Title | A Cybersecurity Insurance Model for Power System Reliability Considering Optimal Defense Resource Allocation |
Publication Type | Journal Article |
Year of Publication | 2020 |
Authors | Lau, Pikkin, Wei, Wei, Wang, Lingfeng, Liu, Zhaoxi, Ten, Chee-Wooi |
Journal | IEEE Transactions on Smart Grid |
Volume | 11 |
Pagination | 4403–4414 |
ISSN | 1949-3061 |
Keywords | composability, Computer crime, cyber risk management, cyber-insurance, cybersecurity, game theory, Insurance, intrusion tolerance, power system reliability, pubcrawl, Resiliency, SCADA systems, Substations, switched mode power supplies |
Abstract | With the increasing application of Information and Communication Technologies (ICTs), cyberattacks have become more prevalent against Cyber-Physical Systems (CPSs) such as the modern power grids. Various methods have been proposed to model the cybersecurity threats, but so far limited studies have been focused on the defensive strategies subject to the limited security budget. In this paper, the power supply reliability is evaluated considering the strategic allocation of defense resources. Specifically, the optimal mixed strategies are formulated by the Stackelberg Security Game (SSG) to allocate the defense resources on multiple targets subject to cyberattacks. The cyberattacks against the intrusion-tolerant Supervisory Control and Data Acquisition (SCADA) system are mathematically modeled by Semi-Markov Process (SMP) kernel. The intrusion tolerance capability of the SCADA system provides buffered residence time before the substation failure to enhance the network robustness against cyberattacks. Case studies of the cyberattack scenarios are carried out to demonstrate the intrusion tolerance capability. Depending on the defense resource allocation scheme, the intrusion-tolerant SCADA system possesses varying degrees of self-healing capability to restore to the good state and prevent the substations from failure. If more defense resources are invested on the substations, the intrusion tolerant capability can be further enhanced for protecting the substations. Finally, the actuarial insurance principle is designed to estimate transmission companies' individual premiums considering correlated cybersecurity risks. The proposed insurance premium principle is designed to provide incentive for investments on enhancing the intrusion tolerance capability, which is verified by the results of case studies. |
DOI | 10.1109/TSG.2020.2992782 |
Citation Key | lau_cybersecurity_2020 |