Optimizing investments in cyber-security for critical infrastructure

Investments in the cyber-security of critical infrastructure must balance preventing intrusion, detecting a cyber-attack, and mitigating the attacker's physical effects on computer controlled equipment. For this purpose, we outline a method for making optimal investment decisions that balance these three aspects of a cyber-defense. The proposed method accounts for the physical process that is being controlled and the relative cost and performance of technologies for prevention, detection, and mitigation. We illustrate the proposed method with a model of a chiller that is based on the supercomputer chillers at Oak Ridge National Laboratory. This model is used to select security capabilities that yields the greatest protection for a fixed budget.