A Comprehensive Insight into Game Theory in relevance to Cyber Security

The progressively ubiquitous connectivity in the present information systems pose newer challenges tosecurity. The conventional security mechanisms have come a long way in securing the well-definedobjectives of confidentiality, integrity, authenticity and availability. Nevertheless, with the growth in thesystem complexities and attack sophistication, providing security via traditional means can beunaffordable. A novel theoretical perspective and an innovative approach are thus required forunderstanding security from decision-making and strategic viewpoint. One of the analytical tools whichmay assist the researchers in designing security protocols for computer networks is game theory. Thegame-theoretic concept finds extensive applications in security at different levels, including thecyberspace and is generally categorized under security games. It can be utilized as a robust mathematicaltool for modelling and analyzing contemporary security issues. Game theory offers a natural frameworkfor capturing the defensive as well as adversarial interactions between the defenders and the attackers.Furthermore, defenders can attain a deep understanding of the potential attack threats and the strategiesof attackers by equilibrium evaluation of the security games. In this paper, the concept of game theoryhas been presented, followed by game-theoretic applications in cybersecurity including cryptography.Different types of games, particularly those focused on securing the cyberspace, have been analysed andvaried game-theoretic methodologies including mechanism design theories have been outlined foroffering a modern foundation of the science of cybersecurity

Capturing industrial CO2 emissions in Spain: Infrastructures, costs and break-even prices

This paper examines the conditions for the deployment of large-scale pipeline and storage infrastructure needed for the capture of CO2 in Spain by 2040. It details a modeling framework that allows us to determine the optimal infrastructure needed to connect a geographically disaggregated set of emitting and storage clusters, along with the threshold CO2 values necessary to ensure that the considered emitters will make the necessary investment decisions. This framework is used to assess the relevance of various policy scenarios, including (i) the perimeter of the targeted emitters for a CCS uptake, and (ii) the relevance of constructing several regional networks instead of a single grid to account for the spatial characteristics of the Spanish peninsula. We find that three networks naturally emerge in the north, center and south of Spain. Moreover, the necessary CO2 break-even price critically depends on the presence of power stations in the capture perimeter. Policy implications of these findings concern the elaboration of relevant, pragmatic recommendations to envisage CCS deployment locally, focusing on emitters with lower substitution options toward low-carbon alternatives

TRIDEnT: Building Decentralized Incentives for Collaborative Security

Sophisticated mass attacks, especially when exploiting zero-day vulnerabilities, have the potential to cause destructive damage to organizations and critical infrastructure. To timely detect and contain such attacks, collaboration among the defenders is critical. By correlating real-time detection information (alerts) from multiple sources (collaborative intrusion detection), defenders can detect attacks and take the appropriate defensive measures in time. However, although the technical tools to facilitate collaboration exist, real-world adoption of such collaborative security mechanisms is still underwhelming. This is largely due to a lack of trust and participation incentives for companies and organizations. This paper proposes TRIDEnT, a novel collaborative platform that aims to enable and incentivize parties to exchange network alert data, thus increasing their overall detection capabilities. TRIDEnT allows parties that may be in a competitive relationship, to selectively advertise, sell and acquire security alerts in the form of (near) real-time peer-to-peer streams. To validate the basic principles behind TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is of independent interest, and show that collaboration is bound to take place infinitely often. Furthermore, to demonstrate the feasibility of our approach, we instantiate our design in a decentralized manner using Ethereum smart contracts and provide a fully functional prototype.Comment: 28 page

Critical Infrastructure Protection Metrics and Tools Papers and Presentations

Contents: Dr. Hilda Blanco: Prioritizing Assets in Critical Infrastructure Systems; Christine Poptanich: Strategic Risk Analysis; Geoffrey S. French/Jin Kim: Threat-Based Approach to Risk Case Study: Strategic Homeland Infrastructure Risk Assessment (SHIRA); William L. McGill: Techniques for Adversary Threat Probability Assessment; Michael R. Powers: The Mathematics of Terrorism Risk Stefan Pickl: SOA Approach to the IT-based Protection of CIP; Richard John: Probabilistic Project Management for a Terrorist Planning a Dirty Bomb Attack on a Major US Port; LCDR Brady Downs: Maritime Security Risk Analysis Model (MSRAM); Chel Stromgren: Terrorism Risk Assessment and Management (TRAM); Steve Lieberman: Convergence of CIP and COOP in Banking and Finance; Harry Mayer: Assessing the Healthcare and Public Health Sector with Model Based Risk Analysis; Robert Powell: How Much and On What? Defending and Deterring Strategic Attackers; Ted G. Lewis: Why Do Networks Cascade

Optimizing dynamic investment decisions for railway systems protection

Past and recent events have shown that railway infrastructure systems are particularly vulnerable to natural catastrophes, unintentional accidents and terrorist attacks. Protection investments are instrumental in reducing economic losses and preserving public safety. A systematic approach to plan security investments is paramount to guarantee that limited protection resources are utilized in the most efficient manner. In this article, we present an optimization model to identify the railway assets which should be protected to minimize the impact of worst case disruptions on passenger flows. We consider a dynamic investment problem where protection resources become available over a planning horizon. The problem is formulated as a bilevel mixed-integer model and solved using two different decomposition approaches. Random instances of different sizes are generated to compare the solution algorithms. The model is then tested on the Kent railway network to demonstrate how the results can be used to support efficient protection decisions