Abstract

Many modern critical infrastructures are cyber–physical systems that rely on the integration of physical processes and computational resources. While this integration enables advanced system diagnostics, monitoring, and control, it also exposes the physical process to cyber-threats. Critical infrastructures such as nuclear power plants may be targeted by a variety of threat agents, each with unique motivations, resources, and capabilities. A Bayesian game-theoretic approach is presented to secure critical infrastructure when the adversary’s characteristics are uncertain. In a Bayesian game, some players have incomplete information about the other players. Within the context of critical infrastructure cybersecurity, plant defenders have incomplete information about threat agents, and threat agents have incomplete information about plant defenders. A Bayesian game provides a quantitative method for security teams to identify optimal defense strategies.The Bayesian game-theoretic approach is demonstrated on the residual heat removal system of a boiling water reactor. Threat agents are modeled as types in the game using a threat agent library that defines each threat’s characteristics. Similarly, different types of defenders are modeled by considering consequences of importance to plant stakeholders. Using these type definitions, utility functions are defined for each player. Nash equilibria of the Stackelberg game and two simultaneous games are identified and discussed. Using this procedure, a security team at a nuclear power plant can select the optimal strategy to defend the plant from cyber-threats.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.