Game Theory for Secure Critical Interdependent Gas-Power-Water Infrastructure

A city's critical infrastructure such as gas, water, and power systems, are largely interdependent since they share energy, computing, and communication resources. This, in turn, makes it challenging to endow them with fool-proof security solutions. In this paper, a unified model for interdependent gas-power-water infrastructure is presented and the security of this model is studied using a novel game-theoretic framework. In particular, a zero-sum noncooperative game is formulated between a malicious attacker who seeks to simultaneously alter the states of the gas-power-water critical infrastructure to increase the power generation cost and a defender who allocates communication resources over its attack detection filters in local areas to monitor the infrastructure. At the mixed strategy Nash equilibrium of this game, numerical results show that the expected power generation cost deviation is 35\% lower than the one resulting from an equal allocation of resources over the local filters. The results also show that, at equilibrium, the interdependence of the power system on the natural gas and water systems can motivate the attacker to target the states of the water and natural gas systems to change the operational states of the power grid. Conversely, the defender allocates a portion of its resources to the water and natural gas states of the interdependent system to protect the grid from state deviations.Comment: 7 pages, in proceedings of Resilience Week 201

Generalized Colonel Blotto Game

Competitive resource allocation between adversarial decision makers arises in a wide spectrum of real-world applications such as in communication systems, cyber-physical systems security, as well as financial, political, and electoral competition. As such, developing analytical tools to model and analyze competitive resource allocation is crucial for devising optimal allocation strategies and anticipating the potential outcomes of the competition. To this end, the Colonel Blotto game is one of the most popular game-theoretic frameworks for modeling and analyzing such competitive resource allocation problems. However, in many real-world competitive situations, the Colonel Blotto game does not admit solutions in deterministic strategies and, hence, one must rely on analytically complex mixed-strategies with their associated tractability, applicability, and practicality challenges. In this paper, a generalization of the Colonel Blotto game which enables the derivation of deterministic, practical, and implementable equilibrium strategies is proposed while accounting for the heterogeneity of the battlefields. In addition, the proposed generalized game enables accounting for the consumed resources in each battlefield, a feature that is not considered in the classical Blotto game. For the generalized game, the existence of a Nash equilibrium in pure-strategies is shown. Then, closed-form analytical expressions of the equilibrium strategies, are derived and the outcome of the game is characterized; based on the number of resources of each player as well as the valuation of each battlefield. The generated results provide invaluable insights on the outcome of the competition. For example, the results show that, when both players are fully rational, the more resourceful player can achieve a better total payoff at the Nash equilibrium, a result that is not mimicked in the classical Blotto game.Comment: 8 pages, 5 figure

Improving the Cybersecurity of Cyber-Physical Systems Through Behavioral Game Theory and Model Checking in Practice and in Education

This dissertation presents automated methods based on behavioral game theory and model checking to improve the cybersecurity of cyber-physical systems (CPSs) and advocates teaching certain foundational principles of these methods to cybersecurity students. First, it encodes behavioral game theory\u27s concept of level-k reasoning into an integer linear program that models a newly defined security Colonel Blotto game. This approach is designed to achieve an efficient allocation of scarce protection resources by anticipating attack allocations. A human subjects experiment based on a CPS infrastructure demonstrates its effectiveness. Next, it rigorously defines the term adversarial thinking, one of cybersecurity educations most important and elusive learning objectives, but for which no proper definition exists. It spells out what it means to think like a hacker by examining the characteristic thought processes of hackers through the lens of Sternberg\u27s triarchic theory of intelligence. Next, a classroom experiment demonstrates that teaching basic game theory concepts to cybersecurity students significantly improves their strategic reasoning abilities. Finally, this dissertation applies the SPIN model checker to an electric power protection system and demonstrates a straightforward and effective technique for rigorously characterizing the degree of fault tolerance of complex CPSs, a key step in improving their defensive posture

Cyber-Physical Power System (CPPS): A Review on Modelling, Simulation, and Analysis with Cyber Security Applications

Cyber-Physical System (CPS) is a new kind of digital technology that increases its attention across academia, government, and industry sectors and covers a wide range of applications like agriculture, energy, medical, transportation, etc. The traditional power systems with physical equipment as a core element are more integrated with information and communication technology, which evolves into the Cyber-Physical Power System (CPPS). The CPPS consists of a physical system tightly integrated with cyber systems (control, computing, and communication functions) and allows the two-way flows of electricity and information for enabling smart grid technologies. Even though the digital technologies monitoring and controlling the electric power grid more efficiently and reliably, the power grid is vulnerable to cybersecurity risk and involves the complex interdependency between cyber and physical systems. Analyzing and resolving the problems in CPPS needs the modelling methods and systematic investigation of a complex interaction between cyber and physical systems. The conventional way of modelling, simulation, and analysis involves the separation of physical domain and cyber domain, which is not suitable for the modern CPPS. Therefore, an integrated framework needed to analyze the practical scenario of the unification of physical and cyber systems. A comprehensive review of different modelling, simulation, and analysis methods and different types of cyber-attacks, cybersecurity measures for modern CPPS is explored in this paper. A review of different types of cyber-attack detection and mitigation control schemes for the practical power system is presented in this paper. The status of the research in CPPS around the world and a new path for recommendations and research directions for the researchers working in the CPPS are finally presented.publishedVersio