## Game Theory in Cybersecurity

https://www.news.iastate.edu/news/2018/11/14/cybergametheory

In today’s information age, companies seek an effective threat modeling protocol to protect their or their customers’ computer systems and records. Traditionally, threat modeling has adopted a somewhat subjective scale for ranking how much risk a threat poses in a system (there are three levels: low, medium, and high). However, researchers at Iowa State believe modeling the protocol based on game theory can potentially be a better way to assess cyber attack threats on the power grid. Rather than the subjective low, medium, high model from before, game theory could allow a quantitative evaluation of threat. Although the game theory model hasn’t been implemented yet, the researchers hope to use a mathematical optimization model to do so in the near future. The researchers have also based other models in drones, robotics, and transportation systems on game theory, demonstrating how versatile and useful this concept is in real world applications.

This article shows that game theory can be connected to an urgent need in cybersecurity, threat modeling. As discussed in class, game theory attempts to maximize the payoff or benefit of a specific player. In this article, the two players are the system that should be secured and a cyber attacker. Some of the “moves” that would increase payoff for the system include keeping computers behind firewalls with strong authentication and authorization controls. The attacker’s moves would involve methods to get past these controls to maximize their payoff in breaking into a system. Like in many game theory models, the two players work against each other to benefit themselves. Applying game theory to threat modeling can help us better understand the strategies that each player can use and where and how the power grid is susceptible to cyber attacks, given each players’ budgets.