9,749 research outputs found
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
Cyber Insurance for Cyber Resilience
Cyber insurance is a complementary mechanism to further reduce the financial
impact on the systems after their effort in defending against cyber attacks and
implementing resilience mechanism to maintain the system-level operator even
though the attacker is already in the system. This chapter presents a review of
the quantitative cyber insurance design framework that takes into account the
incentives as well as the perceptual aspects of multiple parties. The design
framework builds on the correlation between state-of-the-art attacker vectors
and defense mechanisms. In particular, we propose the notion of residual risks
to characterize the goal of cyber insurance design. By elaborating the
insurer's observations necessary for the modeling of the cyber insurance
contract, we make comparison between the design strategies of the insurer under
scenarios with different monitoring rules. These distinct but practical
scenarios give rise to the concept of the intensity of the moral hazard issue.
Using the modern techniques in quantifying the risk preferences of individuals,
we link the economic impacts of perception manipulation with moral hazard. With
the joint design of cyber insurance design and risk perceptions, cyber
resilience can be enhanced under mild assumptions on the monitoring of
insurees' actions. Finally, we discuss possible extensions on the cyber
insurance design framework to more sophisticated settings and the regulations
to strengthen the cyber insurance markets
Towards optimal multi-objective models of network security: survey
Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers
Toward optimal multi-objective models of network security: Survey
Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers
Strategic Investment in Protection in Networked Systems
We study the incentives that agents have to invest in costly protection
against cascading failures in networked systems. Applications include
vaccination, computer security and airport security. Agents are connected
through a network and can fail either intrinsically or as a result of the
failure of a subset of their neighbors. We characterize the equilibrium based
on an agent's failure probability and derive conditions under which equilibrium
strategies are monotone in degree (i.e. in how connected an agent is on the
network). We show that different kinds of applications (e.g. vaccination,
malware, airport/EU security) lead to very different equilibrium patterns of
investments in protection, with important welfare and risk implications. Our
equilibrium concept is flexible enough to allow for comparative statics in
terms of network properties and we show that it is also robust to the
introduction of global externalities (e.g. price feedback, congestion).Comment: 32 pages, 3 figure
- âŠ