Behavior Risk: the Indefinite Aspect at the Stuxnet Attack?

Boehmer, Wolfgang

Home // SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies // View article

Behavior Risk: the Indefinite Aspect at the Stuxnet Attack?

Authors:
Wolfgang Boehmer

Keywords: Event risks; behavioral risks; trust/investor game; IT security concept; industrial control system

Abstract:
In 2009, the Stuxnet virus was first observed in the wild and was considered as a novelty among the viruses. The Stuxnet virus is classified as a game changer and so we denote it causa Stuxnet. For the critical infrastructures, it was inconceivable, that a specific virus has been developed for industrial systems. Besides this novelty, the infection path was di erent from the typical patterns of attack and infection in the field of oce communication. In this article, we focus only on the infection path of Stuxnet. We use the Game Theory to analyze the infection path. We found that the infection path is one game in a complex multi-layer game. As a result, based on a Nash equilibrium, a cooperative solution is proposed to arm the existing IT security concepts against such infections. Nevertheless, the existing IT security concepts are not useless, but the behavioral risk has to be taken into account.

Pages: 117 to 125

Copyright: Copyright (c) IARIA, 2013

Publication date: August 25, 2013

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-298-1

Location: Barcelona, Spain

Dates: from August 25, 2013 to August 31, 2013