IAPSAM Logo

PSAM 16 Conference Session Th13 Overview

Session Chair: Ali Ayoub (aliayoub@mit.edu)

Paper 1 ZH169
Lead Author: Yunfei Zhao     Co-author(s): Linan Huang (huanglinan29@gmail.com) Quanyan Zhu (quanyan.zhu@nyu.edu) Carol Smidts (smidts.1@osu.edu)
Bayesian games for optimal cybersecurity investment with incomplete information of the attacker
The trend of digitization in various industrial systems has exposed these systems to increasing cyberattacks. Therefore, it is of vital importance to reduce the cybersecurity risk of industrial systems through cost-effective decisions on cybersecurity investment. In making such decisions, the defender is usually faced with the challenge that arises from incomplete information on the attacker. In this paper, we propose a Bayesian games approach to model the optimal cybersecurity investment strategy under such situations. In this approach, the defender categorizes the attacker into a finite number of types, e.g., various levels of capability, and assigns a probability distribution over the different types of attackers. Then the defender optimizes his/her cybersecurity investment based on risk assessment considering the possible attack efforts of these various types of attackers, with the objective of minimizing the expected cyberattack loss and the cybersecurity investment cost. The proposed method is demonstrated using a numerical example. We perform a sensitivity analysis for model parameters that may be difficult to obtain in practical applications, e.g., the loss for the defender caused by a successful attack. Key observations of the example include that the defender should not make any investment if the loss of a successful attack is below a certain threshold, and that losses for one type of attacker may correspond to gains for another type of attacker. The proposed method can be used to support cybersecurity investment decisions by industrial system owners.
Paper ZH169 | Download the paper file. | Download the presentation pdf file.
Name: Yunfei Zhao (zhao.2263@osu.edu)

Bio: Dr. Yunfei Zhao is a Research Associate Engineer at The Ohio State University, where he was a Post-doctoral Researcher for 3 years. He earned his doctoral degree in Nuclear Engineering from Tsinghua University and his bachelor’s degree in Thermal Energy Engineering from Shandong University. Dr. Zhao’s research interests include human reliability analysis, cybersecurity, fault diagnostics, and maintenance optimization for complex engineering systems.

Country: USA
Company: The Ohio State University
Job Title: Research Associate


Paper 2 VA166
Lead Author: Pavan Kumar Vaddi     Co-author(s): Michael C. Pietrykowski, pietrykowski.6@osu.edu; Xiaoxu Diao, diao.38@osu.edu; Yunfei Zhao, zhao.2263@osu.edu; Carol Smidts, smidts.1@osu.edu
Dynamic Probabilistic Risk Assessment for Cyber Security Risk Analysis in Nuclear Reactors
The increasing adaptation of nuclear power plants (NPPs) to incorporate software-based components along with digital communication networks in their operation has resulted in improved control, automation, monitoring and diagnostics, while simultaneously opening those power plants to a new dimension of risk, cyber-attacks. Additionally, the attackers have become more knowledgeable about the vulnerabilities associated with such software systems and network architectures. Hence there is a need to systematically study and quantify the risks associated with cyber-attacks on NPPs and the existing cyber defenses. In this paper we present a dynamic probabilistic risk assessment (DPRA) framework for nuclear power plants in the context of cyber security. In addition to stochastic events such as component failures, the framework implements cyber-attacks along with defenders’ i.e., the plant operators, and the attackers’ behaviors and their interactions in a game theory-based framework. The proposed DPRA framework is demonstrated using the secondary side of a pressurized water reactor (PWR).
Paper VA166 | Download the paper file. | Download the presentation PowerPoint file.
Name: Pavan Kumar Vaddi (vaddi.3@osu.edu)

Bio: Mr. PavanKumar Vaddi is a mechanical engineering grad student working in the Reliability and Risk Laboratory headed by Dr. Carol Smidts at The Ohio State University. He received his B.Tech degree in mechanical engineering from IIT Madras in 2017. His research interests include Probabilistic Risk Assessment for ICS cybersecurity and Fault diagnosis in industrial control systems.

Country: USA
Company: Ohio State University
Job Title: Student