Budget constrained optimal security hardening of control networks for critical cyber-infrastructures

Competing schemes for security-hardening the power grid differ in their installation costs and the amount of coverage they provide against cyber attacks. Manually mapping schemes to vulnerable assets, where each asset has a unique degree of criticality in an arbitrary power network configuration, is a cumbersome process. Moreover finding an optimal scheme combination so as to maximize overall network security under a fixed budget constraint is an NP hard problem. In this paper we describe a dynamic programming solution to this problem and implement it along with logic-based models of the power grid, its control elements and best security practices as a tool-chain. The tool-chain takes, as input, a power network configuration, and the budget constraints and security schemes described in logic, determines the critical assets and automatically selects an optimal scheme combination to apply to maximize security. We demonstrate the feasibility of the tool chain implementation by security hardening the IEEE power system 118-bus test case from a pool of five different best-practice schemes.