submitted on 2024-10-28, 07:53 and posted on 2024-11-03, 08:48authored byJawahir Yousef J. M. Al-Tamimi
The oil and gas industry is one of the vital pillars of global economy. In this industry, there are always risks of losing supply, costly time, information, and company or government reputation. The importance of the energy sector has made it a target for physical and cyberattacks, an increasing trend in the past years. The application of tools that study the intentions and possible decisions of attackers and defenders based on game theory has not been fully adopted in the industry. In an attacker-defender scenario, game theory can be applied to study attacks based on costs and potential losses. This thesis reviews the different types of games and their applications in the literature within the oil and gas industry and uses game theory to model a security risk assessment for an organization within this industry. A novel two-player nonzero-sum game is designed with complete information and utility functions that are informed by typical characteristics of the industry. A modified security assessment game is designed through the introduction of defender and attacker rewards. This modification was done to make the security assessment game more applicable to an attacker-defender scenario in the oil and gas industry. The basic security assessment game is not realistic when it comes to an intelligent and well-planned attack and contains a possible zero-sum outcome. With the introduction of the defender and attacker rewards, the defender gets better incentives to invest more in defence, while the attacker has the opportunity to gain money in the case of choosing not to waste money, time, and resources on a failed attack. We discuss the structure of the solution as a function of the reward. This helps the rational players to understand the influence of the reward on the overall utility for the organization. We believe that these features make our model more realistic and useful for real scenarios.