Managing Security Risks Interdependencies Between ICT and Electric Infrastructures: A Game Theoretical Analysis

Abstract

The smart grid will increasingly rely on the communication infrastructure to ensure a reliable and secure delivery of electricity. The use of off-the-shelf operating systems in the communication infrastructure has the potential to increase the attack surface of the power grid. In this chapter, we address the issue of the security risk management of interdependent communication and electric infrastructures in the smart grid by proposing an analytical model for hardening security on critical communication equipment used to control the power grid. Using noncooperative game theory, we analyze the behavior of an attacker and a defender. The attacker tries to compromise communication equipment to cause the maximum impact on the power grid. On the other hand, the defender tries to protect the power system by hardening the security on communication equipment, while taking into account the existence of backup control equipment in the communication infrastructure. We analyze different types of interactions between the attacker and the defender and propose methodologies to assess the initial security risk on communication equipment and the parameters of the analytical model used to evaluate the impact of equipment failures in the power system. We validate our model via a case study based on the Polish electric power transmission system.