Presentation is loading. Please wait.

Presentation is loading. Please wait.

Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.

Published byTristan Crowder Modified over 10 years ago

Similar presentations

Presentation on theme: "Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management."— Presentation transcript:

1 Geoffrey Heal Graduate School of Business Columbia University gmh1@columbia.edu Howard Kunreuther (kunreuther@wharton.upenn.edu) Center for Risk Management and Decision Processes The Wharton School University of Pennsylvania You Can Only Die Once: Interdependent Security in an Uncertain World

2 Types of Problems Making computer systems more secure against terrorist attacks Investing in airline security Protecting against chemical and nuclear accidents Making buildings more secure against attacks Investing in sprinklers to reduce the chances of apartment fires Avoiding divisional gambles that could bring entire firm into bankruptcy: Nick Leeson, Singapore futures market, and collapse of Baring’s Arthur Andersen brought into bankruptcy by Houston branch

3 Characteristics of the Problem Non Additive Damages (You can only die once) E.g., theft of proprietary data, destruction of data Not minor hassles due to disinfecting from viruses Risk Faced by One Person Depends on Actions Taken by Others (Negative stochastic externalities) E.g., communication among a network of trusted people Not viruses spread from one PC to another by email

4 Scenario Illustrating Interdependent Security Be Careful (BC) computer system considers installing additional computer security measures for added protection Needs to balance the cost of this system with reduction in risk of damage: Not only by attacks against BC directly But also from other computers connected to BC

5 What Is Interdependent Security? An agent can protect itself against a risk by incurring an upfront investment cost: BC computer system can invest in protection against hackers An agent can be contaminated by others even if it is protected: BC computer system can be attacked by “trusted” computer systems that did not invest in protection

6 Interdependent Security Model Assumptions and Notation Consider Two Computer Systems: A 1 and A 2 Y = cost of each computer system before consideration of security Probability of direct attack on A i : p =.1 Probability of attack on A i damaging the other system: q =.2 Probability non-secure computer system damaged: p + (1 – p) p q Loss if a computer system is damaged: L = 1000 Investment cost of security system: c = 95

7 Interdependent Security Model Expected Costs and Decisions Expected Costs Associated with Investing (S) and Not Investing (N) in Security System SYSTEM 2 S N S Y - c, Y - c = Y - c - p q L, = Y - 95, Y - 95 Y - 295, Y - 100 SYSTEM 1 N Y - p L, Y - c - p q L = Y - p L - (1 - p) p q L = Y - 100, Y - 295Y - 280, Y - 280 Decisions If A 2 has a security system (S), then it is worth A 1 investing in one: Expected losses reduced by p L = -100 Cost of security system = 95 If A 2 does not invest in security (N), then A 1 will not want to invest in one: Expected losses reduced by p (1 - q) L - (280 - 200) = -80 Cost of security system = 95

8 Types of Nash Equilibriums For c < p L (1 - p q): (S, S) is the dominant strategy For p L (1 - p q)  c < p L: (S, S) and (N, N) are Nash equilibriums For c  p L: (N, N) is the dominant strategy If the agents have different costs of investing in security measures, then we may find an equilibrium at which only one invests: (N, S) will be a Nash equilibrium if c 1 > p L and c 2 < p L (1 - p q)

9 Impact of Contamination if There Are n Agents When is investment in security a dominant strategy with many agents, If the others have not protected themselves? Computers: No cost incentive for a computer to protect itself against hackers if the number of agents is large enough! When the number of agents is large and none invests in security, then each agent faces a certain loss of L When the number of agents is large, investing in security can never be a dominant strategy for any agent

10 Impact of Contamination if There Are n Agents Payoff to firm 1 from not investing in security when the other n - 1 are also not investing: Payoff from investing: For investment in security to be dominant, you need: In the limit as n , this becomes c<0!

11 Types of Nash Equilibriums For : An agent will want to invest even if all other n-1 agents are unprotected (S, S, …, S) is the dominant strategy For : There are two Nash equilibriums, (S, S, …, S) and (N, N, …, N) Some coordinating mechanism is necessary to ensure investment For c  p L: (N, N, …, N) is the dominant strategy

12 Tipping Behavior When There Is Contamination Suppose the n systems differ in the costs and/or risks they face Define E j (n, 0) as the negative externalities imposed by system j on all other systems when no other systems invest, and system j changes from investing to not investing in security Two Results: If by switching from N to S a single system j can cause all others to switch from N to S, it will be the one that has the highest E j (n,0) If by switching from N to S a group of K systems can cause all others to follow, they will be the ones with the K highest E j (n,0)

13 Types of Interventions (Internalizing Negative Externalities) Insurance— Not feasible under current system, because insurer of agent i does not pay for damage to agent j (j  i) Monopolistic insurer provides premium reduction to agent i for reduction in contamination to all other agents Liability— This policy tool works only if contaminating agent is held liable for damage to others if it did not invest in protection Regulations— Well-enforced codes and standards to ensure that cost-effective security measures are adopted

14 Types of Interventions (Internalizing Externalities) Taxation— Can levy a tax of t dollars on any agent that did not invest in protection to encourage them to adopt security measures Coordinating mechanisms— International Air Transport Association (IATA)— requires baggage security on all bags to be transferred to other airlines Coops in New York—require that all buyers of apartments invest in sprinkler system as a condition for purchase Social norms—role of friends and neighbors

15 Future Research Directions Differential Costs and Risks: Nash equilibrium would be mixture of (S, S, …, N, N) Do you tax some agents more because they have a greater chance of contaminating others? Role of regulations Multi-Period and Dynamic Models: Importance of time horizon and discount rate How do you get process of investing started? Importance of developing sequential models of choice

16 Future Research Directions (cont.) Behavioral Considerations: Misperceptions of risk Myopia (i.e., short time horizons) Importance of affect (e.g., worry, dread, anxiety) Budget constraints

Download ppt "Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management."

Similar presentations

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.
Chapter Outline 7.1 Risk Aversion and Demand for Insurance by Individuals The Effects of Insurance on Wealth Risk Aversion Other Factors Affecting an Individual’s.

Chapter Outline 7.1 Risk Aversion and Demand for Insurance by Individuals The Effects of Insurance on Wealth Risk Aversion Other Factors Affecting an Individual’s.
1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.
Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.

Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.
Moral Hazard.

Moral Hazard.
Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.
Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.

Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.
What is the incentive in insurance premiums? Radek Wasiak, PhD Center for Health Economics and Science Policy.

What is the incentive in insurance premiums? Radek Wasiak, PhD Center for Health Economics and Science Policy.
Game Theory: Inside Oligopoly

Game Theory: Inside Oligopoly
Managing Risk for an Uncertain Future Howard Kunreuther James G. Dinan Professor of Decision Sciences & Public Policy Co-Director.

Managing Risk for an Uncertain Future Howard Kunreuther James G. Dinan Professor of Decision Sciences & Public Policy Co-Director.
Section 34.2 Handling Business Risks

Section 34.2 Handling Business Risks
Game-Theoretic Approaches to Critical Infrastructure Protection Workshop on Statistics and Counterterrorism November 20, 2004 Vicki Bier University of.

Game-Theoretic Approaches to Critical Infrastructure Protection Workshop on Statistics and Counterterrorism November 20, 2004 Vicki Bier University of.
Lecture No. 3 Insurance and Risk.

Lecture No. 3 Insurance and Risk.
Introduction to Derivatives and Risk Management Corporate Finance Dr. A. DeMaskey.

Introduction to Derivatives and Risk Management Corporate Finance Dr. A. DeMaskey.
Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.
Network Security An Economics Perspective IS250 Spring 2010 John Chuang.

Network Security An Economics Perspective IS250 Spring 2010 John Chuang.
Health Insurance October 19, 2006 Insurance is defined as a means of protecting against risk. Risk is a state in which multiple outcomes are possible and.

Health Insurance October 19, 2006 Insurance is defined as a means of protecting against risk. Risk is a state in which multiple outcomes are possible and.
Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.

Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.
Interdependent Security Games and Networks Networked Life CSE 112 Spring 2006 Prof. Michael Kearns.

Interdependent Security Games and Networks Networked Life CSE 112 Spring 2006 Prof. Michael Kearns.
Chapter 2 Insurance and Risk.

Chapter 2 Insurance and Risk.

Similar presentations

Ads by Google