Biblio

With the increasing application of Information and Communication Technologies (ICTs), cyberattacks have become more prevalent against Cyber-Physical Systems (CPSs) such as the modern power grids. Various methods have been proposed to model the cybersecurity threats, but so far limited studies have been focused on the defensive strategies subject to the limited security budget. In this paper, the power supply reliability is evaluated considering the strategic allocation of defense resources. Specifically, the optimal mixed strategies are formulated by the Stackelberg Security Game (SSG) to allocate the defense resources on multiple targets subject to cyberattacks. The cyberattacks against the intrusion-tolerant Supervisory Control and Data Acquisition (SCADA) system are mathematically modeled by Semi-Markov Process (SMP) kernel. The intrusion tolerance capability of the SCADA system provides buffered residence time before the substation failure to enhance the network robustness against cyberattacks. Case studies of the cyberattack scenarios are carried out to demonstrate the intrusion tolerance capability. Depending on the defense resource allocation scheme, the intrusion-tolerant SCADA system possesses varying degrees of self-healing capability to restore to the good state and prevent the substations from failure. If more defense resources are invested on the substations, the intrusion tolerant capability can be further enhanced for protecting the substations. Finally, the actuarial insurance principle is designed to estimate transmission companies' individual premiums considering correlated cybersecurity risks. The proposed insurance premium principle is designed to provide incentive for investments on enhancing the intrusion tolerance capability, which is verified by the results of case studies.

This research explored how cyber security risks are managed across UK Critical National Infrastructure (CNI) sectors following implementation of the 2018 Networks and Information Security (NIS) legislation. Being in its infancy, there has been limited study into the effectiveness of this national framework for cyber risk management. The analysis of data gathered through interviews with key stakeholders against the NIS objectives indicated a collaborative implementation approach to improve cyber-risk management capabilities in CNI sectors. However, more work is required to bridge the gaps in the NIS framework to ensure holistic security across cyber spaces as well as non-cyber elements: cyber-physical security, cross-sector CNI service security measures, outcome-based regulatory assessments and risks due to connected smart technology implementations alongside legacy systems. This paper proposes ten key recommendations to counter the danger of not meeting the NIS key strategic objectives. In particular, it recommends that the approach to NIS implementation needs further alignment with its objectives, such as bringing a step-change in the cyber-security risk management capabilities of the CNI sectors.

With the capability of support mobile computing demand with small delay, fog computing has gained tremendous popularity. Nevertheless, its highly virtualized environment is vulnerable to cyber attacks such as emerging Advanced Persistent Threats attack. In this paper, we propose a novel approach of cyber risk management for the fog computing platform. Particularly, we adopt the cyber-insurance as a tool for neutralizing cyber risks from fog computing platform. We consider a fog computing platform containing a group of fog nodes. The platform is composed of three main entities, i.e., the fog computing provider, attacker, and cyber-insurer. The fog computing provider dynamically optimizes the allocation of its defense computing resources to improve the security of the fog computing platform. Meanwhile, the attacker dynamically adjusts the allocation of its attack resources to improve the probability of successful attack. Additionally, to prevent from the potential loss due to attacks, the provider also makes a dynamic decision on the purchases ratio of cyber-insurance from the cyber-insurer for each fog node. Thereafter, the cyber-insurer accordingly determines the premium of cyber-insurance for each fog node. In our formulated dynamic Stackelberg game, the attacker and provider act as the followers, and the cyber-insurer acts as the leader. In the lower level, we formulate an evolutionary subgame to analyze the provider's defense and cyber-insurance subscription strategies as well as the attacker's attack strategy. In the upper level, the cyber-insurer optimizes its premium determination strategy, taking into account the evolutionary equilibrium at the lower-level evolutionary subgame. We analytically prove that the evolutionary equilibrium is unique and stable. Moreover, we provide a series of insightful analytical and numerical results on the equilibrium of the dynamic Stackelberg game.

Cyber risk management largely reduces to a race for information between defenders of ICT systems and attackers. Defenders can gain advantage in this race by sharing cyber risk information with each other. Yet, they often exchange less information than is socially desirable, because sharing decisions are guided by selfish rather than altruistic reasons. A growing line of research studies these strategic aspects that drive defenders’ sharing decisions. The present survey systematizes these works in a novel framework. It provides a consolidated understanding of defenders’ strategies to privately or publicly share information and enables us to distill trends in the literature and identify future research directions. We reveal that many theoretical works assume cyber risk information sharing to be beneficial, while empirical validations are often missing.