Abstract: At present, most industrial control system risk assessment methods do not consider the defender strategy and the confrontation between attack and defense. Therefore, this paper proposes a risk assessment method based on game model. The attack defense graph was used to calculate attack gain and defense gain. The static Bayesian attack and defense game model was established to calculate the mixed strategy Bayesian Nash equilibrium, and the optimal probability distribution of attack and defense strategies was obtained. According to the calculation method of information security risk assessment, the risk assessment analysis method was calculated based on the probability distribution of the defender's benefit and the attacker's optimal strategy selection. An example was used to illustrate the feasibility and usefulness of the proposed method.