A critical infrastructure provides essential services to a nationu2019s population. Interruptions in its smooth operations are highly undesirable because they will cause significant and devastating consequences on all stakeholders in the society. In order to provide sustained protection to a nationu2019s critical infrastructure, we must continually assess and evaluate the risks thereof. We propose a risk assessment framework that can evaluate the risks posed to the security of a critical infrastructure from threat agents, with a special emphasis on the smart grid communications infrastructure. The framework defines fine-grained risk identification to help quantify and assess exploitable vulnerabilities within a critical infrastructure.