A Strategic Analysis of Information Sharing Among Cyber Attackers

37 Pages Posted: 14 Sep 2006

See all articles by Anindya Ghose

Anindya Ghose

New York University (NYU) - Leonard N. Stern School of Business

Kjell Hausken

Stavanger University College

Date Written: August 2006

Abstract

We build an analytical framework to model the strategic interactions between a firm and hackers. Firms invest in security to defend against cyber attacks by hackers. Hackers choose an optimal attack, and they share information with each other about the firm's vulnerabilities. Each hacker prefers to receive information, but delivering gives competitive advantage to the other hacker. We find that each hacker's attack and information sharing are strategic complements while one hacker's attack and the other hacker's information sharing are strategic substitutes. Our analysis also reveals the interesting result that the cumulative attack level of the hackers is not affected by the effectiveness of information sharing between them and moreover, is also unaffected by the intensity of joint information sharing. We also find that as the effectiveness of information sharing between hackers increases relative to the investment in attack, the firm's investment in cyber security defense and profit are constant, the hackers' investments in attacks decrease, and information sharing levels and hacker profits increase. In contrast, as the intensity of joint information sharing increases, while the firm's investment in cyber security defense and profit remain constant, the hackers' investments in attacks increase, and the hackers' information sharing levels and profits decrease. Increasing the firm's asset causes all the variables to increase linearly, except information sharing which is constant. We extend our analysis to endogenize the firm's asset and this analysis largely confirms the preceding analysis with a fixed asset.

Keywords: Cyber war, hacking, defense, conflict, contest success function, security investment, information sharing, security breaches.

JEL Classification: C6, C7, D72, D74, D78, D8

Suggested Citation

Ghose, Anindya and Hausken, Kjell, A Strategic Analysis of Information Sharing Among Cyber Attackers (August 2006). Available at SSRN: https://ssrn.com/abstract=928138 or http://dx.doi.org/10.2139/ssrn.928138

Anindya Ghose (Contact Author)

New York University (NYU) - Leonard N. Stern School of Business ( email )

44 West 4th Street
Suite 9-160
New York, NY NY 10012
United States

Kjell Hausken

Stavanger University College ( email )

PO Box 2557
N-4091 Stavanger
Norway

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
329
Abstract Views
2,821
Rank
189,845
PlumX Metrics