Hypergames and Cyber-Physical Security for Control Systems

The identification of the Stuxnet worm in 2010 provided a highly publicized example of a cyber attack that physically damaged an industrial control system. This raised public awareness about the possibility of similar attacks against other industrial targets-including critical infrastructure. In this article, we use hypergames to analyze how strategic perturbations of sensor readings and calibrated parameters can be used to manipulate a system that employs optimal control. Hypergames form an extension of game theory that enables us to model strategic interactions where the players may have significantly different perceptions of the game(s) they are playing. Past work with hypergames has focused on relatively simple interactions consisting of a small set of discrete choices for each player. Here, we apply single-stage hypergames to larger systems with continuous variables. We find that manipulating constraints can be a more effective attacker strategy than manipulating objective function parameters. Moreover, the attacker need not change the underlying system to carry out a successful attack-it may be sufficient to deceive the defender controlling the system. It is possible to scale our approach up to even larger systems, but this will depend on the characteristics of the system in question, and we identify several characteristics that will make those systems amenable to hypergame analysis.