Updating Economic Methods for Strategic Reasoning in Cybersecurity

pdf

ABSTRACT

The process of cybersecurity is implemented by government agencies and commercial enterprises, and driven by policy decisions and economic incentives. Its objective is to discover vulnerabilities, detect threats, and deploy defenses. The objective of Security Science is to detect threats to security processes themselves, and to improve them. In the case of the cybersecurity processes, some of the threats arise from the economic and organizational mechanisms. The recent burst of supply-chain attacks, and in particular of the persistent attacks on the suppliers of the security services, made the Security Science into a practical necessity. In this report, I describe the high-level assumptions of the economic component of Security Science studied in the current project.

Slides found here.

BIO

Dusko Pavlovic was born in Sarajevo, studied mathematics and programming in Utrecht, taught at McGill, Imperial College London, Oxford, and Royal Holloway, before joining University of Hawaii in 2014. In the meantime he also spent 10 years trying to build software in Palo Alto CA. His research interests evolved from pure mathematics, through theoretical computer science and software engineering, to network computation and security, with excursions into quantum computation and game theory. He authored more than 100 refereed publications. In his ample spare time he enjoys providing strategic advice to his 3 children and writing about himself in third person.

Tags:
License: CC-2.5
Submitted by Regan Williams on