A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Reinforcement Learning under Threats

In several reinforcement learning (RL) scenarios, mainly in security settings, there may be adversaries trying to interfere with the reward generating process. In this paper, we introduce Threatened Markov Decision Processes (TMDPs), which provide a framework to support a decision maker against a potential adversary in RL. Furthermore, we propose a level-$k$ thinking scheme resulting in a new learning framework to deal with TMDPs. After introducing our framework and deriving theoretical results, relevant empirical evidence is given via extensive experiments, showing the benefits of accounting for adversaries while the agent learns.Comment: Extends the verson published at the Proceedings of the AAAI Conference on Artificial Intelligence 33, https://www.aaai.org/ojs/index.php/AAAI/article/view/510

Policy analysis and policy analytics

Working from a description of what policy analysis entails, we review the emergence of the recent field of analytics and how it may impact public policy making. In particular, we seek to expose current applications of, and future possibilities for, new analytic methods that can be used to support public policy problem-solving and decision processes, which we term policy analytics. We then review key contributions to this special volume, which seek to support policy making or delivery in the areas of energy planning, urban transportation planning, medical emergency planning, healthcare, social services, national security, defence, government finance allocation, understanding public opinion, and fire and police services. An identified challenge, which is specific to policy analytics, is to recognize that public sector applications must balance the need for robust and convincing analysis with the need for satisfying legitimate public expectations about transparency and opportunities for participation. This opens up a range of forms of analysis relevant to public policy distinct from those most common in business, including those that can support democratization and mediation of value conflicts within policy processes. We conclude by identifying some potential research and development issues for the emerging field of policy analytics

Insider threat modeling: An adversarial risk analysis approach

Insider threats entail major security issues in geopolitics, cyber security and business organizations. Most earlier work in the field has focused on standard game theoretic approaches. We provide here two alternative, more realistic models based on adversarial risk analysis (ARA). ARA does not assume common knowledge and solves the problem from the point of view of just one of the players, the defender (typically), taking into account their knowledge and uncertainties regarding the choices available to them, to their adversaries, the possible outcomes, their payoffs/utilities and their opponents payoffs/utilities. The first model depicts the problem as a standard Defend-AttackDefend model. The second model segments the set of involved agents in three classes of users and considers both sequential as well as simultaneous actions. A data security example illustrates the discussion