Modeling Cyber-Insurance

Size: px

Start display at page:

Download "Modeling Cyber-Insurance"

Giles Dean
5 years ago
Views:

1 Interational Computer Science Institute & University of California, Berkeley Modeling Cyber-Insurance Towards a Unifying Framework Rainer Böhme, Galina Schwartz Networking Group, ICSI Berkeley EECS, UC Berkeley Workshop on the Economics of Information Security, Harvard, 8 June 2010

2 Talks on Cyber-Insurance at WEIS enthusiasm obstacles WEIS, Harvard, 8 June 2010 Slide 2 of 26

3 Outline 1. Characteristics of Cyber-Risk 2. Framework Overview 3. Selected Features Network topology Unified approach to interdependent security and correlated risk 4. Results and Conclusion WEIS, Harvard, 8 June 2010 Slide 4 of 26

4 1 Characteristics of Cyber-Risk WEIS, Harvard, 8 June 2010 Slide 5 of 26

5 What Is Specific to Cyber-Risk? success factors of ICT risk properties + distribution & interconnection interdependent security own risk depends on other parties actions universality & reuse risk propagation & correlation incidents cause further incidents = complexity imperfect information WEIS, Harvard, 8 June 2010 Slide 6 of 26

6 Examples Conventional risks in the economic insurance literature neither interdependence nor correlation Airline baggage security interdependence, but no correlation Natural disasters in the actuarial literature spatial correlation, but no interdependence Kunreuther & Heal, 2003 Cyber-insurance Embrechts et al., 1999 both interdependence and correlation, but never modeled together WEIS, Harvard, 8 June 2010 Slide 7 of 26

7 Talks on Cyber-Insurance at WEIS interdependent security (IDS) correlated risk information asymmetries enthusiasm obstacles WEIS, Harvard, 8 June 2010 Slide 8 of 26

8 Risk Properties in the Cyber-Insurance Literature information asymmetries Bandyopadhyay et al., 2009 Böhme, 2005 Böhme & Kataria, 2006 Shetty et al., 2009 Radosavac et al., 2008 Ogut et al., 2005 Hofmann, 2007 Bolot & Lelarge, 2008 Lelarge & Bolot, 2009 correlated risk interdependent security (IDS) WEIS, Harvard, 8 June 2010 Slide 9 of 26

9 2 Framework Overview WEIS, Harvard, 8 June 2010 Slide 10 of 26

10 Framework 1. network environment (nodes) design utility risk 2. demand side (agents) risk 3. supply side (insurers) WEIS, Harvard, 8 June 2010 Slide 11 of 26

11 Talks on Cyber-Insurance at WEIS market models enthusiasm obstacles WEIS, Harvard, 8 June 2010 Slide 12 of 26

12 Framework 1. network environment (nodes) design utility risk 2. demand side (agents) risk 3. supply side (insurers) WEIS, Harvard, 8 June 2010 Slide 13 of 26

13 Framework nature players 1. network environment (nodes) 2. demand side (agents) 3. supply side (insurers) WEIS, Harvard, 8 June 2010 Slide 13 of 26

14 Framework 4. information structure 1. network environment (nodes) 2. demand side (agents) 3. supply side (insurers) 5. organizational environment WEIS, Harvard, 8 June 2010 Slide 13 of 26

15 Overview of Model Attributes 1. network environment 2. demand side 3. supply side defense function node control market structure network topology heterogeneity insurers risk aversion risk arrival agents risk aversion markup attacker model action space contract design time higher-order risk transfer 4. information structure 5. organizational environment IA in conventional insurance IA specific to cyber-insurance timing regulator ICT manufacturers network intermediaries security service providers WEIS, Harvard, 8 June 2010 Slide 14 of 26

16 Variables of Interest Breadth of market Under which conditions will a market for cyber-insurance thrive? Network security Can we expect fewer attacks if cyber-insurance is broadly adopted? Social welfare Will the world be a better place with cyber-risk reallocation? WEIS, Harvard, 8 June 2010 Slide 15 of 26

17 3 Selected Features WEIS, Harvard, 8 June 2010 Slide 16 of 26

18 Network Topology Examples ideosyncratic fully connected single-factor model Erdös-Rényi graph hardware failure spam OS vulnerability inter-organizational dependence Comprehensive insurance policies represent bundles of contracts. WEIS, Harvard, 8 June 2010 Slide 17 of 26

19 Unified Approach to IDS and Correlation Defense function for node i: P (L i = l) = D(l, w i, s, G, x) l size of loss (random variable L i ) w i s G initial wealth vector of security investments: s = s i s j i network topology as model of interconnectedness Simplification: fix w and normalize l = 1, then let p i be the probability of a loss at node i and X {0, 1} n be a random vector of realized losses per node. Proposition: interdependent security and correlated risk can be modeled jointly by making s and realizations x of X parameters of D. WEIS, Harvard, 8 June 2010 Slide 18 of 26

20 Illustration Node i security s i D connected in G interdependent security Node j security s j D probability p i nature loss event x i correlated risk probability p j nature loss event x j Risk propagation is hard to tract: the modeling requires recursive methods or approximations and it may lead to dynamic equilibria. WEIS, Harvard, 8 June 2010 Slide 19 of 26

21 4 Results and Conclusion WEIS, Harvard, 8 June 2010 Slide 20 of 26

22 Dependent Variables in the Cyber-Insurance Literature social welfare Shetty et al., 2009 Bandyopadhyay et al., 2009 Böhme, 2005 Böhme & Kataria, 2006 Ogut et al., 2005 Hofmann, 2007 Radosavac et al., 2008 Bolot & Lelarge, 2008 Lelarge & Bolot, 2009 breadth of market network security WEIS, Harvard, 8 June 2010 Slide 21 of 26

23 Discrepancy between Statements and Models Cyber-insurers will improve information about security levels;... but relevant parameters not included in the model. Cyber-insurers will positively affect agents decisions in shaping the network environment;... but existing models of contracts do not reflect these choices. Broad adoption of cyber-insurerance will change the market structure and behavior of ICT manufacturers;... but never modeled parametrically. WEIS, Harvard, 8 June 2010 Slide 22 of 26

24 Endogenize! Future modeling approaches should endogenize key parameters of the network environment, information structure, and organizational environment. Example: endogenous network formation to model platform switching dynamics WEIS, Harvard, 8 June 2010 Slide 23 of 26

25 Framework 4. information structure 1. network environment (nodes) design utility risk 2. demand side (agents) risk 3. supply side (insurers) 5. organizational environment WEIS, Harvard, 8 June 2010 Slide 24 of 26

26 Endogenize! Future modeling approaches should endogenize key parameters of the network environment, information structure, and organizational environment. Example: endogenous network formation to model platform switching dynamics Policy recommendations need better foundations in analytical models. WEIS, Harvard, 8 June 2010 Slide 25 of 26

27 Talks on Cyber-Insurance at WEIS enthusiasm obstacles WEIS, Harvard, 8 June 2010 Slide 26 of 26

28 Talks on Cyber-Insurance at WEIS enthusiasm obstacles WEIS, Harvard, 8 June 2010 Slide 26 of 26

29 Interational Computer Science Institute & University of California, Berkeley Q & A Thank you for your attention. Rainer Böhme, Galina Schwartz Networking Group, ICSI Berkeley EECS, UC Berkeley Workshop on the Economics of Information Security, Harvard, 8 June 2010

Contagion in Cybersecurity Attacks

Contagion in Cybersecurity Attacks Outline of Talk Introduction and Related Literature Berlin, June 2012 Adrian Baldwin, HP Labs, Bristol Iffat Gheyas, University of Aberdeen Christos Ioannidis, University of Bath David Pym, University