减轻高级网络攻击的风险:网络武器使用的质量、隐蔽性和强度的作用

IF 1.6 3区经济学 Q2 ECONOMICS

Defence and Peace Economics Pub Date : 2023-01-16 DOI:10.1080/10242694.2022.2161739

Amitai Gilad, A. Tishler

{"title":"减轻高级网络攻击的风险:网络武器使用的质量、隐蔽性和强度的作用","authors":"Amitai Gilad, A. Tishler","doi":"10.1080/10242694.2022.2161739","DOIUrl":null,"url":null,"abstract":"ABSTRACT Modern countries employ computer networks that manage organizations in the private and public sectors. Cyber-attacks aim to disrupt, block, delete, manipulate or steal the data held in these networks, which challenge these countries’ national security. Consequently, cybersecurity programs must be developed to protect these networks from cyber-attacks in a manner that is similar to operations against terrorism. This study presents several models that analyze a contest between a network operator (defender) that deploys costly detectors to protect the network and a capable cyber attacker. Generally, when the deployed detectors become more potent or the defender exhibits higher vigilance, the attacker allocates more resources to R&D to ensure that the attack remains covert. We show that detectors may be substitutes, complements, or even degrade each other, implying that defenders must account for the cyber weapons’ characteristics and the attacker’s profile and strategic behavior. We derive the optimal number of detectors when the attacker’s R&D process features R&D spillovers and show that targeted detectors act as deterrents against high-quality weapons only if the attacker’s budget is not substantial. Finally, we demonstrate that common cybersecurity practices may be detrimental from a social-welfare perspective by enhancing an arms race with the attacker.","PeriodicalId":47477,"journal":{"name":"Defence and Peace Economics","volume":"34 1","pages":"726 - 746"},"PeriodicalIF":1.6000,"publicationDate":"2023-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Mitigating the Risk of Advanced Cyber Attacks: The Role of Quality, Covertness and Intensity of Use of Cyber Weapons\",\"authors\":\"Amitai Gilad, A. Tishler\",\"doi\":\"10.1080/10242694.2022.2161739\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Modern countries employ computer networks that manage organizations in the private and public sectors. Cyber-attacks aim to disrupt, block, delete, manipulate or steal the data held in these networks, which challenge these countries’ national security. Consequently, cybersecurity programs must be developed to protect these networks from cyber-attacks in a manner that is similar to operations against terrorism. This study presents several models that analyze a contest between a network operator (defender) that deploys costly detectors to protect the network and a capable cyber attacker. Generally, when the deployed detectors become more potent or the defender exhibits higher vigilance, the attacker allocates more resources to R&D to ensure that the attack remains covert. We show that detectors may be substitutes, complements, or even degrade each other, implying that defenders must account for the cyber weapons’ characteristics and the attacker’s profile and strategic behavior. We derive the optimal number of detectors when the attacker’s R&D process features R&D spillovers and show that targeted detectors act as deterrents against high-quality weapons only if the attacker’s budget is not substantial. Finally, we demonstrate that common cybersecurity practices may be detrimental from a social-welfare perspective by enhancing an arms race with the attacker.\",\"PeriodicalId\":47477,\"journal\":{\"name\":\"Defence and Peace Economics\",\"volume\":\"34 1\",\"pages\":\"726 - 746\"},\"PeriodicalIF\":1.6000,\"publicationDate\":\"2023-01-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Defence and Peace Economics\",\"FirstCategoryId\":\"96\",\"ListUrlMain\":\"https://doi.org/10.1080/10242694.2022.2161739\",\"RegionNum\":3,\"RegionCategory\":\"经济学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"ECONOMICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Defence and Peace Economics","FirstCategoryId":"96","ListUrlMain":"https://doi.org/10.1080/10242694.2022.2161739","RegionNum":3,"RegionCategory":"经济学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ECONOMICS","Score":null,"Total":0}

引用次数: 1

摘要

摘要现代国家采用计算机网络来管理私营和公共部门的组织。网络攻击旨在破坏、屏蔽、删除、操纵或窃取这些网络中的数据，这对这些国家的国家安全构成了挑战。因此，必须制定网络安全计划，以类似于反恐行动的方式保护这些网络免受网络攻击。这项研究提出了几个模型来分析网络运营商（防御者）和有能力的网络攻击者之间的竞争，网络运营商部署了昂贵的检测器来保护网络。通常，当部署的探测器变得更强大或防御者表现出更高的警惕性时，攻击者会分配更多的资源用于研发，以确保攻击保持隐蔽性。我们表明，检测器可能是相互替代、补充甚至降级的，这意味着防御者必须考虑网络武器的特征以及攻击者的个人资料和战略行为。当攻击者的研发过程具有研发溢出时，我们推导出了检测器的最佳数量，并表明只有当攻击者的预算不多时，目标检测器才能对高质量武器起到威慑作用。最后，我们证明，从社会福利的角度来看，常见的网络安全做法可能会加剧与攻击者的军备竞赛，从而有害。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Mitigating the Risk of Advanced Cyber Attacks: The Role of Quality, Covertness and Intensity of Use of Cyber Weapons

ABSTRACT Modern countries employ computer networks that manage organizations in the private and public sectors. Cyber-attacks aim to disrupt, block, delete, manipulate or steal the data held in these networks, which challenge these countries’ national security. Consequently, cybersecurity programs must be developed to protect these networks from cyber-attacks in a manner that is similar to operations against terrorism. This study presents several models that analyze a contest between a network operator (defender) that deploys costly detectors to protect the network and a capable cyber attacker. Generally, when the deployed detectors become more potent or the defender exhibits higher vigilance, the attacker allocates more resources to R&D to ensure that the attack remains covert. We show that detectors may be substitutes, complements, or even degrade each other, implying that defenders must account for the cyber weapons’ characteristics and the attacker’s profile and strategic behavior. We derive the optimal number of detectors when the attacker’s R&D process features R&D spillovers and show that targeted detectors act as deterrents against high-quality weapons only if the attacker’s budget is not substantial. Finally, we demonstrate that common cybersecurity practices may be detrimental from a social-welfare perspective by enhancing an arms race with the attacker.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Defence and Peace Economics ECONOMICS-

CiteScore

4.00

自引率

18.80%

发文量

期刊介绍： Defence and Peace Economics embraces all aspects of the economics of defence, disarmament, conversion and peace. Examples include the study of alliances and burden-sharing; military spending in developed and developing nations; arms races; terrorism; country surveys; the impact of disarmament on employment and unemployment; the prospects for conversion and the role of public policy in assisting the transition; the costs and benefits of arms control regimes; the arms trade; economic sanctions; the role of the United Nations.