skip to main content

Title: Incentivizing effort in interdependent security games using resource pooling
We consider an InterDependent Security (IDS) game with networked agents and positive externality where each agent chooses an effort/investment level for securing itself. The agents are interdependent in that the state of security of one agent depends not only on its own investment but also on the other agents' effort/investment. Due to the positive externality, the agents under-invest in security which leads to an inefficient Nash equilibrium (NE). While much has been analyzed in the literature on the under-investment issue, in this study we take a different angle. Specifically, we consider the possibility of allowing agents to pool their resources, i.e., allowing agents to have the ability to both invest in themselves as well as in other agents. We show that the interaction of strategic and selfish agents under resource pooling (RP) improves the agents' effort/investment level as well as their utility as compared to a scenario without resource pooling. We show that the social welfare (total utility) at the NE of the game with resource pooling is higher than the maximum social welfare attainable in a game without resource pooling but by using an optimal incentive mechanism. Furthermore, we show that while voluntary participation in this latter scenario is not generally true, it is guaranteed under resource pooling.  more » « less
Award ID(s):
1739517 1616575
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
Proceedings of the 14th Workshop on the Economics of Networks, Systems and Computation
Page Range / eLocation ID:
Article No. 5
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Network games are commonly used to capture the strategic interactions among interconnected agents in simultaneous moves. The agents’ actions in a Nash equilibrium must take into account the mutual dependencies connecting them, which is typically obtained by solving a set of fixed point equations. Stackelberg games, on the other hand, model the sequential moves between agents that are categorized as leaders and followers. The corresponding solution concept, the subgame perfect equilibrium, is typically obtained using backward induction. Both game forms enjoy very wide use in the (cyber)security literature, the network game often as a template to study security investment and externality – also referred to as the Interdependent Security (IDS) games – and the Stackelberg game as a formalism to model a variety of attacker-defender scenarios. In this study we examine a model that combines both types of strategic reasoning: the interdependency as well as sequential moves. Specifically, we consider a scenario with a network of interconnected first movers (firms or defenders, whose security efforts and practices collectively determine the security posture of the eco-system) and one or more second movers, the attacker(s), who determine how much effort to exert on attacking the many potential targets. This gives rise to an equilibrium concept that embodies both types of equilibria mentioned above. We will examine how its existence and uniqueness conditions differ from that for a standard network game. Of particular interest are comparisons between the two game forms in terms of effort exerted by the defender(s) and the attacker(s), respectively, and the free-riding behavior among the defenders. 
    more » « less
  2. Large‐area, long‐duration power outages are increasingly common in the United States, and cost the economy billions of dollars each year. Building a strategy to enhance grid resilience requires an understanding of the optimal mix of preventive and corrective actions, the inefficiencies that arise when self‐interested parties make resilience investment decisions, and the conditions under which regulators may facilitate the realization of efficient market outcomes. We develop a bi‐level model to examine the mix of preventive and corrective measures that enhances grid resilience to a severe storm. The model represents a Stackelberg game between a regulated utility (leader) that may harden distribution feeders before a long‐duration outage and/or deploy restoration crews after the disruption, and utility customers with varying preferences for reliable power (followers) who may invest in backup generators. We show that the regulator's denial of cost recovery for the utility's preventive expenditures, coupled with the misalignment between private objectives and social welfare maximization, yields significant inefficiencies in the resilience investment mix. Allowing cost recovery for a higher share of the utility's capital expenditures in preventive measures, extending the time horizon associated with damage cost recovery, and adopting a storm restoration compensation mechanism shift the realized market outcome toward the efficient solution. If about one‐fifth of preventive resilience investments is approved by regulators, requiring utilities to pay a compensation of $365 per customer for a 3‐day outage (about seven times the level of compensation currently offered by US utilities) provides significant incentives toward more efficient preventive resilience investments. 
    more » « less
  3. We consider information design in spatial resource competition, motivated by ride sharing platforms sharing information with drivers about rider demand. Each of N co-located agents (drivers) decides whether to move to another location with an uncertain and possibly higher resource level (rider demand), where the utility for moving increases in the resource level and decreases in the number of other agents that move. A principal who can observe the resource level wishes to share this information in a way that ensures a welfare-maximizing number of agents move. Analyzing the principal’s information design problem using the Bayesian persuasion framework, we study both private signaling mechanisms, where the principal sends personalized signals to each agent, and public signaling mechanisms, where the principal sends the same information to all agents. We show: 1) For private signaling, computing the optimal mechanism using the standard approach leads to a linear program with 2 N variables, rendering the computation challenging. We instead describe a computationally efficient two-step approach to finding the optimal private signaling mechanism. First, we perform a change of variables to solve a linear program with O(N^2) variables that provides the marginal probabilities of recommending each agent move. Second, we describe an efficient sampling procedure over sets of agents consistent with these optimal marginal probabilities; the optimal private mechanism then asks the sampled set of agents to move and the rest to stay. 2) For public signaling, we first show the welfare-maximizing equilibrium given any common belief has a threshold structure. Using this, we show that the optimal public mechanism with respect to the sender-preferred equilibrium can be computed in polynomial time. 3) We support our analytical results with numerical computations that show the optimal private and public signaling mechanisms achieve substantially higher social welfare when compared with no-information and full-information benchmarks. 
    more » « less
  4. This paper highlights how cyber risk dependencies can be taken into consideration when underwrit- ing cyber-insurance policies. This is done within the context of a base rate insurance policy framework, which is widely used in practice. Specifically, we show that there is an opportunity for an underwriter to better control the risk dependency and the risk spill-over, ultimately resulting in lower overall cyber risks across its portfolio. To do so, we consider a Service Provider (SP) and its customers as the interdependent insurer’s customers: a data breach suffered by the SP can cause business interruption to its customers. In underwriting both the SP and its customers, we show that the insurer can increase its profit by incentivizing the SP (through a discount on its premium) to invest more in security, thereby decreasing the chance of business interruption to the customers and increasing social welfare. For comparison, we also consider a scenario where the insurer underwrites only the SP’s customers (but not the SP), and receives compensation from the SP’s insurance carrier when losses are attributed to the SP. We show that the insurer cannot outperform the case where it underwrites both the SP and its customers. We use an actual cyber-insurance policy and claims data to calibrate and substantiate our analytical findings. 
    more » « less
  5. Observational learning models seek to understand how distributed agents learn from observing the actions of others. In the basic model, agents seek to choose between two alternatives, where the underlying value of each alternative is the same for each agent. Agents do not know this value but only observe a noisy signal of the value and make their decision based on this signal and observations of other agents’ actions. Here, instead we consider a scenario in which the choices faced by an agent exhibit a negative externality so that value of a choice may decrease depending on the history of other agents selecting that choice. We study the learning behavior of Bayesian agents with such an externality and show that this can lead to very different outcomes compared to models without such an externality. 
    more » « less