Cyber Risk Analysis for a Smart Grid: How Smart is Smart Enough? A Multiarmed Bandit Approach to Cyber Security Investment

As electric sector stakeholders make the decision to upgrade traditional power grid architectures by incorporating smart grid technologies, the benefits of added connectivity must be weighed against the risk of increased exposure to cyber-attacks. Therefore, decision makers must ask: How smart is smart enough? This paper presents a probabilistic risk analysis framework to address this problem. The goal is to quantify the overall benefit and risk of adding connections to a network and hiring a number of cyber defense teams, with the objective to help decision makers formally assess tradeoffs and set priorities given limited resources. Central to this approach is a new Bayes-adaptive network security model based on a reformulation of the "multiarmed bandits" (MAB) problem. Here, instead of projects with uncertain probabilities of success as in the classic MAB problem, a network defender faces the possibility of attacks against network nodes at uncertain Poisson-distributed rates. This new technique, which by similarity we call "multinode bandits," takes a dynamic view of cyber security investment, exploring how network defenders can optimally allocate cyber defense teams among nodes. In effect, this approach entails employing proactively for defensive and information gathering purposes teams that traditionally respond to cyber breaches after they occur. We apply this model to the case study of an electric utility considering the degree to which they should integrate demand response into their smart grid network, jointly identifying both the optimal level of connectivity and the optimal strategy for the sequential allocation of cyber security resources.