Network Security and Contagion

69 Pages Posted: 29 Jun 2013 Last revised: 24 May 2023

See all articles by Daron Acemoglu

Daron Acemoglu

Massachusetts Institute of Technology (MIT) - Department of Economics; Centre for Economic Policy Research (CEPR); National Bureau of Economic Research (NBER)

Azarakhsh Malekian

University of Toronto - Rotman School of Management; Massachusetts Institute of Technology (MIT) - Electrical Engineering and Computer Science

Asuman E. Ozdaglar

Massachusetts Institute of Technology (MIT) - Department of Electrical Engineering and Computer Science

Multiple version iconThere are 2 versions of this paper

Date Written: June 2013

Abstract

We develop a theoretical model of security investments in a network of interconnected agents. Network connections introduce the possibility of cascading failures due to an exogenous or endogenous attack depending on the profile of security investments by the agents. The general presumption in the literature, based on intuitive arguments or analysis of symmetric networks, is that because security investments create positive externalities on other agents, there will be underinvestment in security. We show that this reasoning is incomplete because of a first-order economic force: security investments are also strategic substitutes. In a general (non-symmetric) network, this implies that underinvestment by some agents will encourage overinvestment by others. We demonstrate by means of examples that there can be overinvestment by some agents and also that aggregate probabilities of infection can be lower in equilibrium compared to the social optimum. We then provide sufficient conditions for underinvestment. This requires both sufficiently convex cost functions (convexity alone is not enough) and networks that are either symmetric or locally tree-like. We also characterize the impact of network structure on equilibrium and optimal investments. Finally, we show that when the attack location is endogenized (by assuming that the attacker chooses a probability distribution over the location of the attack in order to maximize damage), there is an additional incentive for overinvestment: greater investment by an agent shifts the attack to other parts of the network.

Suggested Citation

Acemoglu, Daron and Malekian, Azarakhsh and Ozdaglar, Asuman E., Network Security and Contagion (June 2013). NBER Working Paper No. w19174, Available at SSRN: https://ssrn.com/abstract=2287033

Daron Acemoglu (Contact Author)

Massachusetts Institute of Technology (MIT) - Department of Economics ( email )

50 Memorial Drive
Room E52-380b
Cambridge, MA 02142
United States
617-253-1927 (Phone)
617-253-1330 (Fax)

Centre for Economic Policy Research (CEPR)

London
United Kingdom

National Bureau of Economic Research (NBER)

1050 Massachusetts Avenue
Cambridge, MA 02138
United States

Azarakhsh Malekian

University of Toronto - Rotman School of Management ( email )

105 St. George Street
Toronto, Ontario M5S 3E6 M5S1S4
Canada

Massachusetts Institute of Technology (MIT) - Electrical Engineering and Computer Science ( email )

77 Massachusetts Avenue
Cambridge, MA 02139-4307
United States

Asuman E. Ozdaglar

Massachusetts Institute of Technology (MIT) - Department of Electrical Engineering and Computer Science ( email )

50 Memorial Drive
Cambridge, MA 02139-4307
United States
617-324-0058 (Phone)

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
30
Abstract Views
783
PlumX Metrics