Optimal Partnership Strategies for Cyber Threats

Principal Investigator: 
Performance Period: 
July 2015 to June 2016
Project Status: 
In Progress
Commercialization Status: 
Project Keywords: 
game theory
cyber security
information sharing
The purpose of this research is to integrate operations research and game theory to study the optimal partnership strategies among governmental agencies and private sectors, to prepare for and recover from cyber threats. This project was originally motivated by PI’s conversation with DHS decision makers and FBI agencies, where the partnership and information/intelligence sharing between and among governmental/private sectors were identified to be critical for enhancing cyber security. Such information sharing activities are generally voluntary, and each agency independently makes decisions about partnership. One recent National Institute of Standards and Technology (NIST) report (Johnson et al., 2014) says “To enhance incident response actions and bolster cyber defenses, organizations must harness the collective wisdom of peer organizations through information sharing and coordinated incident response.”   This project will provide insights on governmental and private sectors’ partnership strategies in a cyber security context, by helping addressing questions: (a) whom should agencies share information and partner with? (b) what are the optimal levels of information/resource sharing? (c) what are the tradeoffs and optimal balance between public and private investment in cyber security? (d) what types of incentives/subsidies should be provided to whom in order to achieve the socially optimum level of partnership? and (e) what is the optimal balance between pre-event prevention/preparedness and post-event relief/investigation in cyber security? It is important in the homeland security practice to fill these gaps. In particular, practitioners do not have clear guidelines on how to optimally balance the above tradeoffs and maximize cyber-awareness through partnership. If successful, this research will help to generate practical insights and guidelines, and thereby, improve cyber security practices.