Securing Infrastructure Facilities: When does proactive defense help? (1804.00391v2)

Abstract: Infrastructure systems are increasingly facing new security threats due to the vulnerabilities of cyber-physical components that support their operation. In this article, we investigate how the infrastructure operator (defender) should prioritize the investment in securing a set of facilities in order to reduce the impact of a strategic adversary (attacker) who can target a facility to increase the overall usage cost of the system. We adopt a game-theoretic approach to model the defender-attacker interaction and study two models: normal-form game -- where both players move simultaneously; and sequential game -- where attacker moves after observing the defender's strategy. For each model, we provide a complete characterization of how the set of facilities that are secured by the defender in equilibrium vary with the costs of attack and defense. Importantly, our analysis provides a sharp condition relating the cost parameters for which the defender has the first mover advantage. Specifically, we show that to fully deter the attacker from targeting any facility, the defender needs to proactively secure all "vulnerable facilities" at an appropriate level of effort. We illustrate the outcome of the attacker-defender interaction on a simple transportation network. We also suggest a dynamic learning setup to understand how this outcome can affect the ability of imperfectly informed users to make their decisions about using the system in the post-attack stage.