Cyber risk analysis for a smart grid : how smart is smart enough?
Abstract/Contents
- Abstract
- As electric sector stakeholders make the decision to upgrade traditional power grid architectures by incorporating smart grid technologies and new intelligent components, the benefits of added connectivity must be weighed against the risk of increased exposure to cyberattacks. Therefore, decision makers must ask: how smart is smart enough? This dissertation presents a probabilistic risk analysis (PRA) framework to this problem, involving systems analysis, stochastic modeling, economic analysis, and decision analysis to quantify the overall benefit and risk facing the network and ultimately help decision makers formally assess tradeoffs and set priorities given limited resources. Central to this approach is a new Bayes-adaptive network security model based on a reformulation of the classic "multi-armed bandits" problem, where instead of projects with uncertain probabilities of success, a network defender faces network nodes that can be attacked at uncertain Poisson-distributed rates. This new technique, which by similarity we call "multi-node bandits, " takes a dynamic approach to cybersecurity investment, exploring how network defenders can optimally allocate cyber defense teams among nodes in their network. In effect, this strategy involves taking teams that traditionally respond to cyber breaches after they occur, and instead employing them in a proactive manner for defensive and information gathering purposes. We apply this model to a case study of an electric utility considering the degree to which to integrate demand response technology into their smart grid network, jointly identifying both the optimal level of connectivity and the optimal strategy for the sequential allocation of cybersecurity resources. Additional analytical and empirical results demonstrate the extension of the model to handling a range of practical network security applications, including sensitivity analysis to organization-specific security factors, settings with dynamic or dependent rates of attack, or handling defense teams as imperfect detectors of cyberattacks.
Description
| Type of resource | text |
|---|---|
| Form | electronic; electronic resource; remote |
| Extent | 1 online resource. |
| Publication date | 2017 |
| Issuance | monographic |
| Language | English |
Creators/Contributors
| Associated with | Smith, Matthew David |
|---|---|
| Associated with | Stanford University, Department of Management Science and Engineering. |
| Primary advisor | Paté-Cornell, M. Elisabeth (Marie Elisabeth) |
| Thesis advisor | Paté-Cornell, M. Elisabeth (Marie Elisabeth) |
| Thesis advisor | Bambos, Nicholas |
| Thesis advisor | Nesbitt, Dale |
| Advisor | Bambos, Nicholas |
| Advisor | Nesbitt, Dale |
Subjects
| Genre | Theses |
|---|
Bibliographic information
| Statement of responsibility | Matthew David Smith. |
|---|---|
| Note | Submitted to the Department of Management Science and Engineering. |
| Thesis | Thesis (Ph.D.)--Stanford University, 2017. |
| Location | electronic resource |
Access conditions
- Copyright
- © 2017 by Matthew David Smith
- License
- This work is licensed under a Creative Commons Attribution Non Commercial 3.0 Unported license (CC BY-NC).
Also listed in
Loading usage metrics...