Skip to main content
SpringerLink
Log in

Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance

  • Conference paper
  • First Online:
Game Theory for Networks (GameNets 2017)

Included in the following conference series:

Abstract

Critical infrastructure systems spanning from transportation to nuclear operations are vulnerable to cyber attacks. Cyber-insurance and cyber-threat information sharing are two prominent mechanisms to defend cybersecurity issues proactively. However, standardization and realization of these choices have many bottlenecks. In this paper, we discuss the benefits and importance of cybersecurity information sharing and cyber-insurance in the current cyber-warfare situation. We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and cyber-insurance. We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.

Approved for Public Release; Distribution Unlimited: 88ABW-2017-2157, Dated: 04 May 2017. This work was supported by Office of the Assistant Secretary of defense for Research and Engineering (OASD (R&E)) agreement FA8750-15-2-0120, Department of Homeland Security Grant 2015-ST-061-CIRC01 and National Science Foundation (NSF) Award #1528167.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 60.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. https://cdn2.hubspot.net/hubfs/533449/SecurityScorecard_2016_Financial_Report.pdf

  2. https://sentinelone.com/blogs/the-most-devastating-cyber-attacks-on-banks/

  3. http://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

  4. https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan

  5. https://www.congress.gov/bill/114th-congress/senate-bill/754

  6. Fischer, E., Liu, E., Rollins, J., Theohary, C.: The 2013 cybersecurity executive order: overview and considerations for congress (2013)

    Google Scholar 

  7. Rutkowski, A., Kadobayashi, Y., Furey, I., Rajnovic, D., Martin, R., Takahashi, T., Schultz, C., Reid, G., Schudel, G., Hird, M., Adegbite, S.: Cybex: the cybersecurity information exchange framework (x.1500). SIGCOMM Comput. Commun. Rev. 40, 59–64 (2010)

    Article  Google Scholar 

  8. Wang, T., Kannan, K.N., Ulmer, J.R.: The association between the disclosure and the realization of information security risk factors. Inf. Syst. Res. 24(2), 201–218 (2013)

    Article  Google Scholar 

  9. Dandurand, L., Serrano, O.S.: Towards improved cyber security information sharing. In: 5th International Conference on Cyber Conflict, pp. 1–16. IEEE (2013)

    Google Scholar 

  10. de Fuentes, J.M., González-Manzano, L., Tapiador, J., Peris-Lopez, P.: Pracis: privacy-preserving and aggregatable cybersecurity information sharing. Comput. Secur. 69, 127–141 (2016). doi:10.1016/j.cose.2016.12.011. ISSN 0167-4048

  11. Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Sharing information on computer systems security: an economic analysis. J. Acc. Publ. Policy 22(6), 461–485 (2003)

    Article  Google Scholar 

  12. Cavusoglu, H., Raghunathan, S., Yue, W.T.: Decision-theoretic and game-theoretic approaches to it security investment. J. Manag. Inf. Syst 25(2), 281–304 (2008)

    Article  Google Scholar 

  13. Tosh, D.K., Sengupta, S., Mukhopadhyay, S., Kamhoua, C., Kwiat, K.: Game theoretic modeling to enforce security information sharing among firms. In: IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 7–12 (2015)

    Google Scholar 

  14. Tosh, D.k., Molloy, M., Sengupta, S., Kamhoua, C.A., Kwiat, K.A.: Cyber-investment and cyber-information exchange decision modeling. In: IEEE 7th International Symposium on Cyberspace Safety and Security, pp. 1219–1224 (2015)

    Google Scholar 

  15. Hausken, K.: A strategic analysis of information sharing among cyber hackers. JISTEM-J. Inf. Syst. Technol. Manag 12(2), 245–270 (2015)

    Google Scholar 

  16. Gal-Or, E., Ghose, A.: The economic consequences of sharing security information. Econ. inf. secur 12, 95–105 (2004)

    Article  Google Scholar 

  17. Kamhoua, C., Martin, A., Tosh, D.K., Kwiat, K., Heitzenrater, C., Sengupta, S.: Cyber-threats information sharing in cloud computing: a game theoretic approach. In: IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 382–389 (2015)

    Google Scholar 

  18. http://www.businessinsurance.com/article/20161207/NEWS06/912310865/Cyber-insurance-market-to-grow-says-Allied-Market-Research

  19. Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)

    Article  Google Scholar 

  20. Böhme, R., Schwartz, G., et al.: Modeling cyber-insurance: towards a unifying framework. In: WEIS(2010)

    Google Scholar 

  21. Grossklags, J., Christin, N., Chuang, J.: Secure or insure?: a game-theoretic analysis of information security games. In: Proceedings of the 17th international conference on World Wide Web, pp. 209–218. ACM (2008)

    Google Scholar 

  22. Pal, R., Golubchik, L.: Analyzing self-defense investments in internet security under cyber-insurance coverage. In: 2010 IEEE 30th International Conference on Distributed Computing Systems (ICDCS), pp. 339–347. IEEE (2010)

    Google Scholar 

  23. Young, D., Lopez, J., Rice, M., Ramsey, B., McTasney, R.: A framework for incorporating insurance in critical infrastructure cyber risk strategies. Int. J. Crit. Infrastruct. Prot. 14, 43–57 (2016)

    Article  Google Scholar 

  24. Kesan, J.P., Hayes, C.M.: Creating a circle of trust to further digital privacy and cybersecurity goals, Mich. St. L. Rev., p. 1475 (2014)

    Google Scholar 

  25. Tosh, D.K., Sengupta, S., Kamhoua, C.A., Kwiat, K.A., Martin, A.: An evolutionary game-theoretic framework for cyber-threat information sharing. In: IEEE International Conference on Communications, ICC, pp. 7341–7346 (2015)

    Google Scholar 

  26. Tosh, D., Sengupta, S., Kamhoua, C.A., Kwiat, K.A.: Establishing evolutionary game models for cyber security information exchange (CYBEX). J. Comput. Syst. Sci. (19 October 2016). doi:10.1016/j.jcss.2016.08.005. ISSN 0022-0000

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Norfolk State University, Norfolk, VA, USA

    Deepak K. Tosh

  2. Virginia Modeling Analysis and Simulation Center, Old Dominion University, Virginia, VA, USA

    Sachin Shetty

  3. Department of Computer Science and Engineering, University of Nevada, Reno, NV, USA

    Shamik Sengupta

  4. College of Law, University of Illinois, Urbana Champaign, IL, USA

    Jay P. Kesan

  5. Cyber Assurance Branch, Air Force Research Laboratory, Rome, NY, USA

    Charles A. Kamhoua

Authors
  1. Deepak K. Tosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sachin Shetty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shamik Sengupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jay P. Kesan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Charles A. Kamhoua
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Deepak K. Tosh .

Editor information

Editors and Affiliations

  1. Engineering Systems and Design Pillar, Singapore University of Technology and Design, Dover, Singapore

    Lingjie Duan

  2. Virginia Tech, Blacksburg, Virginia, USA

    Anibal Sanjab

  3. Electrical Engineering/Computer Sciences, The University of Tennessee, Knoxville, Tennessee, USA

    Husheng Li

  4. School of Data and Computer Science, Higher Education Mega Center, Sun Yat-sen University, Guangzhou, China

    Xu Chen

  5. University of Tennessee, Knoxville, Tennessee, USA

    Donatello Materassi

  6. Laboratoire Informatique d’Avignon (LIA), University of Avignon, Avignon, France

    Rachid Elazouzi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Tosh, D.K., Shetty, S., Sengupta, S., Kesan, J.P., Kamhoua, C.A. (2017). Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance. In: Duan, L., Sanjab, A., Li, H., Chen, X., Materassi, D., Elazouzi, R. (eds) Game Theory for Networks. GameNets 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 212. Springer, Cham. https://doi.org/10.1007/978-3-319-67540-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67540-4_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67539-8

  • Online ISBN: 978-3-319-67540-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation