![grid defense grid defense](https://www.offthegridnews.com/wp-content/uploads/2014/09/gas-can-istock.jpg)
The approach presented does not necessarily eliminate biases and subjectivity necessary for selecting countermeasures, but provides justifiable methods for selecting risk management actions consistent with stakeholder and decisionmaker values and technical data.Īs our infrastructure, economy, and national defense increasingly rely upon cyberspace and information technology, the security of the systems that support these functions becomes more critical. The use of this technique is illustrated for a hypothetical, but realistic, case study exemplifying the process of evaluating and ranking five cybersecurity enhancement strategies. The proposed framework bridges the gap between risk assessment and risk management, allowing an analyst to ensure a structured and transparent process of selecting risk management alternatives. We present a decision-analysis-based approach that quantifies threat, vulnerability, and consequences through a set of criteria designed to assess the overall utility of cybersecurity management alternatives. Here, we review probabilistic and risk-based decision-making techniques applied to cyber systems and conclude that existing approaches typically do not address all components of the risk assessment triplet (threat, vulnerability, consequence) and lack the ability to integrate across multiple domains of cyber systems to provide guidance for enhancing cybersecurity. Among these challenges are the constantly changing nature of cyber systems caused by technical advances, their distribution across the physical, information, and sociocognitive domains, and the complex network structures often including thousands of nodes. Risk assessors and managers face many difficult challenges related to novel cyber systems. Yet high-payoff nodes, which we also found in our empirical analysis. This is likely due to the presence of low-load However, DLB performs more poorly than minimax defense when faced with theĪttacker's best response to DLB. Load based (DLB) defense when played against a minimax attack strategy. Produces roughly the same expected payoff as an easy-to-compute deterministic More from increased resources than the defender. Empirically, we noted that the game favors the attacker as he benefits We also perform anĮxperimental evaluation of the model and game on a real-world power grid We formalize problemsįor identifying both mixed and deterministic strategies for both players, proveĬomplexity results under a variety of different scenarios, identify tractableĬases, and develop algorithms for these problems. Number of consumers having access to producers of power. Graph and introduce the cascading failure game in which both the defender andĪttacker choose a subset of power stations such as to minimize (maximize) the Resources to do this for the entire power grid. Harden the security posture at certain power stations but may lack the time and
![grid defense grid defense](https://3dimensional.com/wp-content/uploads/2015/08/grid-defense-300x172.jpg)
Presence of legacy systems, etc.) may hinder security. Particularly an important concern when the enemy has the capability to launchĬyber-attacks as practical concerns (i.e. That maximizes the number of customers without electricity. Substations and sources of power generation to initiate a cascading failure An adversary looking to disrupt a power grid may look to target certain