返回Google圖書搜尋

Role of Economic Policies in the Security of Critical Infrastructures

出版	University of Texas at Dallas, 2018
URL	http://books.google.com.hk/books?id=w8bsuQEACAAJ&hl=&source=gbs_api

註釋In the last few years we have witnessed the development of sophisticated attacks that target critical infrastructures. Such attacks can cause catastrophic damage; for instance, attacks on the electricity system can impact a variety of industrial, commercial, and residential customers. Protecting critical infrastructures remains a challenge, because the cyber threats evolve in time and these systems have both correlated risks and information asymmetries. Moreover, many security problems arise due to improper economic incentives, rather than technical difficulties. In this research we investigate how economic policies affect the security of critical infrastructures. First, we illustrate the importance of economic incentives showing how policies designed to protect systems have the opposite effect. In particular, we analyze how a company exploited flaws in contractual policies (asymmetric information) to profit by sponsoring attacks. We also show how to redesign the policies to prevent these situations. Second, we analyze attacks that leverage the market's infrastructure to manipulate the demand of users. We find that an attacker with enough influence can either increase his profit (protecting his anonymity) or cause blackouts. The attacker can succeed in markets with both centralized and distributed structures; however, attacks on distributed systems produce less profit, but also make it more difficult to detect and penalize attacks. Third, we investigate the optimal allocation of resources to protect systems against cyber threats that evolve in time. We model the evolution of threats with a Markov process and contemplate three protection schemes: prevention (e.g., secure code development), detection (intrusion detection systems), and risk transfer (e.g., cyber insurance). We find that uncertain-ties in the system's state make insurance more attractive as a risk management tool, but still, the defenders need incentives to purchase cyber insurance. Moreover, insurance can improve the investment in either prevention or detection, however, policies with indemnity subsidies and unlimited coverage can introduce perverse incentives that degrade the investments in security.