TY - GEN
T1 - A game-theoretic approach to defending nuclear systems from stuxnet-type attacks
AU - Maccarone, Lee T.
AU - Cole, Daniel G.
AU - Rao, Nageswara S.V.
AU - Melin, Alexander M.
AU - Cetiner, Sacit M.
N1 - Publisher Copyright:
© 2018 Westinghouse Electric Company LLC All Rights Reserved
PY - 2019
Y1 - 2019
N2 - Cyber-physical systems consist of interconnected physical processes and computational resources. Because the cyber and physical worlds are integrated, vulnerabilities in both the cyber and physical domains can result in damage to the physical system. As cyber-physical systems, nuclear power plants must be secure in both domains in order to maintain operational safety. Nuclear power plants may be targeted by a variety of threat actors such as state actors, hack-tivists, and disgruntled employees-each with a unique motivation and set of resources. This work predicts the outcome of a cyber-physical attack on a nuclear power plant by examining the interaction between a threat actor and a plant defender. A game-theoretic approach is presented to analyze attacks on cyber-physical systems. The cyber-physical attack is analyzed as a two-player strategic-form game. The two players are an attacker and a defender: the defender attempts to maintain plant operation while the attacker attempts to disrupt it. The attacker's strategy set consists of a cyber attack, physical attack, cyber-physical attack, and abstaining from an attack. The defender's strategy set consists of a cyber reinforcement, physical reinforcement, cyber-physical reinforcement, and abstaining from reinforcement. Each player incurs a cost from either attacking or defending. If an attack is successful, the attacker incurs a gain and the defender incurs a loss. A mixed strategy Nash equilibrium is identified. Under the mixed Nash equilibrium conditions, the expected utility of the attacker is zero, and the expected utility of the defender is the cost of cyber-physical reinforcement.
AB - Cyber-physical systems consist of interconnected physical processes and computational resources. Because the cyber and physical worlds are integrated, vulnerabilities in both the cyber and physical domains can result in damage to the physical system. As cyber-physical systems, nuclear power plants must be secure in both domains in order to maintain operational safety. Nuclear power plants may be targeted by a variety of threat actors such as state actors, hack-tivists, and disgruntled employees-each with a unique motivation and set of resources. This work predicts the outcome of a cyber-physical attack on a nuclear power plant by examining the interaction between a threat actor and a plant defender. A game-theoretic approach is presented to analyze attacks on cyber-physical systems. The cyber-physical attack is analyzed as a two-player strategic-form game. The two players are an attacker and a defender: the defender attempts to maintain plant operation while the attacker attempts to disrupt it. The attacker's strategy set consists of a cyber attack, physical attack, cyber-physical attack, and abstaining from an attack. The defender's strategy set consists of a cyber reinforcement, physical reinforcement, cyber-physical reinforcement, and abstaining from reinforcement. Each player incurs a cost from either attacking or defending. If an attack is successful, the attacker incurs a gain and the defender incurs a loss. A mixed strategy Nash equilibrium is identified. Under the mixed Nash equilibrium conditions, the expected utility of the attacker is zero, and the expected utility of the defender is the cost of cyber-physical reinforcement.
KW - Cyber-physical systems
KW - Game theory
KW - Nash equilibrium
KW - Security
KW - Stuxnet
UR - http://www.scopus.com/inward/record.url?scp=85070976628&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85070976628
T3 - 11th Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2019
SP - 411
EP - 421
BT - 11th Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2019
PB - American Nuclear Society
T2 - 11th Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2019
Y2 - 9 February 2019 through 14 February 2019
ER -