A Supply Chain Game Theory Framework for Cybersecurity Investments Under Network Vulnerability

  • Anna Nagurney
  • Ladimer S. Nagurney
  • Shivani Shukla

Abstract

In this paper, we develop a supply chain game theory framework consisting of retailers and consumers who engage in electronic transactions via the Internet and, hence, may be susceptible to cyberattacks. The retailers compete noncooperatively in order to maximize their expected profits by determining their optimal product transactions as well as cybersecurity investments in the presence of network vulnerability. The consumers reveal their preferences via the demand price functions, which depend on the product demands and on the average level of security in the supply chain network. We prove that the governing Nash equilibrium conditions of this model can be formulated as a variational inequality problem, provide qualitative properties of the equilibrium product transaction and security investment pattern, and propose an algorithm with nice features for implementation. The algorithm is then applied to two sets of numerical examples that reveal the impacts on the equilibrium product transactions, the security levels, the product prices, the expected profits, and the retailer vulnerability as well as the supply chain network vulnerability, of such issues as: increased competition, changes in the demand price functions, and changes in the security investment cost functions.

Keywords

Supply chains Cybersecurity Investments Game theory Nash equilibrium Variational inequalities Network vulnerability 

References

  1. 1.
    Akerlof, G.A.: The market for ‘lemons’: quality uncertainty and the market mechanism. Q. J. Econ. 84(3), 488–500 (1970)CrossRefGoogle Scholar
  2. 2.
    Boyson, S.: Cyber supply chain risk management: revolutionizing the strategic control of critical IT systems. Technovation 34(7), 342–353 (2014)CrossRefGoogle Scholar
  3. 3.
    Center for Strategic and International Studies: Net Losses: Estimating the Global Cost of Cybercrime, Santa Clara (2014)Google Scholar
  4. 4.
    Cournot, A.A.: Researches into the Mathematical Principles of the Theory of Wealth, English translation. MacMillan, London (1838)Google Scholar
  5. 5.
    Dafermos, S., Nagurney, A.: Oligopolistic and competitive behavior of spatially separated markets. Reg. Sci. Urban Econ. 17, 245–254 (1987)CrossRefGoogle Scholar
  6. 6.
    Dupuis, P., Nagurney, A.: Dynamical systems and variational inequalities. Ann. Oper. Res. 44, 9–42 (1993)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Gabay, D., Moulin, H.: On the uniqueness and stability of Nash equilibria in noncooperative games. In: Bensoussan, A., Kleindorfer, P., Tapiero, C.S. (eds.) Applied Stochastic Control of Econometrics and Management Science. North-Holland, Amsterdam (1980)Google Scholar
  8. 8.
    Gartner: “Gartner reveals Top 10 Security Myths”, by Ellen Messmer. NetworkWorld (11 June 2013)Google Scholar
  9. 9.
    Gordon, L.A., Loeb1, M.P., Lucyshyn, W., Zhou, L.: Externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb model. J. Inf. Secur. 6, 24–30 (2015)Google Scholar
  10. 10.
    Kirk, J.: Target Contractor Says It Was Victim of Cyberattack. PC World (6 February 2014)Google Scholar
  11. 11.
    Mandiant: M-trends: Beyond the Breach. 2014 Threat report. Alexandria, Virginia (2014)Google Scholar
  12. 12.
    Manshei, M.H., Alpcan, T., Basar, T., Hubaux, J.-P.: Game theory meets networks security and privacy. ACM Comput. Surv. 45(3), Article No. 25 (2013)Google Scholar
  13. 13.
    Market Research: United States Information Technology Report Q2 2012 (24 April 2013)Google Scholar
  14. 14.
    Nagurney, A.. Network Economics: A Variational Inequality Approach, 2nd and revised edn. Kluwer Academic, Boston (1993)CrossRefGoogle Scholar
  15. 15.
    Nagurney, A.: Supply Chain Network Economics: Dynamics of Prices, Flows, and Profits. Edward Elgar, Cheltenham (2006)Google Scholar
  16. 16.
    Nagurney, A.: A multiproduct network economic model of cybercrime in financial services. Service Science 7(1), 70–81 (2015)CrossRefGoogle Scholar
  17. 17.
    Nagurney, A., Nagurney, L.S.: A Game Theory Model of Cybersecurity Investments with Information Asymmetry. Netnomics, (2015). in pressGoogle Scholar
  18. 18.
    Nagurney, A., Zhang, D.: Projected Dynamical Systems and Variational Inequalities with Applications. Kluwer Academic, Boston (1996)CrossRefGoogle Scholar
  19. 19.
    Nagurney, A., Yu, M., Masoumi, A.H., Nagurney, L.S.: Networks Against Time: Supply Chain Analytics for Perishable Products. Springer, New York (2013)CrossRefGoogle Scholar
  20. 20.
    Nash, J.F.: Equilibrium points in n-person games. Proc. Natl. Acad. Sci. USA 36, 48–49 (1950)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Nash, J.F.: Noncooperative games. Ann. Math. 54, 286–298 (1951)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Ponemon Institute: Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies (2013)Google Scholar
  23. 23.
    Shetty, N.G.: Design of Network Architectures: Role of Game Theory and Economics. PhD dissertation, Technical Report No. UCB/EECS-2010-91, Electrical Engineering and Computer Sciences, University of California at Berkeley (4 June 2010)Google Scholar
  24. 24.
    Shetty, N., Schwartz, G., Felegehazy, M., Walrand, J.: Competitive cyber-insurance and Internet security. In: Proceedings of the Eighth Workshop on the Economics of Information Security (WEIS 2009). University College London, 24–25 June 2009Google Scholar
  25. 25.
    The Security Ledger: Supply Chain Risk Escapes Notice at Many Firms (6 November 2014)Google Scholar
  26. 26.
    Zhang, D., Nagurney, A.: On the stability of projected dynamical systems. J. Optim. Theory Appl. 85, 97–124 (1995)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Anna Nagurney
    • 1
  • Ladimer S. Nagurney
    • 2
  • Shivani Shukla
    • 1
  1. 1.Department of Operations and Information Management, Isenberg School of ManagementUniversity of MassachusettsAmherstUSA
  2. 2.Department of Electrical and Computer EngineeringUniversity of HartfordWest HartfordUSA

Personalised recommendations