Individual security and network design

Abstract

Individuals derive benefits from being connected to others: computer users benefit from sharing content, criminals benefit from cooperating. Connections, however, may transmit external threats. A virus may spread through a computer network. An investigation may dismantle entire criminal organization. Given agents’ individual incentives to protect, which network(s) should be chosen to maximize agents’ welfare? We consider the tension between the value of being connected and the exposure to contagion when a protection technology is available. There are (n + 2) ‘players’. The designer first chooses the network over the n nodes. Given this network, the nodes (simultaneously) choose whether to protect or not; protection is costly. Finally, the adversary chooses a node to attack. If the attacked node is not protected, then this node and all nodes with a path to the attacked node through unprotected nodes are eliminated. Nodes derive benefits from their connectivity: a surviving node gets, as a gross payoff, an equal share of the value of its surviving component. Component value is a convex and increasing function of its size. Node’s net payoffs are equal to its connectivity payoffs less the cost of protection. The designer seeks to maximize the sum of nodes’ payoffs. The adversary aims to minimize connectivity-related payoffs. The first best design and defence profile that a central planner would choose is as follows. For low costs, all nodes is protected and the network is connected. For intermediate costs, a centrally protected star is chosen. The adversary eliminates a spoke. If costs are high, protection is dropped and network is split into several components. The adversary removes a largest one. A number of problems arise for the designer when he cannot control defence decisions. First, a node does not internalize the benefits accruing to others from its own protection. Thus, it is possible that the center-