2015
DOI: 10.4301/s1807-17752015000200004
|View full text |Cite
|
Sign up to set email alerts
|

A Strategic Analysis of Information Sharing Among Cyber Attackers

Abstract: We build a game theory model where the market design is such that one firm invests in security to defend against cyber attacks by two hackers. The firm has an asset, which is allocated between the three market participants dependent on their contest success. Each hacker chooses an optimal attack, and they share information with each other about the firm's vulnerabilities. Each hacker prefers to receive information, but delivering information gives competitive advantage to the other hacker. We find that each ha… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
6
0

Year Published

2017
2017
2024
2024

Publication Types

Select...
6
2

Relationship

1
7

Authors

Journals

citations
Cited by 17 publications
(6 citation statements)
references
References 25 publications
0
6
0
Order By: Relevance
“…The 2016 Guide to Cyber Threat Information Sharing, published by the US National Institute of Standards and Technology (NIST), describes the advantages of IS measures for improving cybersecurity 6 as follows: 5 Of course, hostile cyber actors also engage in IS, an interesting issue beyond the present scope. See Hausken (2015). 6 "Cybersecurity" describes the process of applying a "range of actions for the prevention, mitigation, investigation and handling of cyber threats and incidents, and for the reduction of their effects and of the damage caused by them prior, during and after their occurrence."…”
Section: Defining Information Sharingmentioning
confidence: 99%
“…The 2016 Guide to Cyber Threat Information Sharing, published by the US National Institute of Standards and Technology (NIST), describes the advantages of IS measures for improving cybersecurity 6 as follows: 5 Of course, hostile cyber actors also engage in IS, an interesting issue beyond the present scope. See Hausken (2015). 6 "Cybersecurity" describes the process of applying a "range of actions for the prevention, mitigation, investigation and handling of cyber threats and incidents, and for the reduction of their effects and of the damage caused by them prior, during and after their occurrence."…”
Section: Defining Information Sharingmentioning
confidence: 99%
“…Within information security, game theoretic research has focused on data survivability versus security in information systems [27], substitution and interdependence [28][29][30], returns on information security investment [31,32], and information sharing to prevent attacks [33][34][35][36][37]. See Do et al [38], Hausken and Levitin [39], and Roy et al [40] for reviews on game theoretic cybersecurity research.…”
Section: Information Securitymentioning
confidence: 99%
“…(2007) study the investment strategies in defense among defenders in interdependent security scenarios; Ghose et al . study information sharing linked to competition between cyber attackers; Nikoofal and Zhuang (2015), Zhuang et al . (2010), Zhuang et al .…”
Section: Current Information Sharing Architecturesmentioning
confidence: 99%
“…As we discussed, the main inhibitor preventing the private sectors from actively participating in an information sharing system is the concern of information leakage. Interestingly, when it turns to information sharing among cyber hackers, according to Hausken, “an important difference is that whereas two firms incur information leakage costs when sharing information about their vulnerabilities and security breaches, two hackers sharing information about a firm's vulnerabilities do not incur costs in the same manner.” Hausken also suggests that defenders compartmentalize the interaction of hackers with each other or design incentives to isolate them from each other since “hackers may cooperate through sharing information with each other about a firm's vulnerabilities.”…”
Section: Current Information Sharing Architecturesmentioning
confidence: 99%