Game Theory for Networks. 7th International EAI Conference, GameNets 2017 Knoxville, TN, USA, May 9, 2017, Proceedings

Research Article

Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance

  • @INPROCEEDINGS{10.1007/978-3-319-67540-4_14,
        author={Deepak Tosh and Sachin Shetty and Shamik Sengupta and Jay Kesan and Charles Kamhoua},
        title={Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance},
        proceedings={Game Theory for Networks. 7th International EAI Conference, GameNets 2017 Knoxville, TN, USA, May 9, 2017, Proceedings},
        proceedings_a={GAMENETS},
        year={2017},
        month={9},
        keywords={Cybersecurity information sharing Cyber-insurance Cyber-threat intelligence Cyber Security Information Sharing Act (CISA)},
        doi={10.1007/978-3-319-67540-4_14}
    }
    
  • Deepak Tosh
    Sachin Shetty
    Shamik Sengupta
    Jay Kesan
    Charles Kamhoua
    Year: 2017
    Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance
    GAMENETS
    Springer
    DOI: 10.1007/978-3-319-67540-4_14
Deepak Tosh1,*, Sachin Shetty2,*, Shamik Sengupta3,*, Jay Kesan4,*, Charles Kamhoua5,*
  • 1: Norfolk State University
  • 2: Old Dominion University
  • 3: University of Nevada
  • 4: University of Illinois
  • 5: Cyber Assurance Branch, Air Force Research Laboratory
*Contact email: dktosh@nsu.edu, sshetty@odu.edu, ssengupta@unr.edu, kesan@illinois.edu, charles.kamhoua.1@us.af.mil

Abstract

Critical infrastructure systems spanning from transportation to nuclear operations are vulnerable to cyber attacks. Cyber-insurance and cyber-threat information sharing are two prominent mechanisms to defend cybersecurity issues proactively. However, standardization and realization of these choices have many bottlenecks. In this paper, we discuss the benefits and importance of cybersecurity information sharing and cyber-insurance in the current cyber-warfare situation. We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and cyber-insurance. We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.