Archive@NYU : A Strategic Analysis of Information Sharing Among Cyber Attackers

Faculty Digital Archive

Browse
Communities & Collections
By Date
Authors
Titles
Subjects
Search
Advanced Search
Sign on to:
Get email updates
My Archive
Edit Profile
Help
About the Archive

Archive@NYU >
Stern School of Business >
IOMS: Information Systems Working Papers >

Please use this identifier to cite or link to this item: http://hdl.handle.net/2451/14810

Title:	A Strategic Analysis of Information Sharing Among Cyber Attackers
Authors:	Ghose, Anindya Hausken, Kjell
Keywords:	Cyber war hacking attack defense conflict contest success function security investment information sharing security breaches
Issue Date:	24-Aug-2006
Publisher:	Stern School of Business, New York University
Series/Report no.:	CeDER-06-10
Abstract:	One firm invests in security to defend against cyber attacks by two hackers. Each hacker chooses an optimal attack, and they share information with each other about the firm's vulnerabilities. Each hacker prefers to receive information, but delivering gives competitive advantage to the other hacker. We find that each hacker's attack and information sharing are strategic complements while one hacker's attack and the other hacker's information sharing are strategic substitutes. The attack is inverse U-shaped in the firm's unit defense cost, and reaches zero, while the firm's defense and profit decrease, and the hackers' information sharing and profit increase. The firm's profit increases in the hackers' unit cost of attack, while the hackers' information sharing and profit decrease. Our analysis also reveals the interesting result that the cumulative attack level of the hackers is not affected by the effectiveness of information sharing between them and moreover, is also unaffected by the intensity of joint information sharing. We also find that as the effectiveness of information sharing between hackers increases relative to the investment in attack, the firm's investment in cyber security defense and profit are constant, the hackers' investments in attacks decrease, and information sharing levels and hacker profits increase. In contrast, as the intensity of joint information sharing increases, while the firm's investment in cyber security defense and profit remain constant, the hackers' investments in attacks increase, and the hackers' information sharing levels and profits decrease. Increasing the firm's asset causes all the variables to increase linearly, except information sharing which is constant. We extend our analysis to endogenize the firm's asset and this analysis largely confirms the preceding analysis with a fixed asset.
URI:	http://hdl.handle.net/2451/14810
Appears in Collections:	IOMS: Information Systems Working Papers CeDER Working Papers

Files in This Item:

File	Description	Size	Format
CEDER-06-10.pdf		305.93 kB	Adobe PDF	View/Open

All items in Faculty Digital Archive are protected by copyright, with all rights reserved.

The contents of this archive are either in the public domain or subject to copyright. Please consult NYU's "Handbook for Use of Copyrighted Materials" (http://library.nyu.edu/copyright/copyright.html) for information on using material within the Faculty Digital Archive.
Valid XHTML 1.0 \| CSS