The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Optimal control of LTI systems over unreliable communication links
Automatica (Journal of IFAC)
Network externalities and the deployment of security features and protocols in the internet
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Security Decision-Making among Interdependent Organizations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Research challenges for the security of control systems
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Economics of malware: epidemic risks model, network externalities and incentives
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
Network Security: A Decision and Game-Theoretic Approach
Network Security: A Decision and Game-Theoretic Approach
Stuxnet: Dissecting a Cyberwarfare Weapon
IEEE Security and Privacy
On distributed constrained formation control in operator-vehicle adversarial networks
Automatica (Journal of IFAC)
Hi-index | 22.15 |
This article studies security decisions of identical plant-controller systems, when their security is interdependent due to network induced risks. Each plant is modeled by a discrete-time stochastic linear system, with the systems controlled over a shared communication network. We formulate the problem of security choices of the individual system operators (also called players) as a non-cooperative game. We consider a two-stage game, in which on the first stage the players decide whether to invest in security or not; and on the second stage, they apply control inputs to minimize the average operational costs. We characterize the equilibria of the game, which includes the determination of the individually optimal security levels. Next, we solve the problem of finding the socially optimal security levels. The presence of interdependent security causes a negative externality, and the individual players tend to under invest in security relative to the social optimum. This leads to a gap between the individual and the socially optimal security levels for a wide range of security costs. From our results, regulatory impositions to incentivize higher security investments are desirable.