This page has only limited features, please log in for full access.

Dr. Stefan Schauer
AIT Austrian Institute of Technology GmbH

Basic Info

Basic Info is private.

Research Keywords & Expertise

0 Critical Infrastructure Protection
0 Game Theory
0 Risk Assessment
0 Risk Management
0 Threat propagation

Fingerprints

Game Theory
Risk Management
Risk Assessment

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Article
Published: 23 April 2021 in Journal of Transportation Security
Reads 0
Downloads 0

The European Commission (EC) has funded the Scalable multidimensionAl sitUation awaReness sOlution for protectiNg european ports (SAURON) project to reduce the vulnerabilities of EU ports, as one of the main European critical infrastructures, and increase their systemic resilience in the face of a physical, cyber or combined cyber-physical threat. The goal of SAURON has been to provide a multidimensional yet installation-specific Situational Awareness platform to help port operators anticipate and withstand potential cyber, physical or combined threats to their businesses and to people. During the SAURON project port authorities and stakeholders stated that it would be very helpful to have generic guidance to help ports respond to the combined cyber-physical security threat. The goal of this paper is to help ports understand the hybrid cyber-physical security threat, and how to reduce port vulnerabilities, based on lessons from the SAURON project. The paper is structured in line with the International Ship and Port Facility Security (ISPS) Code Port Facility security assessment process, and relates port security planning based on the ISPS guidelines to insights and lessons from SAURON. This paper demonstrates the importance of understanding the interdependencies between the cyber and physical domains and improving security situational awareness when incidents (including deliberate attacks) cause cascading effects across these domains. Furthermore, the paper draws conclusions and makes recommendations to ports and policy makers to reduce the vulnerability of ports to hybrid cyber-physical attacks.

ACS Style

Neil Adams; Richard Chisnall; Christopher Pickering; Stefan Schauer; Rafael Company Peris; Ioannis Papagiannopoulos. Guidance for ports: security and safety against physical, cyber and hybrid threats. Journal of Transportation Security 2021, 1 -29.

AMA Style

Neil Adams, Richard Chisnall, Christopher Pickering, Stefan Schauer, Rafael Company Peris, Ioannis Papagiannopoulos. Guidance for ports: security and safety against physical, cyber and hybrid threats. Journal of Transportation Security. 2021; ():1-29.

Chicago/Turabian Style

Neil Adams; Richard Chisnall; Christopher Pickering; Stefan Schauer; Rafael Company Peris; Ioannis Papagiannopoulos. 2021. "Guidance for ports: security and safety against physical, cyber and hybrid threats." Journal of Transportation Security , no. : 1-29.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

This chapter discusses the use of data and data science to choose values for model parameters, and suggests a few methods and literature pointers to techniques that can be helpful to instantiate models. Furthermore, we review a set of selected software tools that help with the setup and equilibrium analysis of practical game theoretic models. We revisit various examples throughout the book in a tutorial-like step-by-step approach describing how game models can be analyzed. The focus is herein on openly and freely available software, parts of which is open source. Where applicable, we also give closed form solutions to certain classes of games, and generic transformations to make game theoretic problems solvable with help of optimization software. This shall equip practitioners with direct tools to use in practice, and with further literature pointers.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Practicalities. Cyberspace 2020, 249 -282.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Practicalities. Cyberspace. 2020; ():249-282.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Practicalities." Cyberspace , no. : 249-282.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

This chapter revisits the concept of a utility function, first introduced in Chap. 3, from an axiomatic viewpoint. We review the fundamental principles of decision making as axioms that induce the existence of (continuous) utility functions. Since empirical research of decision situations in real life has shown considerable deviations between mathematical rationality and human behavior, we continue with a series of possible explanations by relaxing or dropping individual axioms from the set of fundamental principles, to explain the difference between human behavior and the utility maximization paradigm. This establishes valuable lessons for the construction of games, say if payoff models are constructed from subjective data (interviews, expert estimates, or similar), but also highlights the need to consider individual risk perception and attitude though the utility function design in a game theoretic model.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Bounded Rationality. Cyberspace 2020, 99 -114.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Bounded Rationality. Cyberspace. 2020; ():99-114.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Bounded Rationality." Cyberspace , no. : 99-114.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

In this chapter, we adopt a holistic cross-layer viewpoint towards a hierarchical structure of ICS and the attack models. The physical layer is comprised of devices, controllers and the plant whereas the cyber layer consists of routers, protocols, and security agents and manager. The physical layer controllers are often designed to be robust, adaptive, and reliable for physical disturbances or faults. With the possibility of malicious behavior from the network, it is also essential for us to design physical layer defense that take into account the disturbances and delay resulting from routing and network traffic as well as the unexpected failure of network devices due to cyber-attacks. On the other hand, the cyber security policies are often designed without consideration of control performances. To ensure the continuous operability of the control system, it is equally important for us to design security policies that provide maximum level of security enhancement but minimum level of system overhead on the networked system. The physical and cyber aspects of control systems should be viewed holistically for analysis and design.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Defense-in-Depth-Games. Cyberspace 2020, 211 -221.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Defense-in-Depth-Games. Cyberspace. 2020; ():211-221.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Defense-in-Depth-Games." Cyberspace , no. : 211-221.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

This chapter introduces the most important classes of games underlying practical security models. These include Stackelberg games, Nash games, signaling games, and games with distribution-valued payoffs. The latter build upon empirical methods and data science to construct games from data, but also reveals theoretic connections to multi-criteria optimization using lexicographic goal priorities (that classical games cannot deal with, but distribution-valued games can handle). Each game description is accompanied by examples from the security domain to motivate and illustrate the use of the individual model. Each class of game is discussed in relation to the other types, highlighting pros and cons, las well as applications, detailed in later chapters.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Types of Games. Cyberspace 2020, 79 -97.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Types of Games. Cyberspace. 2020; ():79-97.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Types of Games." Cyberspace , no. : 79-97.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

Patrolling and surveillance games both deal with a chasing-evading situation of an adversary trying to escape detection by either a mobile defender (patrolling) or a fixed defender (surveillance). Both kinds of games are played on graphs as abstract models of an infrastructure, and we review a variety of closed-form solutions for optimal patrolling in different classes of graph topologies. Applications include patrolling along lines (borders, pipelines, or similar), harbors (tree-structured graphs), and large geographic areas in general (planar graphs and maps). For surveillance and patrolling, we give hints on how to estimate the necessary resources, and how to include imperfectness and uncertainty, related to the detection capabilities, but also the chances of the adversary escaping the view of the patroller or surveillance. In complex terrain, we will discuss the use of simulation and empirical games (over real-valued and stochastic orders).

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Patrolling and Surveillance Games. Cyberspace 2020, 159 -177.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Patrolling and Surveillance Games. Cyberspace. 2020; ():159-177.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Patrolling and Surveillance Games." Cyberspace , no. : 159-177.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

The term “game” has substantially different meanings within the security area, depending on whether we speak about cryptographic security in particular, or system security in a more general setting that includes quantitative security with help of game theory. Game theory and cryptography are, however, of mutual value for each other, since game theory can help designing self-enforcing security of cryptographic protocols, and cryptography contributes invaluable mechanisms to implement games for security. This chapter introduces both ideas, being rational cryptography for the design of protocols that use rationality to incentivize players to follow faithfully, but also addresses the classical security goals like confidentiality, integrity, availability and authenticity by describing security games with quantitative and unconditional security guarantees. The chapter closes with a connection between network design for security and the P/NP question whose discovery is made with help from game theory.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Cryptographic Games. Cyberspace 2020, 223 -247.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Cryptographic Games. Cyberspace. 2020; ():223-247.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Cryptographic Games." Cyberspace , no. : 223-247.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

This chapter refines the introduction of security in critical infrastructures by going into deeper details about how threats and countermeasures differ and are specific for the physical domain, the cyber domain and intermediate areas. Gaining an understanding of these differences is crucial for the design of effective countermeasures against the diverse nature of today’s advanced persistent threats (APTs). As even local incidents may have far-reaching consequences beyond the logical or physical boundaries of a critical infrastructure, we devote parts of the chapter to a discussion and overview of simulation methods that help to model and estimate possible effects of security incidents across interwoven infrastructures. Such simulation models form an invaluable source of information and data for the subsequent construction of game-theoretic security models discussed in the rest of the book.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Critical Infrastructures. Cyberspace 2020, 21 -42.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Critical Infrastructures. Cyberspace. 2020; ():21-42.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Critical Infrastructures." Cyberspace , no. : 21-42.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

Cyber insurance provides users a valuable additional layer of protection to transfer cyber data risks to third-parties. An incentive-compatible cyber insurance policy can reduce the number of successful cyber-attacks by incentivizing the adoption of preventative measures in return for more coverage and the implementation of best practices by pricing premiums based on an insured level of self-protection. This chapter introduces a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of cyber insurance and enables a systematic design of incentive-compatible and attack-aware insurance policy. The chapter also introduces a new metric of disappointment rate that measures the difference between the actual damage and the expected damage.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Insurance. Cyberspace 2020, 137 -158.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Insurance. Cyberspace. 2020; ():137-158.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Insurance." Cyberspace , no. : 137-158.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

This chapter opens the book by introducing the characteristics and particularities of critical infrastructures. Their existence and interplay forms a vital pillar of contemporary societies, and their protection is a top duty of governments and security research. Recent years have shown a paradigm shift of cyber-attacks from specific individual threat and attack scenarios, to a modern combination of various attack types and strategies to what we call an advanced persistent threat (APT) today. This term describes a diverse class of attacks that all share a set of common characteristics, which presents new challenges to security that demand urgent and continuous action by practitioners, researchers and every stakeholder of a critical infrastructure. The main focus of the book is describing game theory as a tool to establish security against APTs, and to this end, the introduction here starts with the abstract characteristics of an APT, showcasing them with a set of selected real-life documented cases of APTs that ends the chapter.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Introduction. Cyberspace 2020, 3 -20.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Introduction. Cyberspace. 2020; ():3-20.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Introduction." Cyberspace , no. : 3-20.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

Since both, decision- and game theory vitally employ optimization at their core, this chapter will provide the basic ideas, concepts and modeling aspects of optimization. It is intended to provide the mathematical basics for the further chapters. The presentation is to the point of a simple, compact and self-contained description of: (i) what is decision- and game-theory about, (ii) how do the two areas differ, and (iii) how does the practical work with these models look like when we strive for solutions. Specifically, we discuss preference relations, real and stochastic ordering relations and optimization as the most general covering framework, including single- and multi-goal optimization, with applications in being decision theory and game theory. Numeric examples accompany each section and concept. The opening of the chapter will specifically set the notation for all upcoming (mathematical) descriptions, to be consistent throughout the entire presentation (and book).

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Mathematical Decision Making. Cyberspace 2020, 43 -78.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Mathematical Decision Making. Cyberspace. 2020; ():43-78.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Mathematical Decision Making." Cyberspace , no. : 43-78.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

In this chapter, we consider games for the computation of optimal strategies of how, how often, and when to inspect along a production line, or general industrial process. We review basic concepts of statistical tests, conducted whenever the defender chooses its action to “inspect”, and to understand cheating strategies for the adversary trying to escape detection along the statistical test. This non-detection game is then embedded into an outer sequential game over several stages of inspection, accounting for limited resources and possibilities of the defender to check repeatedly. We also consider inspections as a defense pattern against advanced persistent threat (APT), with two models suitable for two distinct type of APTs: the FlipIt game is discussed as a model when the APT’s goal is to gain longest possible control over an infrastructure, without wishing to damage or destroy it permanently. Complementary to this is the Cut-The-Rope game about defending against an APT whose goal is hitting a vital asset and to destroy or at least permanently damage a critical infrastructure.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Optimal Inspection Plans. Cyberspace 2020, 179 -209.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Optimal Inspection Plans. Cyberspace. 2020; ():179-209.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Optimal Inspection Plans." Cyberspace , no. : 179-209.

Chapter
Published: 25 June 2020 in Cyberspace
Reads 0
Downloads 0

This chapter embeds game theoretic techniques and models inside the ISO31000 risk management process, as a generic template for the general duty of risk control. We observe similarities between risk management processes and extensive form games, accompanied by the possibility of using game-theoretic algorithms and methods in various steps of a risk management process. Examples include decision making for risk prioritization, choice of best risk mitigation actions or optimal resource allocation for security. To this end, we discuss a variety of systematic methods for adversarial risk analysis (ARA), resilience management (in relation to risk management), level-k thinking, and the assessment of action spaces and utilities for games.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Risk Management. Cyberspace 2020, 117 -135.

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Risk Management. Cyberspace. 2020; ():117-135.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Risk Management." Cyberspace , no. : 117-135.

Book
Published: 01 January 2020 in Cyberspace
Reads 0
Downloads 0

This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation. Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack “practically impossible.” A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats. Drawing on the authors’ experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.

ACS Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. Cyber-Security in Critical Infrastructures. Cyberspace 2020, 1 .

AMA Style

Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu. Cyber-Security in Critical Infrastructures. Cyberspace. 2020; ():1.

Chicago/Turabian Style

Stefan Rass; Stefan Schauer; Sandra König; Quanyan Zhu. 2020. "Cyber-Security in Critical Infrastructures." Cyberspace , no. : 1.

Conference paper
Published: 20 December 2019 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

Nowadays, critical infrastructures operate a large number of highly interdependent, cyber-physical systems. Thus, incidents can have far-reaching cascading effects throughout the entire infrastructure, which need to be identified and estimated to realize a proper risk management. In this paper, we present a formal model to describe the propagation of a threat through the various physical and cyber assets within a critical infrastructure and the cascading effects this has on the entire infrastructure. We further show, how this model can be implemented into a prototypical tool, which allows to efficiently simulate the cascading effects of a given incident on the entire network of the infrastructure’s cyber-physical assets. The functionalities of the tool are demonstrated using a small demo set-up of a maritime port infrastructure. In this set-up, four incident scenarios both from the physical and cyber domain are simulated and the results are discussed.

ACS Style

Stefan Schauer; Thomas Grafenauer; Sandra König; Manuel Warum; Stefan Rass. Estimating Cascading Effects in Cyber-Physical Critical Infrastructures. Transactions on Petri Nets and Other Models of Concurrency XV 2019, 43 -56.

AMA Style

Stefan Schauer, Thomas Grafenauer, Sandra König, Manuel Warum, Stefan Rass. Estimating Cascading Effects in Cyber-Physical Critical Infrastructures. Transactions on Petri Nets and Other Models of Concurrency XV. 2019; ():43-56.

Chicago/Turabian Style

Stefan Schauer; Thomas Grafenauer; Sandra König; Manuel Warum; Stefan Rass. 2019. "Estimating Cascading Effects in Cyber-Physical Critical Infrastructures." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 43-56.

Conference paper
Published: 30 December 2018 in Privacy Enhancing Technologies
Reads 0
Downloads 0

While risk in many areas of science and security is quantitatively understood as expected loss, resilience is a frequently used but much less formalized term. Defining the term plainly as the probability of outage appears as an oversimplification of practical matters, since precautions towards resilience typically target at impacts and may be without influence on any likelihoods of outage at all. We thus propose a quantitative definition of resilience inspired by and in alignment with the understanding of risk as the product of likelihood and impact. Our measure is based on the same ingredients as risk measures, but takes the level of preparedness as an additional variable into account. We discuss the embedding of this measure in the landscape of security risk management, as well as we point out issues and possibilities to the finding of the inputs from which resilience can be computed. A worked example illustrates and corroborates our proposed method.

ACS Style

Sandra König; Thomas Schaberreiter; Stefan Rass; Stefan Schauer. A Measure for Resilience of Critical Infrastructures. Privacy Enhancing Technologies 2018, 57 -71.

AMA Style

Sandra König, Thomas Schaberreiter, Stefan Rass, Stefan Schauer. A Measure for Resilience of Critical Infrastructures. Privacy Enhancing Technologies. 2018; ():57-71.

Chicago/Turabian Style

Sandra König; Thomas Schaberreiter; Stefan Rass; Stefan Schauer. 2018. "A Measure for Resilience of Critical Infrastructures." Privacy Enhancing Technologies , no. : 57-71.

Conference paper
Published: 30 December 2018 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

Over the last years, critical infrastructures have become the target of highly sophisticated attacks causing severe damage to economic and social life. In most cases, such attacks are utilizing combined attack vectors from both the physical and the cyber domain. The magnitude of the consequences is often increased by cascading effects in both domains, even further amplifying each other. In this article, we present a framework implementing a holistic approach towards situational awareness for critical infrastructures. This Hybrid Situational Awareness (HSA) combines information coming from the physical as well as from the cyber domain and is able to identify potential cascading effects of an incident. In this context, the hybrid approach particularly focuses on the inter-domain propagation of a failure, i.e., the effects of a physical incident on the cyber domain and vice versa. We will show how such a Hybrid Situational Awareness can be implemented and illustrate its functionality based on a complex attack scenario.

ACS Style

Stefan Schauer; Benjamin Rainer; Nicolas Museux; David Faure; Javier Hingant; Federico Jesús Carvajal Rodrigo; Stefan Beyer; Rafael Company Peris; Sergio Zamarripa Lopez. Conceptual Framework for Hybrid Situational Awareness in Critical Port Infrastructures. Transactions on Petri Nets and Other Models of Concurrency XV 2018, 191 -203.

AMA Style

Stefan Schauer, Benjamin Rainer, Nicolas Museux, David Faure, Javier Hingant, Federico Jesús Carvajal Rodrigo, Stefan Beyer, Rafael Company Peris, Sergio Zamarripa Lopez. Conceptual Framework for Hybrid Situational Awareness in Critical Port Infrastructures. Transactions on Petri Nets and Other Models of Concurrency XV. 2018; ():191-203.

Chicago/Turabian Style

Stefan Schauer; Benjamin Rainer; Nicolas Museux; David Faure; Javier Hingant; Federico Jesús Carvajal Rodrigo; Stefan Beyer; Rafael Company Peris; Sergio Zamarripa Lopez. 2018. "Conceptual Framework for Hybrid Situational Awareness in Critical Port Infrastructures." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 191-203.

Correction
Published: 04 October 2018 in Journal of Transportation Security
Reads 0
Downloads 0
ACS Style

Stefan Schauer; Nineta Polemi; Haralambos Mouratidis. Correction to: MITIGATE: a dynamic supply chain cyber risk assessment methodology. Journal of Transportation Security 2018, 12, 37 -37.

AMA Style

Stefan Schauer, Nineta Polemi, Haralambos Mouratidis. Correction to: MITIGATE: a dynamic supply chain cyber risk assessment methodology. Journal of Transportation Security. 2018; 12 (1-2):37-37.

Chicago/Turabian Style

Stefan Schauer; Nineta Polemi; Haralambos Mouratidis. 2018. "Correction to: MITIGATE: a dynamic supply chain cyber risk assessment methodology." Journal of Transportation Security 12, no. 1-2: 37-37.

Conference paper
Published: 26 September 2018 in Privacy Enhancing Technologies
Reads 0
Downloads 0

Even though players in a game optimize their goals by playing an equilibrium, the perceived payoff per round may (and in most cases will) deviate from the expected average payoff. For the example of loss minimization, an undercut of the expected loss is unproblematic, while suffering more than the expected loss may disappoint the player and lead it to believe that the played strategy is not optimal. In the worst case, this may subsequently cause deviations towards seemingly better strategies, even though the equilibrium cannot be improved in general. Such deviations from the utility maximization principle are subject of bounded rationality research, and this work is a step towards more accurate game theoretic models that include disappointment aversion as an additional incentive. This incentive necessarily creates discontinuities in the payoff functionals, so that Nash’s classical equilibrium theorem is no longer applicable. For games with disappointment aversion (defined in this work) the existence of equilibria can nonetheless be shown, i.e., we are able to find Nash equilibria that comply with disappointment aversion.

ACS Style

Jasmin Wachter; Stefan Rass; Sandra König; Stefan Schauer. Disappointment-Aversion in Security Games. Privacy Enhancing Technologies 2018, 314 -325.

AMA Style

Jasmin Wachter, Stefan Rass, Sandra König, Stefan Schauer. Disappointment-Aversion in Security Games. Privacy Enhancing Technologies. 2018; ():314-325.

Chicago/Turabian Style

Jasmin Wachter; Stefan Rass; Sandra König; Stefan Schauer. 2018. "Disappointment-Aversion in Security Games." Privacy Enhancing Technologies , no. : 314-325.

Article
Published: 01 September 2018 in Journal of Transportation Security
Reads 0
Downloads 0

Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.

ACS Style

Stefan Schauer; Nineta Polemi; Haralambous Mouratidis. MITIGATE: a dynamic supply chain cyber risk assessment methodology. Journal of Transportation Security 2018, 12, 1 -35.

AMA Style

Stefan Schauer, Nineta Polemi, Haralambous Mouratidis. MITIGATE: a dynamic supply chain cyber risk assessment methodology. Journal of Transportation Security. 2018; 12 (1-2):1-35.

Chicago/Turabian Style

Stefan Schauer; Nineta Polemi; Haralambous Mouratidis. 2018. "MITIGATE: a dynamic supply chain cyber risk assessment methodology." Journal of Transportation Security 12, no. 1-2: 1-35.