Gaming Cybersecurity
Source : http://www.eecs.qmul.ac.uk/~pm/GameSecCameraready.pdf
Today, industries and organizations need to rely on advancing technologies to stay ahead in the competition. However, with increase in digitization comes increase in cyber threats. Thus, one of the largest concern facing global leaders is that of cybersecurity – minimizing their vulnerability to possible threats. However, another major issue of concern raised along the lines of cybersecurity is a “Lack of sufficient funding for it.” The paper highlights how organizations often suffer from underinvestment problems or insufficient spending on cybersecurity. The low budget is unable to provide coverage for their vital assets which can be at risk. It is mentioned that around 86% of Chief Information Security Officers face this problem. Thus, optimally investing in cybersecurity controls has become a “game”, where the payoffs can supplement the growth of an industry or lead it to its misfortune.
The above research provides a methodology for helping in making decisions regarding allocation of budgets for cybersecurity. Here is a summarization: First, modelling of the cybersecurity environment of the organization is done. A strategy is achieved by performing risk analysis of the data assets of an organization. Secondly, based on this strategy and the risk assessments, a formulation of control games is conducted to model interactions between two players – Defender (D) and Attacker (A). The defender D aims to defend an organization’s data assets by minimizing cybersecurity risks while the Attacker A aims to benefit from compromising the defender’s data asset. It is a zero-sum game. To minimize the maximum potential damage inflicted by the attacker, defender D tries to implement the controls in accordance with the Nash Equilibrium. Lastly, these game solutions are then handled by optimization techniques, in particular multi-objective, multiple choice Knapsack to determine the optimal cybersecurity investment.
The above resource connects to the fundamental topics of Game theory – involving Nash Equilibrium, mixed strategies and maximizing payoffs. Hence, it uses these concepts to look at the monetary aspect of cybersecurity.