Security Interdependencies for Networked Control Systems with Identical Agents

  • Saurabh Amin
  • Galina A. Schwartz
  • S. Shankar Sastry
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6442)


This paper studies the security choices of identical plant- controller systems, when their security is interdependent due the exposure to network induced risks. Each plant is modeled by a discrete-time stochastic linear system, which is sensed and controlled over a communication network. We model security decisions of the individual systems (also called players) as a game. We consider a two-stage game, in which first, the players choose whether to invest in security or not; and thereafter, choose control inputs to minimize the average operational costs. We fully characterize equilibria of the game, which give us the individually optimal security choices. We also find the socially optimal choices. The presence of security interdependence creates a negative externality, and results in a gap between the individual and the socially optimal security choices for a wide range of security costs. Due to the negative externality, the individual players tend to under invest in security.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alpcan, T., Başar, T.: Network Security: A Decision and Game Theoretic Approach. Cambridge University Press, Philadelphia (2011)MATHGoogle Scholar
  2. 2.
    Amin, S., Cárdenas, A.A., Sastry, S.: Safe and secure networked control systems under denial-of-service attacks. In: Majumdar, R., Tabuada, P. (eds.) HSCC 2009. LNCS, vol. 5469, pp. 31–45. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Anderson, R., Böhme, R., Clayton, R., Moore, T.: Security economics and European policy. In: Proceedings of the Workshop on the Economics of Information Security WEIS, Hanover, USA (June 2008)Google Scholar
  4. 4.
    Anderson, R., Fuloria, S.: Security economics and critical national infrastructure. In: The Eighth Workshop on the Economics of Information Security (2009)Google Scholar
  5. 5.
    Anderson, R., Fuloria, S.: On the security economics of electricity metering. In: The Ninth Workshop on the Economics of Information Security (2010)Google Scholar
  6. 6.
    Başar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory, 2nd edn., Philadelphia. SIAM Series in Classics in Applied Mathematics (1999)Google Scholar
  7. 7.
    Bier, V., Oliveros, S., Samuelson, L.: Choosing what to protect: Strategic defensive allocation against an unknown attacker. Journal of Public Economic Theory 9(4), 563–587 (2007)CrossRefGoogle Scholar
  8. 8.
    Böhme, R., Schwartz, G.A.: Modeling cyber-insurance: Towards a unifying framework. In: Proceedings of the Workshop on the Economics of Information Security WEIS, Harvard University, Cambridge (June 2010)Google Scholar
  9. 9.
    Cárdenas, A.A., Amin, S., Sastry, S.S.: Research challenges for the security of control systems. In: Provos, N. (ed.) HotSec. USENIX Association (2008)Google Scholar
  10. 10.
    Carin, L., Cybenko, G., Hughes, J.: Cybersecurity strategies: The QuERIES methodology. Computer 41Google Scholar
  11. 11.
    Cavusoglu, H., Mishra, B., Raghunathan, S.: The value of intrusion detection systems in information technology security architecture. Info. Sys. Research 16(1), 28–46 (2005)CrossRefGoogle Scholar
  12. 12.
    Garone, E., Sinopoli, B., Casavola, A.: LQG control over lossy TCP-like networks with probabilistic packet acknowledgements. International Journal of Systems, Control and Communications 2(1/2/3), 55–81 (2010)CrossRefGoogle Scholar
  13. 13.
    Grossklags, J., Christin, N., Chuang, J. (eds.): Secure or Insure? A Game-Theoretic Analysis of Information Security Games. In: Proceedings of the 17th International World Wide Web Conference (April 2008)Google Scholar
  14. 14.
    Heal, G., Kunreuther, H.: Interdependent security. Journal of Risk and Uncertainty 26(2-3), 231–249 (2003)MATHGoogle Scholar
  15. 15.
    Heal, G., Kunreuther, H.: Interdependent security: A general model. NBER Working Papers 10706, National Bureau of Economic Research, Inc. (August 2004)Google Scholar
  16. 16.
    Hespanha, J.P., Naghshtabrizi, P., Xu, Y.: A survey of recent results in networked control systems. Proceedings of the IEEE 95(1), 138–162 (2007)CrossRefGoogle Scholar
  17. 17.
    Hofmann, A.: Internalizing externalities of loss prevention through insurance monopoly: an analysis of interdependent risks. The GENEVA Risk and Insurance Review 32(1), 91–111 (2007)CrossRefGoogle Scholar
  18. 18.
    Imer, O.C., Yüksel, S., Başar, T.: Optimal control of LTI systems over unreliable communication links. Automatica 42(9), 1429–1439 (2006)MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Kunreuther, H., Heal, G.: Interdependent security: The case of identical agents. Working Paper 8871, National Bureau of Economic Research (April 2002)Google Scholar
  20. 20.
    Lelarge, M.: Economics of malware: epidemic risks model, network externalities and incentives. In: Allerton 2009: Proceedings of the 47th Annual Allerton Conference on Communication, Control, and Computing, Piscataway, NJ, USA, pp. 1353–1360. IEEE Press, Los Alamitos (2009)CrossRefGoogle Scholar
  21. 21.
    Lelarge, M., Bolot, J.: Network externalities and the deployment of security features and protocols in the internet. SIGMETRICS Perform. Eval. Rev. 36(1), 37–48 (2008)CrossRefGoogle Scholar
  22. 22.
    Mounzer, J., Alpcan, T., Bambos, N.: Dynamic control and mitigation of interdependent IT security risks. In: Proceedings of the IEEE Conference on Communication (ICC), IEEE Communications Society (May 2010)Google Scholar
  23. 23.
    Schenato, L., Sinopoli, B., Franceschetti, M., Poolla, K., Sastry, S.S.: Foundations of control and estimation over lossy networks. Proceedings of the IEEE 95, 163–187 (2007)CrossRefGoogle Scholar
  24. 24.
    Tabors, R.D., Parker, G., Caramanis, M.C.: Development of the smart grid: Missing elements in the policy process. In: Proceedings of the Hawaii International Conference on System Sciences, Los Alamitos, CA, USA, pp. 1–7 (2010)Google Scholar
  25. 25.
    Dam, K.W., Owens, W.A., Lin, H.S.: Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. Committee on Offensive Information Warfare, National Research Council, Philadelphia (2009)Google Scholar
  26. 26.
    Weiss, J.: Protecting Industrial Control Systems from Electronic Threats. Momentum Press (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Saurabh Amin
    • 1
  • Galina A. Schwartz
    • 2
  • S. Shankar Sastry
    • 2
  1. 1.Department of CEEUniversity of California at BerkeleyBerkeleyUSA
  2. 2.Department of EECSUniversity of California at BerkeleyBerkeleyUSA

Personalised recommendations