A Model for B2B IT Security: Multilayer Defense Facing Interdependent Cyber Risk

B2B firms couple their business processes for better efficiency. Integrated Business processes require that the firms’ networks be interconnected. This practice enables breach incidence to travel from one firm to another, making the IT security risks of the firms strategically interdependent. The present practice of multilayered defense against IT breaches resembles stage-gates, bringing operational interdependency between the successive layers of defense in a B2B firm. Such inter-firm and inter-layer interdependences in B2B relationship ultimately results in complex decision scenarios in the IT security regime. We propose a comprehensive game theoretic model to capture the above complex, intertwined interdependencies of IT security risk in B2B firms. We also provide some initial results to explain the B2B firms’ incentive to invest in IT security

IT Security in Supply Chain: Does a Leader-Follower Structure matter?

Using a traditional leader-follower decisional sequence as the manifestation of power structure in a supply chain, this work generalizes extant research in IT security. We propose a game theoretic model to analyze the equilibrium IT security of the supply chain in the Stackelberg game, where the power structure in the supply chain manifests in a natural leader. Our results indicate that a natural leader-follower framework ensures higher IT security in the chain than the decentralized decision scenario. However, our results also exhibit that the total cost of IT security is disproportionately divided between the firms of the supply chain. In equilibrium, the leader not only commits first, it must also commit at a higher level than the follower. General comparison with the centralized case as well as the sensitivity of IT security investment of the leader/follower firm on key network parameters is also analyzed

Integrating Systems and Economic Models for Security Investments in the Presence of Dynamic Stochastic Shocks

Organizations deploy a number of security measures with differing intensities to protect their company’s information assets. These assets are found in various location within a company, with differing levels of security applied to them. Such measures protect the different aspects of the organization’s information systems, which are typically separated into three different attributes; confidentiality, integrity, and availability. We start by defining a system in terms of its locations, resources and processes to use as an underlying framework for our security model. We then systematically define the time evolution of all the three attributes when subjected to shocks aiming at degrading the system’s capacity. We shock each of the attributes of the system and trace the adjustment of the attributes and policy responses; we undertake this exercise for different types of organizations: a military weapons system operator, a financial firm or bank, a retail organization, and a medical research organization, producing their impulse-response functions to quantify their responses and speed of adjustment. This economic model is validated through various means, including Monte Carlo simulations. We find that organizations, although they react in similar ways to shocks to their attributes over time, and are able quickly to get back to their pre-shock states over time, differ in the intensity of their policy responses which differ depending upon the character of the organization

On a Generic Security Game Model

To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic enough to capture various modes of such interactions. The model facilitates stochastic games with imperfect information. The information is imperfect due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over other multiple states, we use Euclidean distances between the outputs of the sensors. We build a 5-state game to represent the interaction of the administrator with the user. The states correspond to 1) the user being out of the system in the Internet, and after logging in to the system; 2) having low privileges; 3) having high privileges; 4) when he successfully attacks and 5) gets trapped in a honeypot by the administrator. Each state has its own action set. We present the game with a distinct perceived action set corresponding to each distinct information set of these states. The model facilitates stochastic games with imperfect information. The imperfect information is due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over the states, we use Euclidean distances between outputs of the sensors. A numerical simulation of an example game is presented to show the evaluation of rewards to the players and the preferred strategies. We also present the conditions for formulating the strategies when dealing with more than one attacker and making collaborations.Comment: 31 page

Improving the resilience of cyber-physical systems under strategic adversaries

Renewable energy resources challenge traditional energy system operations by substituting the stability and predictability of fossil fuel based generation with the unreliability and uncertainty of wind and solar power. Rising demand for green energy drives grid operators to integrate sensors, smart meters, and distributed control to compensate for this uncertainty and improve the operational efficiency of the grid. Real-time negotiations enable producers and consumers to adjust power loads during shortage periods, such as an unexpected outage or weather event, and to adapt to time-varying energy needs. While such systems improve grid performance, practical implementation challenges can derail the operation of these distributed cyber-physical systems. Network disruptions introduce instability into control feedback systems, and strategic adversaries can manipulate power markets for financial gain. This dissertation analyzes the impact of these outages and adversaries on cyber-physical systems and provides methods for improving resilience, with an emphasis on distributed energy systems. First, a financial model of an interdependent energy market lays the groundwork for profit-oriented attacks and defenses, and a game theoretic strategy optimizes attack plans and defensive investments in energy systems with multiple independent actors. Then attacks and defenses are translated from a theoretical context to a real-time energy market via denial of service (DoS) outages and moving target defenses. Analysis on two market mechanisms shows how adversaries can disrupt market operation, destabilize negotiations, and extract profits by attacking network links and disrupting communication. Finally, a low-cost DoS defense technique demonstrates a method that energy systems may use to defend against attacks