We introduce a game-theoretic framework to compute optimal and strategic security investments by multiple defenders. Each defender is responsible for the security of multiple assets, with the interdependencies between the assets captured by an interdependency graph. We formulate the problem of computing the optimal defense allocation by a single defender as a convex optimization problem, and es...

We propose a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between info...

Investment in defense by all agents is a socially optimum equilibrium in many interdependent security scenarios. However, practically, some agents might still choose not to invest in security due to bounded rationality and errors, thus decreasing the total social welfare. Previous work shows that providing subsidies may help induce more agents to invest. Our study suggests that giving subsidies...

The interdependency of information security risks often induces firms to invest inefficiently in information technology security management. Cyberinsurance has been proposed as a promising solution to help firms optimize security spending. However, cyberinsurance is ineffective in addressing the investment inefficiency caused by risk interdependency. In this paper, we examine two alternative ri...

The interdependency of information security risks poses a significant challenge for firms to manage security. Firms may overor under-invest in security because security investments generate network externalities. In this paper, we explore how firms can use three risk management approaches, third-party cyberinsurance, managed security service (MSS) and risk pooling arrangement (RPA), to address ...

The new US administration has begun efforts to securitize the substantial problems the United States is currently facing in cyberspace. Recently, President Obama ordered his National Security Council to conduct a rapid review of existing measures being undertaken by the federal government, and provide recommendations for additional ones. Many stakeholders in the US government and private indust...

We investigate certain structural properties of random interdependent networks. We start by studying a property known as r-robustness, which is a strong indicator of the ability of a network to tolerate structural perturbations and dynamical attacks. We show that random k-partite graphs exhibit a threshold for r-robustness, and that this threshold is the same as the one for the graph to have mi...

Today’s Critical Infrastructures (CI) are highly interdependent in order to deliver their services with the required level of quality and availability. Information exchange among interdependent CI plays a major role in CI protection and risk prevention for interconnected CI were cascading effects might occur because of their interdependencies. This paper addresses the problem of the quality of ...