Abstract
This paper studies the security choices of identical plant- controller systems, when their security is interdependent due the exposure to network induced risks. Each plant is modeled by a discrete-time stochastic linear system, which is sensed and controlled over a communication network. We model security decisions of the individual systems (also called players) as a game. We consider a two-stage game, in which first, the players choose whether to invest in security or not; and thereafter, choose control inputs to minimize the average operational costs. We fully characterize equilibria of the game, which give us the individually optimal security choices. We also find the socially optimal choices. The presence of security interdependence creates a negative externality, and results in a gap between the individual and the socially optimal security choices for a wide range of security costs. Due to the negative externality, the individual players tend to under invest in security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alpcan, T., BaÅŸar, T.: Network Security: A Decision and Game Theoretic Approach. Cambridge University Press, Philadelphia (2011)
Amin, S., Cárdenas, A.A., Sastry, S.: Safe and secure networked control systems under denial-of-service attacks. In: Majumdar, R., Tabuada, P. (eds.) HSCC 2009. LNCS, vol. 5469, pp. 31–45. Springer, Heidelberg (2009)
Anderson, R., Böhme, R., Clayton, R., Moore, T.: Security economics and European policy. In: Proceedings of the Workshop on the Economics of Information Security WEIS, Hanover, USA (June 2008)
Anderson, R., Fuloria, S.: Security economics and critical national infrastructure. In: The Eighth Workshop on the Economics of Information Security (2009)
Anderson, R., Fuloria, S.: On the security economics of electricity metering. In: The Ninth Workshop on the Economics of Information Security (2010)
BaÅŸar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory, 2nd edn., Philadelphia. SIAM Series in Classics in Applied Mathematics (1999)
Bier, V., Oliveros, S., Samuelson, L.: Choosing what to protect: Strategic defensive allocation against an unknown attacker. Journal of Public Economic Theory 9(4), 563–587 (2007)
Böhme, R., Schwartz, G.A.: Modeling cyber-insurance: Towards a unifying framework. In: Proceedings of the Workshop on the Economics of Information Security WEIS, Harvard University, Cambridge (June 2010)
Cárdenas, A.A., Amin, S., Sastry, S.S.: Research challenges for the security of control systems. In: Provos, N. (ed.) HotSec. USENIX Association (2008)
Carin, L., Cybenko, G., Hughes, J.: Cybersecurity strategies: The QuERIES methodology. Computer 41
Cavusoglu, H., Mishra, B., Raghunathan, S.: The value of intrusion detection systems in information technology security architecture. Info. Sys. Research 16(1), 28–46 (2005)
Garone, E., Sinopoli, B., Casavola, A.: LQG control over lossy TCP-like networks with probabilistic packet acknowledgements. International Journal of Systems, Control and Communications 2(1/2/3), 55–81 (2010)
Grossklags, J., Christin, N., Chuang, J. (eds.): Secure or Insure? A Game-Theoretic Analysis of Information Security Games. In: Proceedings of the 17th International World Wide Web Conference (April 2008)
Heal, G., Kunreuther, H.: Interdependent security. Journal of Risk and Uncertainty 26(2-3), 231–249 (2003)
Heal, G., Kunreuther, H.: Interdependent security: A general model. NBER Working Papers 10706, National Bureau of Economic Research, Inc. (August 2004)
Hespanha, J.P., Naghshtabrizi, P., Xu, Y.: A survey of recent results in networked control systems. Proceedings of the IEEE 95(1), 138–162 (2007)
Hofmann, A.: Internalizing externalities of loss prevention through insurance monopoly: an analysis of interdependent risks. The GENEVA Risk and Insurance Review 32(1), 91–111 (2007)
Imer, O.C., Yüksel, S., Başar, T.: Optimal control of LTI systems over unreliable communication links. Automatica 42(9), 1429–1439 (2006)
Kunreuther, H., Heal, G.: Interdependent security: The case of identical agents. Working Paper 8871, National Bureau of Economic Research (April 2002)
Lelarge, M.: Economics of malware: epidemic risks model, network externalities and incentives. In: Allerton 2009: Proceedings of the 47th Annual Allerton Conference on Communication, Control, and Computing, Piscataway, NJ, USA, pp. 1353–1360. IEEE Press, Los Alamitos (2009)
Lelarge, M., Bolot, J.: Network externalities and the deployment of security features and protocols in the internet. SIGMETRICS Perform. Eval. Rev. 36(1), 37–48 (2008)
Mounzer, J., Alpcan, T., Bambos, N.: Dynamic control and mitigation of interdependent IT security risks. In: Proceedings of the IEEE Conference on Communication (ICC), IEEE Communications Society (May 2010)
Schenato, L., Sinopoli, B., Franceschetti, M., Poolla, K., Sastry, S.S.: Foundations of control and estimation over lossy networks. Proceedings of the IEEE 95, 163–187 (2007)
Tabors, R.D., Parker, G., Caramanis, M.C.: Development of the smart grid: Missing elements in the policy process. In: Proceedings of the Hawaii International Conference on System Sciences, Los Alamitos, CA, USA, pp. 1–7 (2010)
Dam, K.W., Owens, W.A., Lin, H.S.: Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. Committee on Offensive Information Warfare, National Research Council, Philadelphia (2009)
Weiss, J.: Protecting Industrial Control Systems from Electronic Threats. Momentum Press (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Amin, S., Schwartz, G.A., Sastry, S.S. (2010). Security Interdependencies for Networked Control Systems with Identical Agents. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds) Decision and Game Theory for Security. GameSec 2010. Lecture Notes in Computer Science, vol 6442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17197-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-17197-0_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17196-3
Online ISBN: 978-3-642-17197-0
eBook Packages: Computer ScienceComputer Science (R0)