Abstract
Critical infrastructure systems spanning from transportation to nuclear operations are vulnerable to cyber attacks. Cyber-insurance and cyber-threat information sharing are two prominent mechanisms to defend cybersecurity issues proactively. However, standardization and realization of these choices have many bottlenecks. In this paper, we discuss the benefits and importance of cybersecurity information sharing and cyber-insurance in the current cyber-warfare situation. We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and cyber-insurance. We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.
Approved for Public Release; Distribution Unlimited: 88ABW-2017-2157, Dated: 04 May 2017. This work was supported by Office of the Assistant Secretary of defense for Research and Engineering (OASD (R&E)) agreement FA8750-15-2-0120, Department of Homeland Security Grant 2015-ST-061-CIRC01 and National Science Foundation (NSF) Award #1528167.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://cdn2.hubspot.net/hubfs/533449/SecurityScorecard_2016_Financial_Report.pdf
https://sentinelone.com/blogs/the-most-devastating-cyber-attacks-on-banks/
http://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
https://www.congress.gov/bill/114th-congress/senate-bill/754
Fischer, E., Liu, E., Rollins, J., Theohary, C.: The 2013 cybersecurity executive order: overview and considerations for congress (2013)
Rutkowski, A., Kadobayashi, Y., Furey, I., Rajnovic, D., Martin, R., Takahashi, T., Schultz, C., Reid, G., Schudel, G., Hird, M., Adegbite, S.: Cybex: the cybersecurity information exchange framework (x.1500). SIGCOMM Comput. Commun. Rev. 40, 59–64 (2010)
Wang, T., Kannan, K.N., Ulmer, J.R.: The association between the disclosure and the realization of information security risk factors. Inf. Syst. Res. 24(2), 201–218 (2013)
Dandurand, L., Serrano, O.S.: Towards improved cyber security information sharing. In: 5th International Conference on Cyber Conflict, pp. 1–16. IEEE (2013)
de Fuentes, J.M., González-Manzano, L., Tapiador, J., Peris-Lopez, P.: Pracis: privacy-preserving and aggregatable cybersecurity information sharing. Comput. Secur. 69, 127–141 (2016). doi:10.1016/j.cose.2016.12.011. ISSN 0167-4048
Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Sharing information on computer systems security: an economic analysis. J. Acc. Publ. Policy 22(6), 461–485 (2003)
Cavusoglu, H., Raghunathan, S., Yue, W.T.: Decision-theoretic and game-theoretic approaches to it security investment. J. Manag. Inf. Syst 25(2), 281–304 (2008)
Tosh, D.K., Sengupta, S., Mukhopadhyay, S., Kamhoua, C., Kwiat, K.: Game theoretic modeling to enforce security information sharing among firms. In: IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 7–12 (2015)
Tosh, D.k., Molloy, M., Sengupta, S., Kamhoua, C.A., Kwiat, K.A.: Cyber-investment and cyber-information exchange decision modeling. In: IEEE 7th International Symposium on Cyberspace Safety and Security, pp. 1219–1224 (2015)
Hausken, K.: A strategic analysis of information sharing among cyber hackers. JISTEM-J. Inf. Syst. Technol. Manag 12(2), 245–270 (2015)
Gal-Or, E., Ghose, A.: The economic consequences of sharing security information. Econ. inf. secur 12, 95–105 (2004)
Kamhoua, C., Martin, A., Tosh, D.K., Kwiat, K., Heitzenrater, C., Sengupta, S.: Cyber-threats information sharing in cloud computing: a game theoretic approach. In: IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 382–389 (2015)
Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)
Böhme, R., Schwartz, G., et al.: Modeling cyber-insurance: towards a unifying framework. In: WEIS(2010)
Grossklags, J., Christin, N., Chuang, J.: Secure or insure?: a game-theoretic analysis of information security games. In: Proceedings of the 17th international conference on World Wide Web, pp. 209–218. ACM (2008)
Pal, R., Golubchik, L.: Analyzing self-defense investments in internet security under cyber-insurance coverage. In: 2010 IEEE 30th International Conference on Distributed Computing Systems (ICDCS), pp. 339–347. IEEE (2010)
Young, D., Lopez, J., Rice, M., Ramsey, B., McTasney, R.: A framework for incorporating insurance in critical infrastructure cyber risk strategies. Int. J. Crit. Infrastruct. Prot. 14, 43–57 (2016)
Kesan, J.P., Hayes, C.M.: Creating a circle of trust to further digital privacy and cybersecurity goals, Mich. St. L. Rev., p. 1475 (2014)
Tosh, D.K., Sengupta, S., Kamhoua, C.A., Kwiat, K.A., Martin, A.: An evolutionary game-theoretic framework for cyber-threat information sharing. In: IEEE International Conference on Communications, ICC, pp. 7341–7346 (2015)
Tosh, D., Sengupta, S., Kamhoua, C.A., Kwiat, K.A.: Establishing evolutionary game models for cyber security information exchange (CYBEX). J. Comput. Syst. Sci. (19 October 2016). doi:10.1016/j.jcss.2016.08.005. ISSN 0022-0000
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Tosh, D.K., Shetty, S., Sengupta, S., Kesan, J.P., Kamhoua, C.A. (2017). Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance. In: Duan, L., Sanjab, A., Li, H., Chen, X., Materassi, D., Elazouzi, R. (eds) Game Theory for Networks. GameNets 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 212. Springer, Cham. https://doi.org/10.1007/978-3-319-67540-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-67540-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67539-8
Online ISBN: 978-3-319-67540-4
eBook Packages: Computer ScienceComputer Science (R0)