ebook img

Charging and Discharging of Plug-In Electric Vehicles (PEVs) in Vehicle-to-Grid (V2G) Systems: A Cyber Insurance-Based Model PDF

3.7 MB·
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Charging and Discharging of Plug-In Electric Vehicles (PEVs) in Vehicle-to-Grid (V2G) Systems: A Cyber Insurance-Based Model

1 Charging and Discharging of Plug-In Electric Vehicles (PEVs) in Vehicle-to-Grid (V2G) Systems: A Cyber Insurance-Based Model Dinh Thai Hoang1, Ping Wang1, Dusit Niyato1, and Ekram Hossain2 1 School of Computer Science and Engineering, Nanyang Technological University, Singapore 2 Department of Electrical and Computer Engineering, Universtity of Manitoba, Canada Abstract—In addition to being environment-friendly, vehicle- are suitable for short-time ancillary services given their small 7 to-grid(V2G)systemscanhelptheplug-inelectricvehicle(PEV) response time as well as lower standby and capital costs. 1 usersinreducingtheirenergycostsandcanalsohelpstabilizing The effectiveness of V2G systems depends on the number 0 energy demand in the power grid. In V2G systems, since the 2 PEV users need to obtain system information (e.g., locations ofPEVsparticipatedandhowgoodthedata,e.g.,information n of charging/discharging stations, current load and supply of of PEVs and charging stations, is exchanged between V2G a the power grid) to achieve the best charging and discharging operator and PEVs in order to optimize system operations. J performance,datacommunicationplaysacrucialrole.However, For example, the V2G operator can economically manage since the PEV users are highly mobile, information from V2G 4 its generators if the amount of energy reserved from V2G systems is not always available for many reasons, e.g., wireless systems can be accurately estimated. Likewise, the PEVs can link failures and cyber attacks. Therefore, in this paper, we ] T introduce a novel concept using cyber insurance to “transfer” choose to charge or discharge their batteries to maximize the cyber risks, e.g., unavailable information, of a PEV user to a performance and minimize the cost. However, since PEVs are G thirdparty,e.g.,acyberinsurancecompany.Undertheinsurance mobile vehicles and the information about V2G systems is s. coverage, even without information about V2G systems, a PEV transmitted to the PEVs through wireless links, the V2G data c userisalwaysguaranteedthebestpriceforcharging/discharging. communication is unreliable and vulnerable to cyber attacks [ In particular, we formulate the optimal energy cost problem for thePEVuserbyadoptingaMarkovdecisionprocessframework. which can violate confidentiality, authenticity, integrity, and 1 WethenproposealearningalgorithmtohelpthePEVusermake availabilityrequirementsofthedataexchangeinV2Gsystems. v optimal decisions, e.g., to charge or discharge and to buy or not A number of cyber risks have emerged to the V2G systems. 8 to buy insurance, in an online fashion. Through simulations, we 5 The majority of research works focus on mitigating the risks show that cyber insurance is an efficient solution not only in 9 by protecting the systems and preventing adverse effects from dealing with cyber risks, but also in maximizing revenue of the 0 PEV user. the attacks. However, it is well known that no single solution 0 can completely avoid the risks and their damage. Recently, . IndexTerms—Cyberinsurance,plug-inelectricvehicle,vehicle 1 cyberinsurancehasbeenintroducedasanefficientsolutionto charging, vehicle-to-grid, Markov decision process. 0 alleviate damages for cyber customers. With cyber insurance, 7 PEVs’ risks are “transferred” to a third party [1], thus PEVs 1 are protected from cyber attacks and compensated for their : I. INTRODUCTION v losses if they are victimized to such attacks. i X One challenge of the current power grid is to provide In this paper, we introduce a novel idea of using cyber sufficient capacity and cost-effective energy storage. The en- insurance for PEVs in V2G systems. First, we present an r a ergy storage is used as a tool by the power grid operator overview of V2G systems, including data communication and to efficiently manage the generation and transmission of the cyber risks. Some related works on V2G system security electricity, i.e., supply and delivery, to meet dynamic and are also reviewed. We then introduce a short survey about unpredictable consumer demand. A traditional approach is to cyberinsurance.Thissurveyisusedtoprovidebasicconcepts deploylargegeneratorswhichcanberelativelyineffectivedue as well as fundamental knowledge about cyber insurance. to its long delay response (minutes) and can cause underuti- Finally, we propose a novel model using cyber insurance lization(sparecapacity).Insmartgrid,ancillaryservicessuch for a PEV user in a V2G system. Specifically, we use a asloadregulation,spinningreserve,non-spinningreserve,and Markov decision process framework to formulate the energy replacement reserve to support the continuous flow of elec- cost optimization problem with the aim of minimizing the tricity have been used to alleviate this problem. However, the average total energy cost for the PEV user. In addition, we introductionofrenewablesources,theenergysupplyofwhich also propose a learning algorithm to help the PEV user make depends on natural conditions, aggravates the problem due optimal decisions, i.e., charge or discharge and buy or not to to the fluctuating and unpredictable characteristics. Therefore, buy insurance, given its current state, e.g., battery level and the vehicle-to-grid (V2G) systems have been considered as a insurance status, in an online fashion. The proposed solution promising solution. In V2G systems, battery vehicles (BVs) not only minimizes the average total cost for the PEV user, or plug-in electric vehicles (PEVs) can be used as energy but also maximizes the PEV’s revenue without a need of storagedevices.Althoughtheirbatterycapacityislimited,they PEV’s prior knowledge on the risk, e.g., the probability of 2 Power generation/transmission Generators Power Renewable sources Power market Vehicle-to-Grid (V2G) Systems Transmission Aggregator Σ Charging stations Data/information V2G communication Data centers Power Battery vehicles (BVs) Cloud Plug-in electric vehicles (PEVs) Access points/base stations Data/information Consumers Power Industrial Business Residential Fig.1. V2Garchitecture. information unavailability. The proof of the convergence for peakhours,PEVscanselltheirenergybacktothepowergrid. theproposedlearningalgorithmisalsoprovidedinthispaper. Hence,PEVscanactasanenergyreserve.Assuch,PEVsare Through simulations, we demonstrate that adopting a cyber expectedtopotentiallyofferunprecedentedbenefitstothegrid. insurance model can provide an efficient solution to the cost For example, it is estimated that ancillary services of PEVs minimization problem for the PEVs. account for 5-10% of electrical cost, or about $12 billion per The rest of the paper is organized as follows. In Section II, year in the U.S. [4]. an overview of V2G systems and their security problems are 2) Architecture: Fig. 1 shows a general architecture of presented.SectionIIIprovidesbasicconceptsandfundamental a V2G system with interactions among power genera- knowledgeaboutcyberinsurance.Then,weintroducetheidea tion/transmission, power consumers, and PEV users [5]. of using cyber insurance to mitigate the risks and propose the The power systems include convention generators, renewable learning algorithm to minimize the cost for the PEV user in sources, and transmission facility. The power systems supply Section IV. Finally, future research directions are highlighted energy to both consumers (e.g., residential, industrial, and inSectionV,andtheconclusionsarepresentedinSectionVI. business) and V2G systems. The V2G systems are composed of PEVs connected with the power grid through public and private charging stations and aggregators. An aggregator is II. OVERVIEWOFV2GSYSTEMS a mediator controlling and optimizing energy flow between A. Vehicle-to-Grid (V2G) Systems power grid and V2G systems. The V2G systems act as both 1) Introduction: Vehicle-to-grid (V2G) describes a system energy storage and consumers. V2G communication provides in which plug-in electric vehicles (PEVs), e.g., electric cars data and information exchange among power systems, power and plug-in hybrids, communicate with the power grid to consumers, and V2G systems, and it consists of communica- facilitate demand response services by either charging or dis- tion infrastructure (e.g., wireless networks) and processing fa- charging energy. On one hand, if the PEVs perform charging cilities (e.g., cloud computing and data center). With the V2G fromthepowergrid,theenergywillbestoredintheirbatteries communicationinfrastructure,thepowersystemoperatorscan for traveling and storing. On the other hand, if the PEVs collectnecessarydatafromV2Gsystemsandconsumers,then perform discharging to the power grid, the energy from their optimize power generation and ancillary services from PEVs batterieswillbereturnedtothepowergridwiththepurposeof efficiently. stabilizing energy demand [2]. For example, when the energy PEV users can make a long-term agreement/contract with supply from generators exceeds demand, e.g., during off-peak the V2G operator to make charging and discharging more hours,alowenergypricecanbeofferedtoincentivizePEVsto predictable. For example, the operator can offer battery main- charge their batteries from charging stations [3]. By contrast, tenance service in exchange for PEV users agreeing to charge when the energy supply cannot meet the demand, e.g., during anddischargethebatterytomeettherequirementsoftheV2G 3 TABLEI ADVANTAGESANDDISADVANTAGESOFCENTRALIZEDANDDECENTRALIZEDCONTROLSOLUTIONS Advantages Disadvantages Centralizedsolution •MaximizerevenuefortheproviderandPEVs •Complexandexpensivecommunicationinfrastructure •Controlenergyandancillaryservicesefficiently •Requireapowerfulcentralcontrollerandabackupdatastorage •RequirefullinformationfromthePEVs •DecisionsofthePEVsarecontrolledbytheprovider •Mustbeabletohandlealargeamountofdataatthesametime •PrivacyofthePEVscanbevulnerable •Canbedelayedorinterruptedduetothesystemoverload orcyberattacks Decentralizedsolution •AbletoadapttoalargenumberofPEVs •RequireefficientdecentralizedcontrolsolutionsforthePEVs •Lesscommunicationandinfrastructurerequired •RequiremethodstopredictdemandsofthePEVsfortheprovider •Fastandconvenientservicessincedecisions •ThePEVsmustfindapproachestoprotectthemselves aremadeandcontrolledbythePEVs fromcyberattacks •Preserveindividualauthority •Betterfaulttolerance systems. With this approach, centralized control of charging 4) Benefits: V2Gsystemsoffermanybenefitstothepower and discharging process can be implemented to achieve the grid and also PEV users [7]. maximum efficiency. However, to achieve such a goal, status • Diminishingenvironmentalpollution:Differentfromcon- monitoring and information update are necessary for V2G ventional vehicles using fossil fuel, PEVs can diminish systems.TheV2Gsystemsshouldbeabletoobtainthetimely significantly environmental pollution even when consid- conditions of both moving and parking PEVs. The conditions ering power generation emissions. It is estimated that by can be PEVs’ locations, battery capacities, battery state-of- replacing a conventional car by a PEV, CO emissions 2 charge, expected time to arrive at and leave charging stations. can be dropped by 2.2 tons per year [8]. Using this information, the V2G system can estimate the • Enhancingancillaryservices:Inpractice,therearemany amount of energy to charge and to receive from PEVs in carstravelingontheroadforonly4-5%oftheday,while certain areas. they spend the rest of time for parking. This implies that we can utilize such electric vehicles to facilitate the Alternatively, some PEVs can participate in V2G systems ancillaryservicesinV2Gsystems,e.g.,spinningreserves, voluntarily without making long-term commitment with the reactivepowersupport,frequencyandvoltageregulation, V2G operator. For example, the operator can offer different to balance supply and demand for reactive power. These incentives for charging and discharging energy by PEVs services can be used to reduce an overall cost of V2G depending on current load and supply of the power grid. systems, thereby decreasing energy prices for customers The PEV user individually considers the current location, i.e., and improving load factors. charging stations’ locations, the battery state-of-charge, and energy price to decide to charge (or discharge) its battery or • Improving quality of services for PEV users: Due to the development of battery technologies, V2G systems not. With this approach, charging and discharging decisions enable very fast energy supply response time in which aremadebyPEVusersinadistributedfashion.Therefore,the thecharginganddischargingresponsescanbeperformed V2G systems must provide information about the incentive to in milliseconds. Furthermore, there is no significant run- motivate the users in such a way that the system efficiency is ning cost of the unit commitment operations. Therefore, maximized. quality of services for PEV users, e.g., serving time, can 3) Smart charging/discharging control: As the number be improved considerably. of PEVs increases, implementing smart charging/discharging • Supporting renewable energy: The power quality from renewable sources such as solar and wind generators can control solutions has become more and more important to be greatly improved by using PEVs as storage and filter avoid large expenditures and negative impacts on the power devices.ThecombinationofPEVsandrenewableenergy gird. In general, charging/discharging control is classified into sourcescanmakethepowergridmorestableandreliable. two groups, i.e., centralized and decentralized solutions [6]. Forthecentralizedsolution,allcharging/dischargingprocesses • Rising revenue to PEV users: PEV users can receive monetary reward for discharging energy or other support of PEVs will be controlled by an authorized energy service benefits from V2G operators in participating in the sys- provider. By contrast, for the decentralized solution, charg- tem. Thus, by adopting intelligent energy management ing/discharging decisions are made and performed by the solutions, the PEV users can balance their demands PEVsthemselves.Eachsolutionhasitsownadvantagesaswell andcharging/dischargingprocesses,e.g.,chargingduring asdisadvantagesasshowninTableI.Althoughthecentralized non-peak hours and discharging during peak hours, to approach can achieve optimal performance more easily for obtain more revenues. both the provider and PEVs, it may not be practical to imple- ment as the PEVs cannot control their charging/discharging 5) Electric vehicle battery: Different from conventional processes by themselves. Therefore, in actual systems, the batteries used in electronic devices such as mobile phones decentralized solution is more preferable [6]. and laptops, batteries for electric vehicles must be designed 4 TABLEII BATTERYCAPACITYANDTECHNOLOGIES Carmodel/EVtype Battery Range Chargingtime ChevroletVolt 16kWh,Li-manganese/NMC,liquidcooled,181kg 64km 10hat115VAC,15A 4hat230VAC,15A ToyotaPrius 3Li-ionpacks,oneforhybrid,twoforEV,50kg 20km 3hat115VAC15A 1.5hat230VAC15A MitsubishiiMiEV 16kWh;88cells,4-cellmodules;Li-ion;150kg;330V 128km 13hat115VAC15A 7hat230VAC15A NissanLeaf 30kWh;Li-manganese,192cells;aircooled;272kg 250km 8hat230VAC,15A 4hat230VAC,30A TeslaS 70and90kWh,18650NCAcellsof3.4Ah; 424km 9hwith10kWcharger; liquidcooled;90kWhpackhas7,616cells;540kg 120kWSupercharger,80%chargein30min BMWi3 22kWh(18.8kWhusable),LMO/NMC, 130-160km 4hat230VAC,30A; large60Aprismaticcells,204kg 50kWSupercharger;80%in30min SmartFortwoED 16.5kWh;18650Li-ion 136km 8hat115VAC,15A; 3.5hat230VAC,15A TABLEIII WIRELESSCOMMUNICATIONTECHNOLOGIESINV2GSYSTEMS Technology Operatingfrequency Covereddistance Advantage Disadvantage Ref. 868MHz(Europe) Easytodeploy, Highinterference,weaksecurity ZigBee 915MHz(NorthAmerica) 10-100m requirelowbandwidth, shortrangecommunication, [10] 2.4GHz(Worldwide) lowpowerconsumption highdelays NearField Convenience,versatility, Veryshortrangecommunication, Communication 13.56MHz 5-10cm saferthancreditcards lackofsecurity,expensive [11] Widelyused,featuresimplicity, Onlyconnecttwodevicesatonce, Bluetooth 2.4GHz 1-100m lowpowerrequirement, shortrangecommunication, [12] lowinterference weaksecurity PopularstandardforV2Gsystems, Unabletomodifyanddifficult IEEE802.11p 5.85-5.925GHz 500-1000m suitableforhigh-speedvehicles tohandlealargenumber [13] andQoS-requiredapplications, ofusers,noauthentication [14] highdatatransferspeed priortodataexchange SimilarfeaturesasIEEE802.11p, Expensiveimplementationcost, WiMAX 2-6GHz 2-5km butlongerrangecommunication, highpowerconsumption, [14] andhigherdatatransferspeed vulnerablebyjammingattack [15] andeavesdropping to prolong the running time with high power (up to a hundred munications are the best choice because V2G systems kW) and high energy capacity (up to tens of kWh). In addi- cannot use wires to connect to PEVs. tion, these batteries should have a limited space and weight. • Fast and convenient: Data exchanged between PEVs and Extensiveresearcheffortsareexertedworldwidetoinventnew V2G infrastructure is often small in size and intermittent advanced vehicle battery techniques which are more suitable over time. So, by using wireless communications, the for PEVs. In Table II, we summarize the advanced vehicle information will be updated timely and quickly. battery technologies which are currently implemented in the • Efficiency with low cost: Wireless communications allow realworld[9].InTableII,itcanbeobservedthatbatterieswith data to be transmitted to multiple PEVs simultaneously heavyweightsusuallyofferlongertravelingtime.However,if in a wide area coverage. the battery is heavy, it will cause inefficient performance for In Table III, we list different wireless communications PEVs because the heavy battery will limit the PEVs’ speed technologieswhichhavebeenimplementedanddevelopedfor and consume more energy to carry. Therefore, the balance V2Gsystems.FromTableIII,itisobservedthateachwireless between the performance and weight of the battery needs to communication technology has its own advantages as well as be considered for the future development of electric vehicle disadvantages,anditissuitableforPEVsinspecificcases.For batteries. example, for a short-range data communication, e.g., between 6) Data communications: In V2G systems, data commu- a PEV and a charging station when the PEV is charging nication between PEVs and V2G infrastructure is the most at that station, ZigBee protocol can be adopted since it crucial step to achieve the best performance for both PEV consumes less energy for data communications. However, for users and V2G system operators because the operators need along-rangedatacommunication,IEEE802.11pandWiMAX information about PEVs’ demands to control the energy re- technologiesshouldbeusedastheyarestandardprotocolsfor sources distributed over large geographical areas, meanwhile communication over long distances in V2G systems. PEV users need V2G infrastructure information to optimize their energy costs. In this case, wireless communication is the B. Security Requirements and Cyber Risks in V2G Systems best solution for V2G applications for many reasons. Althoughwirelesstechnologiesbringmanyadvantages,they • Mobility:PEVsaremobilevehicles,hencewirelesscom- also raise some security issues for V2G systems. Therefore, 5 thecybersecurityfordatacommunicationsbetweenPEVsand become a single point of failure. V2G infrastructure should be assured in order to protect the Differentfrom[7],thesolutionsproposedin[16]considered smart grid from the cyber attacks such as price tampering and security for different states of vehicle’s battery. In particular, system congestions by malicious software. In this section, we the battery has three states, i.e., charging, fully-charged, and discuss security requirements and some potential approaches discharging.Ateachstate,thePEVuserhasdifferentsecurity to deal with cyber attacks in V2G systems. requirements such as identity, location, and energy status, and 1) Securityrequirements: V2Gsystemspossessthefollow- thus the corresponding security protocols were introduced. ing cyber security requirements. Similarto[7],theseprotocolsmainlyfocusontheauthentica- tion between PEV users and aggregators and the confidential • Confidentiality: Data exchanged between PEV users and information protection for PEV users. Nevertheless, in [16], the V2G operator must be kept confidential. The identity the authors also considered the data integrity issue for PEV of PEVs users as well as their interaction, i.e., charging users through using Hash functions together with signature and discharging, with the operator must be maintained algorithms. As such, the transmitted data from PEV users can privately.ThecyberattackstotheconfidentialityofV2G be protected from malicious modification by cyber attackers. systems can cause business disadvantages to the V2G However,thesolutionsin[16]aremorecomplicatedandhave operatorifitscompetitorhasimportantinformationabout considerable overheads. system operations, e.g., energy price offered to PEV In [17], the authors discussed the jamming attack prob- users. lem in smart grids as well as V2G systems. For such kind • Authenticity: The identities of PEVs and the operator of networks, the useful information from service providers, must be assured before and during data communications. e.g., energy price and locations of charging stations, may be The operator may miscalculate the V2G system capacity unavailable to the PEV users due to diverse types of jam- if the identity of PEVs is falsely authenticated. Authen- ming attacks such as constant jamming, deceptive jamming, tication methods taking specific requirements of V2G randomjamming,andreactivejamming[18].Theinformation systems into account have to be developed. For example, unavailability problem can cause serious damage not only to the authentication should be customized and optimized the PEV users, but also to the service providers. On the one for PEVs [6]. hand, the PEV users are unable to find the best charging • Integrity: The integrity ensures that the data exchanged station for charging/discharging to minimize the overall cost, between PEVs and operator will not be modified by e.g.,travelingandenergycosts.Ontheotherhand,theservice attackers. The maliciously modified data such as the providers cannot maximize their profits because optimal eco- number of online PEVs, battery capacity and state-of- nomic policies cannot be applied to the PEVs, e.g., offering charge,cancausesuboptimaloperationorevendisruption a low energy price in off-peak hours and/or for stations with to the V2G systems. redundant energy. Consequently, the PEV users may not be • Availability: Data communication facilitates a number of interested in participating in V2G systems due to the high functions in V2G systems. Therefore, its availability is cost, resulting in a significant revenue reduction to the V2G crucial to provide seamless and efficient data transfer service providers. frommobilePEVstofixedinfrastructure.However,V2G Different approaches were proposed in [19] to deal with communication can be disrupted, e.g., denial-of-service jamming attacks, namely channel surfing and spatial retreats. (DoS) attacks, which results in incomplete information For the channel surfing approach, the wireless nodes will to the V2G operator in operating the system. move their communications to another channel once jamming 2) Solutions: Given the above requirements, V2G commu- attacks are detected. For the spatial retreats, wireless nodes nication infrastructure has to be designed and implemented change their locations to outside the interference range of accordingly. A few works have proposed different approaches the jammers. Both approaches can mitigate the impact of the to address different issues. The authors in [7] designed a jamming attacks, but they are difficult to implement in V2G security framework to protect the privacy of PEV users, systems. This is from the fact that PEV users are mobile, and thereby encouraging them to participate V2G systems. In the the communication channel between the PEV users and V2G framework, all privacy information of PEV users and their systems are usually fixed. In [20], a new solution based on aggregatorsaresentdirectlytoatrustedauthority.Thetrusted the deception tactic to deal with smart jamming attacks was authority then adopts the ID-based restrictive partially blind proposed.Basically,thecoreideaofthedeceptionmechanism signature technique to generate public/private key pairs, and is using fake transmissions to undermine the attack ability of sends them back to the PEV users and the aggregators. Based enemies,e.g.,bywastingtheenergyoftheiradversaries.Thus, on these public/private key pairs, the aggregators can au- jammersmaynotbeabletoattackwhenV2Gsystemstransmit thenticate participated PEVs without knowing their identities actual information. Although this solution can effectively while the PEV users can provide V2G services with secured reduce adverse effects from smart jammers even when they information. As such, PEV users’ information is protected use different attack strategies, it is inefficient if the jammers from aggregators as well as from eavesdroppers since their are powerful devices and have constant power supply. information is encrypted by the trusted authority. As the In practice, there are also many solutions proposed to methodisrelativelysimple,itsoverheadisminimal.However, address the jamming attacks in wireless networks as pre- the system relies heavily on the trusted authority, which can sented in [21]. However, they can only reduce the impact of 6 the attacks. A perfect solution which can completely avoid • Cyber insurance premium: is the amount of money that jamming attacks is impossible in practice. Hence, in this the cyber insured has to pay to the cyber insurer to be paper, we introduce a novel concept using cyber insurance to protected. “transfer” cyber risks, e.g., unavailable information, of PEV • Cyber insurance contract: is the signed deal between the users to a third party, e.g., a cyber insurance company. Under cyber insured and the cyber insurer. the insurance coverage, even without information about V2G • Claim: is a formal request activated by the insured when systems, PEV users are always guaranteed the best price for a cyber risk has occurred. charging/discharging. As a result, the PEV users’ profits will • Indemnity: is the compensation from the cyber insurer to be maximized, and thus they are encouraged to participate in the insured for the loss/damage caused by cyber risks. V2G systems, yielding to a considerable revenue for the V2G Basically, in a cyber insurance contract, the insured will service providers. agree to pay the insurance premium to the insurer in order to receive the protection from the insurer. In other words, the III. OVERVIEWOFCYBERINSURANCE insured’s risks are now “transferred” to the insurer, and the In this section, we present an overview of cyber insurance. insurercanprofitfromthepremiumandefficientmanagement Cyber insurance is considered to be a promising solution to of taking the risks. “transfer” risks from stackholders, i.e., the insured, to a third 2) Coverage: Currently, cyber insurance covers losses and party, i.e., an insurer. Such risks include system failure and damagecausedbycyberattackstoITsystemsandtheInternet. cyber attacks which can cause damage to PEV users. Ingeneral,cyberrisksarecategorizedintotwotypes,i.e.,first- party and third-party, and thus cyber insurance policies are A. Definition, Fundamental Concepts, and Coverage designed to cover either or both types of risks. In particular, the first-party insurance (www.abi.org.uk) covers the insured’ With the prevalent applications of Internet-of-Things, ev- own assets, and it involves: erything can be connected to the Internet by wireline or wirelessly including V2G systems and PEVs. Internet has • Losses or damage to digital assets brought numerous advantages, but it also involves cyber risks • Business interruption including reliability and security. When such a connection is • Cyber extortion unavailable due to system failure or cyber attacks, not only • Reputational damage financial losses, but also catastrophic danger to humans can • Theft of money or digital assets happen. Hence, we need efficient and effective solutions to Meanwhile, the third-party insurance covers the assets of deal with cyber risks. Although there are many proposed subjects which are damaged by the insured. The third-party reliable designs and security solutions, it was pointed out may involve: in[22]thatitisimpossibletoachieveaperfectornear-perfect • Security and privacy breaches system reliability and cyber security protection. Therefore, • Multi-media liability cyber insurance can be considered to be a potential and ef- • Loss of third party data ficientsolutionforcyberriskeliminationandInternetsecurity • Third-party contractual indemnification improvement. 1) Definitions and fundamental concepts: Cyber insurance can be defined in different contexts. For example, in the B. Benefits of Cyber Insurance Internet context, cyber insurance is considered to be a set of Cyber insurance has been considered to be an alternative policies that provide coverage against losses from Internet- solution to traditional security methods. In the following, we related breaches in information security [1]. In the business highlight and discuss benefits of cyber insurance in practice. context, cyber insurance is a risk management technique via 1) Benefits to the the insured: which network users’ risks are transferred to an insurance company,inreturnforafee[22].Inthemarketcontext,cyber • Mitigatedamage:Bytransferringriskstotheinsurer,the insurancecanbeinterpretedasapowerfultooltoalignmarket insured’ damage will be significantly reduced when the incentivestowardsimprovingInternetsecurity[23].Therefore, risks happen. in general, cyber insurance can be regarded as an insurance • Protected from insurers: To avoid paying high com- productthatisusedtoprotectbusinessesandindividualsfrom pensation, the insurers have to make more efforts in cyber risks. implementing countermeasures to protect the insured. Thefollowingsareimportantfundamentalconceptsofcyber • Improve self-defense: The insured will be stimulated to insurance. implement self-protection methods in order to reduce the premium. • Cyberrisks:arepotentialthreatsinthecyberworldwhich can cause losses/damage to humans and society. 2) Benefits to insurers: According to a recent report from • Cyber insured: is the user/customer who wants to be the PwC Global State of Information Security Survey 2016, it protected from cyber risks. waspredictedthatcyberinsurancemarketwillgrowfrom$2.5 • Cyber insurer: is the insurance company which wants billion in 2015 to $7.5 billion by 2020 [24]. This reveals that to take users’ cyber risks together with a commensurate cyber insurance is a promising and attractive market because profit. it will open many new business opportunities for insurers. 7 3) Benefits to third-party and society: Unlike conventional Cyber Risks insurance,cyberinsurancerequiresinsurerstohavespecialized knowledge about cyber security as well as network systems. Cyber Attacks This opens new opportunities for network security providers for consultation, support, and monitoring for insurers. Conse- Customer quently,thedevelopmentofcyberinsuranceresultsinahigher overall social welfare [25]. Insurer C. Implementation and Effectiveness of Cyber Insurance With aforementioned benefits, many applications of cyber Risk Risk Establish Implement & insurance were implemented in practice especially for In- Identification Evaluation Contract Monitor ternet security. In particular, in 1990, the first known cy- (1) (2) (3) (4) ber insurance policy was introduced by security software Fig.2. Cyberinsuranceprocess. companies partnering with insurance companies in order to offer insurance-bundled software security services (software + insurance services) [26]. The aim of these services is to not only mitigate losses, but also reduce residual risks for based on information provided by the customer to find threats the insured. In 1998, the International Computer Security and vulnerability of protected objects. Association (ICSA Inc.) corporation introduced the hacker- 2) Riskevaluation: Inthisstep,theinsurerwillanalyzeand related insurance packages, namely TRSecure service, to evaluatetherisksbyassessingthepossibilityofrisksoccurring against hacker attacks to its clients [27]. This is also known as well as their potential damage. This is the most important as the first stand-alone cyber insurance service which creates step in the cyber insurance process because it will decide precedent for the development of later cyber insurance ser- how to make a proper contract. If the insurer underestimates vices of Lloyd’s of London (https://www.lloyds.com/), AT&T the risks, they will loose profits. By contrast, if the insurer (http://www.mmc.com/), and AIG (www.aig.com) [23]. overestimates the risks, the customer may not be interested Recently, the rapid growth of cyber insurance has been in the insurance. However, in practice, this step is always the receiving a lot of attentions from the literature. Many re- most difficult step in the cyber insurance process because it search works have demonstrated the effectiveness as well as is often hard to estimate accurately the risks due to many applicability of cyber insurance. In particular, in [28], the reasons, e.g., asymmetry information between the insured and authors developed an analytical model for allocating optimal the insurer. investments, and evaluated the role of cyber insurance in 3) Establish contract: After the risks are well investigated, mitigating the influence on breach costs. Through analysis on the insurer proposes an insurance policy which prescribes impacts of insurance coverage, the authors showed that insur- terms, conditions, and exclusions for the insured. If the cus- ance is able to reduce over-investments for specific security- tomer accepts this policy, a legal contract is signed between enhancing assets. Different from [28], the authors in [29] the insurer and the insured, i.e., the customer. On the other adopted Monte Carlo simulation to evaluate the effectiveness hand, if the customer disagrees with that offer, the insurer of cyber insurance. In particular, the authors simulated a and the customer can negotiate to find a joint agreement. In virtual company running the e-commerce site under cyber the case if the customer does not accept any offers from the attacks and performed around 100 million simulation trials insurer, the process ends here. to estimate losses and evaluate efficiency of using cyber 4) Implement and monitor: Once the contract is made, the insurance.Throughsimulationresults,theauthorsshowedthat insurerwillcarryoutsolutionstoprotecttheinsuredaswellas cyber insurance can reduce the cost for the company up to tominimizeitsdamageifcyberattackshappen.Thesolutions 65%. In addition, there are also some other research works canincludeperiodicmonitoringandinspectingprocessessoas studying the applicability as well as efficiency of using cyber tomaketimelyappropriatecountermeasuresiftherisksoccur. insurance for software security [30], university networks [31], If the risks occur and cause losses to the insured, the insurer and Nigeria market [32]. will verify the risks and handle claims from the insured as agreed in the contract. D. Cyber Insurance Process E. Challenges and Solutions A cyber insurance process involves four main steps as illustrated in Fig. 2. In the following, we will discuss step- Although there are many benefits and applications, cy- by-step process of a cyber insurance. ber insurance has to face some challenges which hinder its 1) Risk identification: This is the first step of a cyber development. In the following, we discuss some important insurance process. After receiving a request from a customer, challenges and potential solutions proposed in the literature. the insurer has to identify potential risks which may have 1) Risk classification: In the first step of the cyber insur- negative impacts to the customer. To do so, the insurer needs ance process, the insurer needs to identify the cyber risks to study the customer’s coverage requirement, e.g., first-party which may cause losses to the customer and itself. However, and/or third-party coverage, then carries out investigations differentfromthetraditionalinsurance,cyberrisksarediverse 8 TABLEIV CATEGORIESOFCYBERRISKS Category Subcategory Description Elements Unintentionalactionstakenwithoutmaliciousor Inadvertent Mistakes,errors,omissions harmfulintent Actionsof Actionstakenintentionallyandwithintenttodo Deliberate Fraud,sabotage,theft,andvandalism people harm Lackofappropriateskills,knowledge,guidance, Inaction Lackofactionorfailuretoactinagivensituation andavailabilityofpersonneltotakeaction Failureduetocapacity,performance, Systems Hardware Riskstraceabletofailuresinphysicalequipment maintenance,andobsolescence and tech- Risksstemmingfromsoftwareassetsofalltypes, Compatibility,configurationmanagement,change nology Software includingprograms,applications,andoperating control,securitysettings,codingpractices,and failures systems testing Systems Failuresofintegratedsystemstoperformasexpected Design,specifications,integration,andcomplexity Processflow,processdocumentation,rolesand Processdesign Failuresofprocessestoachievetheirdesired responsibilities,notificationsandalerts, Failed in- and/or outcomesduetopoorprocessdesignorexecution informationflow,escalationofissues,service ternalpro- execution levelagreements,andtaskhand-off cesses Process Statusmonitoring,metrics,periodicreview,and Inadequatecontrolsontheoperationoftheprocess controls processownership Supporting Failureoforganizationalsupportingprocessesto Staffing,accounting,traininganddevelopment, processes delivertheappropriateresources andprocurement Events,bothnaturalandofhumanorigin,overwhich Catastrophes theorganizationhasnocontrolandthatcanoccur Weatherevent,fire,flood,earthquake,unrest withoutnotice External Legalissues Riskarisingfromlegalissues Regulatorycompliance,legislation,andlitigation events Business Risksarisingfromchangesinthebusiness Supplierfailure,marketconditions,andeconomic issues environmentoftheorganization conditions Service Risksarisingfromtheorganization’sdependenceon Utilities,emergencyservices,fuel,and dependencies externalparties transportation Likehood andthereiscurrentlynostandardtoclassifyanddeterminethe Rare Unlike Possible Likely Almost certain cyber risks. In [33], the authors presented the first taxonomy Catastrophic Moderate Moderate High Critical Critical ofoperationalcybersecurityriskswiththeaimtoidentifyand tc Major Low Moderate Moderate High Critical a p Moderate Low Moderate Moderate Moderate High organize the sources of operational cyber security risks. The m I Minor Very low Low Moderate Moderate Moderate taxonomyorganizesthedefinitionofoperationalrisksintofour Insignificant Very low Very low Low Low Moderate main categories with elements and descriptions as shown in Fig.3. Riskassessmentmatrix. TableIV.Althoughtheempiricalinformationaboutcyberrisks in [33] is still relatively limited, the taxonomy provides the fundamental classification of cyber risks which is especially policies which do not cover such kind of risks. For example, important in evaluating cyber risks in the second step of the in 2005, AIG offered cyber policies which exclude electric cyber insurance process. 2) Risk assessment: In the second step of the cyber in- and telecommunication failures. However, this solution fails surance process, based on the risk analysis in the first step, to prevent the infection spread, e.g., worms and virus, in the the insurer needs to evaluate the risks in order to figure computer networks. In [34], the authors adopted a general out an appropriate cyber insurance policy for the customer. mathematical framework to analyze policies of cooperative To do so, one of the most common methods used in the andnon-cooperativeInternetusersundercyber-insurancecov- literature as well as in practice is using Risk Assessment erage. An important conclusion drawn is that full insurance Matrix (RAM). The insurer can create a RAM to visualize contracts encourage cooperative users to invest more for their the important areas of focus within their risk assessments, self-defense, while partial insurance contracts motivate non- e.g., frequency, probability, severity, speed of development, cooperative users to pay more for their self-defense mecha- andreputationalimpactasshowninFig.3.Allofthesefactors nisms. serve as important guides in understanding the holistic nature 4) Adverse selection: In order to make a cyber insurance of potential vulnerabilities and the probability of individual contract with the customer, the insurer must establish cyber risks which impact the insured. insurance policies taking the adverse selection into consid- 3) Interdependent risks: Another problem in evaluating eration. In particular, adverse selection is an information cyber risks is the interdependence or correlated nature of asymmetryproblembetweentheinsuredandtheinsurerwhere thecyber-risks.Differentfromconventionalinsurancemodels, the insured has a complete awareness about his/her situation, cyber insurance has to face the network security externalities while the insurer does not know, and thus it leads to the due to the interdependence of entities. Specifically, cyber adverseselectionproblemfortheinsurer.Toprotecttheinsurer security of an entity depends on the operations as well as from this problem, insurance companies typically require security levels of other entities in the network. To deal with their clients to have a current situation certification, e.g., life this problem, insurance companies often impose insurance insurance companies require their clients to take certificated 9 medical examinations. However, this problem becomes more andpremium-settingproduces,andthustheauthorssuggested difficult for cyber-risk insurance because there is currently no a research agenda developed by three main directions, i.e., safety standardization for cyber systems. policy, management, and technology. Inordertodealwiththisproblem,aninsurancefirm,called 7) Other problems: There are also other problems which J.S. Wurzler, proposed insurance contracts to cover damage havebeenalsostudiedintheliteratureforthedevelopmentof causedbyhackers’attackswithadditionalfeeforclientsusing cyber insurance. For example, in [37], the authors examined Microsoft’s NT software [1]. However, this is not an effective the applicability of prediction markets [38] in forecasting and solution since cyber risks are not only governed by the assessing information security events. In practice, prediction insured’s security system, but also by many cyber incidents, markets can be used as an efficient tool to improve aggre- e.g.,insuredobjectsandtheirrelations.Asanefforttoaddress gation of information, thereby improving the process of risk this problem, the authors in [35] introduced a model to link assessmentandriskmitigation.In[39],afinancialmechanism cyber incidents and risks with security insurance policies. was introduced to incentivize coordinated efforts by security Specifically, they developed a model, namely semantic cyber stakeholdersinimprovingtheinformationsecurityecosystem. incident classification, which adopts semantic techniques to The proposed solution is expected to address the problem of buildaconsistentandconvincingknowledgerepresentationfor information asymmetry, negative externality and free riding entities in cyber insurance system. Nevertheless, the authors for the insurer, and to negotiate a lower premium for the did not consider all entities, and thus relations in cyber insured.In[40],aconsumerpricingmechanismwasexamined insurance need to be further investigated. to improve the profit for the insurer when a security vendor 5) Moralhazard: Thesecondmajorchallengeindesigning becomes a cyber-insurer. Through the simulation results, the cyber insurance policies is moral hazard that refers to the authors showed that by using the proposed method, the secu- problem when the insured under the insurance coverage relies rity vendor’s profit can be raised up to 25%. on insurance contracts and pays less attention in preventing cyber risks. To prevent the insured from free-riding, a typical F. Cyber Insurance Models way is to issue additional terms for insurance contracts. For example, INSUREtrust (http://www.insuretrust.com/) offers a Cyber risks are becoming more and more exacerbated to policy “You agree to protect and maintain your computer business and society, while countermeasures are still limited system and your e-business information assets and e-business due to many reasons, e.g., information asymmetry and the communications to the level or standard at which they existed complexity of cyber networks. Therefore, to attain efficient and were presented...”, or Lloyd’s of London insurance com- solutions, cyber insurance models which can quantify risks panyrequires“Theinuredcompanymaintainssystemsecurity and measure effectiveness of cyber security and risk manage- levels that are equal to or superior to those in place as at the ment strategies need to be taken into consideration. In this inception of this policy”. section, we discuss cyber insurance models with the aim of However, these solutions do not encourage users in im- investigatingthedifferentcharacteristicsofferedbytheinsurer proving network security, thereby raising cyber risks for both which tend to maximize the total outcome of the insurer as the insurer and the insured. Thus, promotion policies can well as the insured. be used to handle this problem. For example, AIG provides 1) Classical model: We consider a classical model for discounts for clients who use Invicta Network’s security de- cyber insurance in which an agent (i.e., the insured) attempts vices or Lloyd’s of London offers promotions for firms using to maximize its utility function u[.]. The agent is assumed to Tripwire’s Integrity security software. Nevertheless, different be rational and risk averse, i.e., its utility function is concave clients have different risk levels, and thus we cannot ap- as shown in Proposition 2.1 in [41]. We denote w as the 0 ply the same promotion for all clients. It was pointed out initial wealth of the agent, π as the risk premium which is in[22]thatformonopolisticcyberinsurancecontractswithout defined by the maximum amount of money that the agent is client discrimination, there always exists an inefficient market ready to pay to eliminate a pure risk X (i.e., E(X) = 0), l in which the social welfare of users is not maximized at as the potential loss of the agent caused by risk X which is Nashequilibrium.However,ifclients’discriminatingpremium assumed to be a fixed value, and p as the probability of loss. policies are applied, the moral hazard problem is mitigated, Then, the amount of money m which the agent is ready to thereby maximizing the overall network security. invest to eliminate the risk X is derived as follows: 6) Settingpremium: Thisisthelaststepbeforeaninsurance contractissigned.Therearetwotypicalwaystodeterminethe pu[w0−l]+(1−p)u[w0]=u[w0−m]. (1) premiumforaninsurancecontractinpractice,i.e.,throughac- Then, from the results obtained in [42], we can derive the tuarial data and normative standards. However, both ways are value of m as follows: unabletoapplytothecyberinsurancebecausecyberinsurance isrelativelynewandthereiscurrentlynostandardtoestablish m=pl+π[p], (2) cyber insurance premiums, while cyber actuarial data is not available since many companies are either unaware of a cyber where π[p] is the risk premium when the loss probability attackorunwillingtodisclosesuchattacks.Furthermore,there equals p, and the term pl represents the fair premium, i.e., are also some other challenges in setting premiums for cyber the expected loss. The relation of terms in (1) and in (2) can contracts as pointed out in [36], e.g., underwriting process be seen clearer in Fig. 4. 10 TABLEV THEEXPECTEDPAYOFFMATRIX Agent2:Self-protection(S) Agent2:No-Protection(N) Agent1:Self-protection(S) u[w0−c] (1−pq)u[w0−c]+pqu[w0−c−l] Agent1:No-protection(N) (1−p)u[w0]+pu[w0−l] pu[w0−l]+(1−p)(pqu[w0−l]+(1−pq)u[w0]) u becomes the classical model where the agent has to decide to Concave function u[w0] buy insurance or not, and we can use analysis in the previous section to find the optimal strategy for the agent. u[w0 - m] In general cases of cyber insurance with self-protection, the agent can choose a hybrid solution for self-protection and purchasing insurance. Specifically, the agent can invest a portionofcost,i.e.,γc,forself-protection,andtherestofcost, i.e.,(1−γ)c,forinsurancebasedonitsdemands.Forexample, for companies with good security system, it may invest more u[w0 - l] π[p] pl money for self-protection, and less money for insurance. In w0 w this case, the optimal value of γ will be determined by w0 - l m the cost function of self-protection and insurance as shown l in[43].However,forcyberinsurancemodelswithpartialself- protection, the insurer has to face the moral hazard problem Fig.4. Utilityfunction. because when the agent is covered by insurance, it may take fewer measures to prevent losses. In this case, the insurer should tie up the premium to the amount of self-protection Fortheclassicalcyberinsurancemodel,mcanbeexpressed to avoid moral hazard behaviors from the insured [44]. as the maximum acceptable premium for full coverage. This Obviously, cyber insurance models with self-protections implies that if the insurer offers a full coverage with premium bring more flexible and appropriate insurance policies for the Ω, the agent will accept the offer if Ω ≤ m. Thus, it can be agent compared with the classical model. Nevertheless, it was observed that the premium Ω depends on the distribution of also highlighted in [43] that there are still many difficulties theloss,i.e.,pandl,andtheexistenceoftheinsurancemarket as well as challenges in developing self-protection strategies will be determined by three parameters, i.e., u, l, and p. in cyber insurance because the level of self-protection of the 2) Cyber insurance with self-protection: In [43], a cyber agent is still representing a complex and time-intensive task. insurance model with self-protection for the insured was 3) Interdependent model: In [45], the authors introduced a introduced.Differentfromtheclassicalmodelwheretheagent cyber insurance model for interdependent security (IDS) for has only two options, i.e., either purchase or do not purchase the case with only two agents, and these agents have to face insurance, in the self-protection model, the agent has three interdependent risk problem in the same network. In the IDS options, i.e., self-protection, purchase insurance, or do not model, agents have to decide whether or not to invest in self- purchase. First, in the case without insurance, the agent has protection given a risk of losses which depends on the state to decide whether to buy insurance or not. If we denote c of the other agents in the network. There are two causes of as the cost of self-protection and p[c] as the corresponding probability of loss, we need to find the optimal value of c∗ to losses for an agent. The loss can be caused by an agent itself, i.e.,directloss,withprobabilityp,andthislosscanbecaused maximize the following utility function: by the other agents in the network, i.e., indirect loss, with maxf(c)=p[c]u[w0−l−c]+(1−p[c])u[w0−c)]. (3) probability q. Then, the utility function for these two agents c can be determined as shown in Table V. Here, it is assumed Obviously, when the agent invests money to protect itself, it that two agents are symmetric and p and q are independent willexpectalowerprobabilityofloss,andthusitisreasonable parameters. to assume that p[c] is a non-increasing function of c. As a Denote c = pl+π[p] and c = p(1−pq)l+π[p+(1− result, the optimization problem in (3) has a unique solution, 1 2 p)pq]−π[pq], then by using game theory, the authors in [43] i.e., either 0 or c , as demonstrated in [43]. The authors t showed the following results: then showed that if the cost for self-protection is less than a predefined threshold c†, then the agent will invest ct for self- • If c ≤ c2: The Nash equilibrium of the game is (S,S), protection. Otherwise, it will not invest for self-protection. i.e., both agents will invest in self-protection. Now, given the cyber insurance, the agent will have more • If c2 <c≤c1: Both equilibria, i.e., (S,S) and (N,N), are choices. In the first case when c < c†, i.e., the agent will possible and thus there is no Nash equilibrium solution invest c for self-protection, if the cost to buy insurance c(Ω) for this game. t islessthanct,theagentwillbuyinsuranceinsteadofinvesting • If c1 < c: The Nash equilibrium of the game is (N,N), for self-protection. Otherwise, if c(Ω) > c , the agent will i.e., both agents will not invest in self-protection. t investforself-protectiononly.Inthesecondcasewhenc≥c†, Then,theauthorsintegratedaforementionedanalysisresults i.e., the agent will not invest for self-protection, the model into the insurance model in which the agents can choose

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.