Upload
others
View
28
Download
0
Embed Size (px)
Citation preview
Modeling Cyber-InsuranceTowards a Unifying Framework
Rainer Bohme?and Galina Schwartz†
∗University of Munster, Germany †EECS, UC Berkeley
November 10 - 11, 2010TRUST Workshop at Stanford University
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
Talk Outline
1. Characteristics of Cyber-Risk
2. Framework Overview
3. Selected FeaturesI Network topologyI Unified approach to interdependent security and correlated risk
4. Discussion and Conclusion
Galina Schwartz Cyber-Insurance
1Characteristics of Cyber-Risk
Galina Schwartz Cyber-Insurance
What Is Specific to Cyber-Risks ?
success factors of ICT
Cyber-risks [focal features]
distribution & interconnection
→ interdependent securityown security dependson other parties’ actions(security)
universality & reuse
→ correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
What Is Specific to Cyber-Risks ?
success factors of ICT Cyber-risks [focal features]
distribution & interconnection → interdependent securityown security dependson other parties’ actions(security)
universality & reuse
→ correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
What Is Specific to Cyber-Risks ?
success factors of ICT Cyber-risks [focal features]
distribution & interconnection → interdependent securityown security dependson other parties’ actions(security)
universality & reuse → correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
What Is Specific to Cyber-Risks ?
success factors of ICT Cyber-risks [focal features]
distribution & interconnection → interdependent securityown security dependson other parties’ actions(security)
universality & reuse → correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
Examples
Textbook risks [economics & insurance literature]
neither interdependence nor correlation
Airline baggage security
interdependence, but no correlation
Kunreuther & Heal, 2003
Natural disasters in the actuarial literature
spatial correlation, but no interdependence
Embrechts et al., 1999
Cyber-insurance
BOTH interdependence and correlation. . .
Galina Schwartz Cyber-Insurance
Examples
Textbook risks [economics & insurance literature]
neither interdependence nor correlation
Airline baggage security
interdependence, but no correlation
Kunreuther & Heal, 2003
Natural disasters in the actuarial literature
spatial correlation, but no interdependence
Embrechts et al., 1999
Cyber-insurance
BOTH interdependence and correlation[never modeled together so far]
Galina Schwartz Cyber-Insurance
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal models
interdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
Focusof the Cyber-Insurance Models
interdependent security (IDS)correlated risk
information asymmetries
Ogut et al., 2005
Hofmann, 2007
Bolot & Lelarge, 2008
Lelarge & Bolot, 2009
Schwartz et al., 2009
Radosavac et al., 2008
Bandyopadhyay et al., 2009
Bohme, 2005
Bohme & Kataria, 2006
Galina Schwartz Cyber-Insurance
2Framework Overview
Galina Schwartz Cyber-Insurance
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal models
interdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature
4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature
4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
Overview of Model Attributes
1. network environment 2. demand side 3. supply side
defense function node control market structurenetwork topology heterogeneity insurer risk aversionrisks features agent risk aversion insurer markupattacker model action space &
timingcontract design
4. information structure 5. organizational environment
Information asymmetries regulator(s)Their timing: ICT manufacturersex ante (adverse selection) network intermediariesex post (moral hazard) security service providers
Galina Schwartz Cyber-Insurance
Variables of Interest
Cyber-insurance market
Under which conditions will cyber-insurance thrive?
Network security
Can we expect fewer attacks if cyber-insurance is broadlyadopted?
Social welfare
Will the world be a better place with cyber-riskreallocation?
Galina Schwartz Cyber-Insurance
3Selected Features
Galina Schwartz Cyber-Insurance
Network TopologyExamples
ideosyncratic fully connected single-factor model Erdos-Renyi graph
hardware failure email spam OS vulnerability inter-organizationaldependence
→ Comprehensive insurance policies are bundles of contracts.
Galina Schwartz Cyber-Insurance
Network TopologyExamples
ideosyncratic fully connected single-factor model Erdos-Renyi graph
hardware failure email spam OS vulnerability inter-organizationaldependence
→ Comprehensive insurance policies are bundles of contracts.
Galina Schwartz Cyber-Insurance
Network TopologyExamples
ideosyncratic fully connected single-factor model Erdos-Renyi graph
hardware failure email spam OS vulnerability inter-organizationaldependence
→ Comprehensive insurance policies are bundles of contracts.
Galina Schwartz Cyber-Insurance
Unifying “Interdependence” and “Correlation”
Defense function D for node i (security interdependence only):
Pi = D(li ,wi , s,G , . . . )
li – size of loss
wi – initial wealth
s – vector of security investments: s = si ∪ sj 6=i
G – network topology
Defense function D for node i (simplified):
pi = D(si , s,G , . . . )
Galina Schwartz Cyber-Insurance
Illustration
Node i
Node j
security si
security sj
probability pi
probability pj
loss event xi loss event xj
D
D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
Illustration
Node i
Node j
security si
security sj
probability pi
probability pj
loss event xi
loss event xj
D
D
nature
nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
“Interdependence” and “Correlation” together
Security interdependence and correlated risk can be modeled jointly[D dependent on both security choices s and realizations x.]
Defense function D for node i
pi = D(si , s,G , x, . . . )
s – vector of security investments: s = si ∪ sj 6=i
G – network topology
pi – probability of loss for node i
Galina Schwartz Cyber-Insurance
4Discussion and Conclusion
Galina Schwartz Cyber-Insurance
Dependent Variablesin the Cyber-Insurance Literature
network securityinsurer market
social welfare
Ogut et al., 2005
Hofmann, 2007
Radosavac et al., 2008
Bolot & Lelarge, 2008
Lelarge & Bolot, 2009
Schwartz et al., 2010
Bandyopadhyay et al., 2009
Bohme, 2005
Bohme & Kataria, 2006
Galina Schwartz Cyber-Insurance
Discrepanciesbetween Statements and Models
Cyber-insurers will improve information about security
. . . but relevant parameters are not included in models.
Cyber-insurers will positively affect (i) agents’ securitydecisions (ii) the network environment
. . . but existing models of contracts do not reflect that;... real cyber-insurers do not condition premiums on security.
Broad adoption of cyber-insurance will change (i) insurermarket structure(s) and (ii) behavior of ICTmanufacturers
. . . but never modeled parametrically.
Galina Schwartz Cyber-Insurance
To Do
Future papers should model (i.e., endogenize) key parameters of:network environment, etc.
Example:endogenous network formation [model of platform switching]
Policy recommendations should be justified by formal (gametheory) models.
Galina Schwartz Cyber-Insurance
To Do
Future papers should model (i.e., endogenize) key parameters of:network environment, etc.
Example:endogenous network formation [model of platform switching]
Policy recommendations should be justified by formal (gametheory) models.
Galina Schwartz Cyber-Insurance
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
To Do
Future papers should model (i.e., endogenize) key parameters of:network environment, etc.
Example:endogenous network formation [model of platform switching]
Policy recommendations should be justified by formal (gametheory) models.
Galina Schwartz Cyber-Insurance
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
Q & A
Thank you for your attention.
Rainer Bohme?and Galina Schwartz†
∗University of Munster, Germany †EECS, UC Berkeley
November 10 - 11, 2010TRUST Workshop at Stanford University
Galina Schwartz
Galina Schwartz