Manara - Qatar Research Repository
Browse

Disaster Planning and Cyber Security Risk Assessment: A Game-Theoretic Approach for the Oil and Gas Industry

Download (3.65 MB)
thesis
submitted on 2024-10-28, 07:53 and posted on 2024-11-03, 08:48 authored by Jawahir Yousef J. M. Al-Tamimi
The oil and gas industry is one of the vital pillars of global economy. In this industry, there are always risks of losing supply, costly time, information, and company or government reputation. The importance of the energy sector has made it a target for physical and cyberattacks, an increasing trend in the past years. The application of tools that study the intentions and possible decisions of attackers and defenders based on game theory has not been fully adopted in the industry. In an attacker-defender scenario, game theory can be applied to study attacks based on costs and potential losses. This thesis reviews the different types of games and their applications in the literature within the oil and gas industry and uses game theory to model a security risk assessment for an organization within this industry. A novel two-player nonzero-sum game is designed with complete information and utility functions that are informed by typical characteristics of the industry. A modified security assessment game is designed through the introduction of defender and attacker rewards. This modification was done to make the security assessment game more applicable to an attacker-defender scenario in the oil and gas industry. The basic security assessment game is not realistic when it comes to an intelligent and well-planned attack and contains a possible zero-sum outcome. With the introduction of the defender and attacker rewards, the defender gets better incentives to invest more in defence, while the attacker has the opportunity to gain money in the case of choosing not to waste money, time, and resources on a failed attack. We discuss the structure of the solution as a function of the reward. This helps the rational players to understand the influence of the reward on the overall utility for the organization. We believe that these features make our model more realistic and useful for real scenarios.

History

Language

  • English

Publication Year

  • 2022

License statement

© The author. The author has granted HBKU and Qatar Foundation a non-exclusive, worldwide, perpetual, irrevocable, royalty-free license to reproduce, display and distribute the manuscript in whole or in part in any form to be posted in digital or print format and made available to the public at no charge. Unless otherwise specified in the copyright statement or the metadata, all rights are reserved by the copyright holder. For permission to reuse content, please contact the author.

Institution affiliated with

  • Hamad Bin Khalifa University
  • College of Science and Engineering - HBKU

Degree Date

  • 2022

Degree Type

  • Master's

Advisors

Luluwah Al-Fagih

Committee Members

Brenno Menezes ; Laoucine Kerbache ; Saif Al-Kuwari

Department/Program

College of Science and Engineering

Usage metrics

    College of Science and Engineering - HBKU

    Categories

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC