Game Theoretic Modeling to Enforce Security Information Sharing among Firms

Abstract

Robust CYBersecurity information EXchange (CYBEX) infrastructure is envisioned to protect the firms from future cyber attacks via collaborative threat intelligence sharing, which might be difficult to achieve via sole effort. The executive order from the U. S. federal government clearly encourages the firms to share their cybersecurity breach and patch related information among other federal and private firms for strengthening their as well as nation's security infrastructure. In this paper, we present a game theoretic framework to investigate the economic benefits of cyber-threat information sharing and analyze the impacts and consequences of not participating in the game of information exchange. We model the information exchange framework as distributed non-cooperative game among the firms and investigate the implications of information sharing and security investments. The proposed incentive model ensures and self-enforces the firms to share their breach information truthfully for maximization of its gross utility. Theoretical analysis of the incentive framework has been conducted to find the conditions under which firms' net benefit for sharing security information and investment can be maximized. Numerical results verify that the proposed model promotes such sharing, which helps to relieve their total security technology investment too.