses of adopting AI planning for incident response, and information security domains generally.