Abstract
Post-Stuxnet, the last couple of years has seen an increasing awareness of cyber threats to industrial control systems (ICS). We will review why these threats have become more prominent. We will explore the differences between Enterprise IT security and cyber security of ICS. Game Theory has been used to provide decision support in cyber security for a number of years. Recently, we have developed a hybrid approach using game theory and classical optimisation to produce decision support tools to help system administrators optimise their investment in cyber defence. We will describe how our game theoretic work might be used to provide novel approaches to protecting ICS against cyber attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boyes, H.: Resilience and cyber security of technology in the built environment. Techical report, IET (2013). http://www.theiet.org/resources/standards/
Council for cybersecurity: the critical security controls for effective cyber defense. Techical report, Council for Cybersecurity (2014)
Department of energy, U.: 21 steps to improve cyber security of SCADA networks. Techical report, DOE (2007). http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf
Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier. Techical report, Symantec (2011). www.symantec.com
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theorymeets information security management. In: Proceedings ICT Systems Security and Privacy Protection - 29th IFIP TC 11 International Conference, SEC 2014, 2-4 June 2014, Marrakech, Morocco, pp. 15–29 (2014)
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Comparing decision support approaches for cyber security investment. Techical report (2015). www.archiv.org
ICS-CERT: recommended practice: improving industrial control systems cybersecurity with defense-in-depth strategies. Techical report, Department of Homeland Security (2009). http://ics-cert.us-cert.gov/sites/default/files/Defense_in_Depth_Oct09.pdf?
Langner, R.: Stuxnet: Dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
McGuiness, T.: Defense in depth. Techical report, SANS Institute (2001). www.sans.org
Panaousis, E., Fielder, A., Malacaria, P., Hankin, C., Smeraldi, F.: Cybersecurity games and investments: a decision support approach. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 266–286. Springer, Heidelberg (2014)
Smeraldi, F., Malacaria, P.: How to spend it: optimal investment for cyber security. In: First International Workshop on Agents and Cyber Security (2014)
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS)security. Techical report, NIST (2013). http://dx.doi.org/10.6028/NIST.SP.800-82r1
Symantec: dragonfly: cyberespionage attacks against energy suppliers. Technical report, Symantec (2014). www.symantec.com
Acknowledgements
Our work on Industrial Control Systems is funded by the Research Institute on Trustworthy Industrial Control Systems (EPSRC grant EP/L021013/1) in collaboration with Deeph Chana. The work on game theory has been done in the Games and Abstraction project (EPSRC grant EP/K005790/1) in collaboration with Pasquale Malacaria, Andrew Fielder, Manos Panaousis and Fabrizio Smeraldi.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Hankin, C. (2016). Game Theory and Industrial Control Systems. In: Probst, C., Hankin, C., Hansen, R. (eds) Semantics, Logics, and Calculi. Lecture Notes in Computer Science(), vol 9560. Springer, Cham. https://doi.org/10.1007/978-3-319-27810-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-27810-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27809-4
Online ISBN: 978-3-319-27810-0
eBook Packages: Computer ScienceComputer Science (R0)