Image Database Export Citations


Optimal Investment in Cybersecurity

Show full item record

Type: Conference Paper
Author: Alexeev, Alexander; Krutilla, Kerry
Conference: Colloquium on Cybersecurity and Internet Governance
Location: Ostrom Workshop, Indiana Univeristy
Conf. Date: April 27-28
Date: 2017
URI: http://hdl.handle.net/10535/10289
Sector: Information & Knowledge
Subject(s): game theory
Abstract: A presentation of this paper can be found here: https://tinyurl.com/y8lznwpg "A game theoretic framework is used to model the competitive interaction of two state actors in which the first devotes resources in an attempt to breach the cyber network of the second. A contest success function is used to express the probability of a successful attack as a function of investments by the two actors. This function has technical efficiency and noise parameters that influence the outcomes of the investment strategies. Payoffs are the utility losses for the defending state, which are approximated as economic losses, and utility gains for the attacking state, which are parametrized as some fraction (which can be greater or less than 1) of these losses. The players move simultaneously, reflecting the constant and frequent attempts by state actors to penetrate cyber security networks. Reduced-form Nash equilibria in pure strategies are derived for a one-shot game, giving the optimal investments for the two contestants as a function of the magnitude of potential economic losses on the part of the defender, and the model’s other parameters. A differential game is then formulated which treats cyber security as an infrastructure stock variable. This framework is used to model a competitive interaction by the two actors in making investments to enlarge the stock of defensive cyber infrastructure over a long time horizon, while attempting to penetrate this infrastructure each period. The model is solved for an open loop Nash equilibrium in pure strategies. The evolution of optimal investment behaviour over time is evaluated as a function of the magnitude of the defender’s losses and the model’s other parameters. The policy implications for U.S. investment in cyber security infrastructures are evaluated."

Files in this item

Files Size Format View
CY17-1_Alexeev-Krutilla_Optimal.pdf 684.5Kb PDF View/Open

This item appears in the following document type(s)

Show full item record