Smart cities must integrate a number of interdependent cyber-physical systems
that operate in a coordinated manner to improve the well-being of the city's
residents. A cyber-physical system (CPS) is a system of computational elements
controlling physical entities. Large-scale CPSs are more vulnerable to attacks
due to the cyber-physical interdependencies that can lead to cascading failures
which can have a significant detrimental effect on a city. In this paper, a
novel approach is proposed for analyzing the problem of allocating security
resources, such as firewalls and anti-malware, over the various cyber
components of an interdependent CPS to protect the system against imminent
attacks. The problem is formulated as a Colonel Blotto game in which the
attacker seeks to allocate its resources to compromise the CPS, while the
defender chooses how to distribute its resources to defend against potential
attacks. To evaluate the effects of defense and attack, various CPS factors are
considered including human-CPS interactions as well as physical and topological
characteristics of a CPS such as flow and capacity of interconnections and
minimum path algorithms. Results show that, for the case in which the attacker
is not aware of the CPS interdependencies, the defender can have a higher
payoff, compared to the case in which the attacker has complete information.
The results also show that, in the case of more symmetric nodes, due to
interdependencies, the defender achieves its highest payoff at the equilibrium
compared to the case with independent, asymmetric nodes