Book chapter in Game Theory for Security and Risk Management
Stefan Rass, Stefan Schauer (Editors)
ISBN 978-3-319-75268-6
Abstract: In complex interdependent systems, the interactions between the attacker and the defender play an important role in defining the optimal defense strategy. In this context, game theory offers a mathematical framework to study interactions between different players with the same or conflicting interests. For example, Law et al. [20] investigate false data injection attacks on the power grid and formulate the problem as a stochastic security game between an attacker and a defender. Amin et al. [21] present a framework to assess risks to cyber-physical systems when interdependencies between information and physical systems may result in correlated failures.
In this chapter, we address the issue of the security risk management of interdependent communication and electric infrastructures in the smart grid by proposing an analytical model for hardening security on critical communication equipment used to control the power grid. Using noncooperative game theory, we analyze the behavior of an attacker and a defender. The attacker tries to compromise communication equipment to cause the maximum impact on the power grid. On the other hand, the defender tries to protect the power system by hardening the security on communication equipment, while taking into account the existence of backup control equipment in the communication infrastructure. In [22] and [23], we proposed an analytical model based on game theory for optimizing the distribution of defense resources on communication equipment taking into account the interdependencies between electric and communication infrastructures and defined a methodology to assess some of the parameters of the model. In this chapter, we make a number of extensions to this model in an attempt to answer the following questions: Is security by obscurity a good strategy for the defender? Under which conditions can a player guarantee a certain payoff? How can we strategically assess the initial security risk on communication equipment? Is deception required from the part of the defender to better protect the system? As we will see, while some of these questions can be analyzed analytically in the general case, some answers to these questions are system dependent and will therefore be analyzed in the case study. Throughout this chapter, the communication system refers to the telecommunication infrastructure responsible of controlling and monitoring the electric system.
