Cyber-Security in Critical Infrastructures: A Game-Theoretic Approach
Rass, Stefan, Schauer, Stefan, König, Sandra
This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation.
Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack "practically impossible." A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats.
Drawing on the authors' experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.
Stefan Rass graduated with a double master degree in mathematics and computer science from the Universitaet Klagenfurt (AAU) in 2005. He received a Ph.D. degree in mathematics in 2009 and habilitated on applied computer science and system security in 2014. His research interests cover decision theory and game-theory with applications in system security, as well as complexity theory, statistics, and information-theoretic security. He won several awards, and authored numerous papers related to security and applied statistics and decision theory in security. He (co-authored) the book "Cryptography for Security and Privacy in Cloud Computing," published by Artech House, and edited the Springer Birkhäuser Book "Game Theory for Security and Risk Management: From Theory to Practice" in the series on Static & Dynamic Game Theory: Foundations & Applications. He participated in various nationally and internationally funded research projects, as well as being a contributing researcher in many EU projects and offering consultancy services to the industry. He chaired and co-chaired scientific conferences related to security, such as the 2015 Central European Conference on Cryptography, as well as the 8th Conference on Decision and Game Theory for Security, and the 2020 ICRA Workshop on Security in Robotics. Currently, he is an associate professor at the AAU, teaching courses on algorithms and data structures, theoretical computer science, complexity theory, security, and cryptography.
Stefan Schauer is a researcher in the Center for Digital Safety & Security at the Austrian Institute of Technology (AIT). He studied Computer Science at the University of Klagenfurt and received his PhD in Theoretical Physics, working on Quantum Cryptography and Entanglement Swapping, at the Technical University Vienna. Since 2005, he is working for the AIT in several projects related to the fields of classical security and risk management, in particular in the context of critical infrastructure protection. Currently, his main research activities focus on novel approaches for risk management and risk assessment using methodologies from the field of game theory. Stefan Schauer has taken his research into practice in the course of several national and international research projects, where the theoretical concepts are evaluated together with critical infrastructure operators and other end users. Further, he coordinated the EU FP7 project "HyRiM - Hybrid Risk Management for Utility Networks", in which a novel risk management approach for utility providers was developed. He is currently involved in the EU H2020 project SAURON, where he looks at methodologies to implement a hybrid situational awareness solution for maritime port infrastructures.
Sandra König is a researcher in the Centre for Digital Safety & Security and the Centre for Dependable Systems Engineering at the Austrian Institute of Technology (AIT). She received her BSc and MSc degree in mathematics with a focus on Statistics at ETH Zurich and her PhD with distinction in Mathematics at Alpen-Adria University Klagenfurt in 2013. Her research interests range from stochastics, statistics and machine learning to automata and game theory. ln several national and international projects, she developed risk models for interdependent networks, such as critical infrastructures, and methods to estimate cascading effects therein. She is a regular contributor to international conferences that focus on security of critical infrastructures, logistics, simulation, and game theory. ln 2019, she received a best paper award at Computing Conference in London. Beyond research, she is a lecturer for mathematics at the university of applied science in Krems, Austria.
Quanyan Zhu received B. Eng. in Honors Electrical Engineering from McGill University in 2006, M. A. Sc. from the University of Toronto in 2008, and Ph.D. from the University of Illinois at Urbana-Champaign (UIUC) in 2013. After stints at Princeton University, he is currently an associate professor at the Department of Electrical and Computer Engineering, New York University (NYU). He is an affiliated faculty member of the Center for Urban Science and Progress (CUSP) at NYU. He is a recipient of many awards, including NSF CAREER Award, NYU Goddard Junior Faculty Fellowship, NSERC Postdoctoral Fellowship (PDF), NSERC Canada Graduate Scholarship (CGS), and Mavis Future Faculty Fellowships. He spearheaded and chaired INFOCOM Workshop on Communications and Control on Smart Energy Systems (CCSES), Midwest Workshop on Control and Game Theory (WCGT), and ICRA workshop on Security and Privacy of Robotics. His current research interests include game theory, machine learning, cyber deception, network optimization and control, Internet of Things, and cyber-physical systems. He has served as the general chair or TPC chair of the 7th Conference on Decision and Game Theory for Security (GameSec) in 2016, the 9th International Conference on NETwork Games, COntrol and OPtimisation (NETGCOOP) in 2018, the 5th International Conference on Artificial Intelligence and Security (ICAIS 2019) in 2019, and 2020 IEEE Workshop on Information Forensics and Security (WIFS). His current research is supported by NSF, DoD, DOE, DHS, DOT, and DARPA.