Research Magazine 2019

Socially optimal IT investment for cybersecurity

Jomon A. Paul and Xinfang (Jocelyn) Wang

Coles Research Symposium on Homeland Security Special Issue, SIFALL18-01, October 2018

This paper uses the concept of social cost, comprised of private and externality costs, to examine the optimal balance among prevention, detection, and containment measures to safeguard against cybersecurity breaches under three sources of uncertainty. We propose a robust optimization model in tandem with distribution-free ellipsoidal uncertainty sets to ease the challenge of providing exact estimates for uncertain input. Validated on a case study, results from 25 deterministic scenarios reveal, first, a strong preference for allocating resources toward prevention. When budget constraints are relaxed, this preference shifts to containment and detection safeguards. Results from 54 robust test instances indicate that, among the three sources of uncertainty, adjusted effectiveness of prevention safeguards has the greatest impact on both the social cost and optimal balance of the safeguards. Our analysis points to some serious flaws in the existing cybersecurity framework, which mainly relies on prevention, and provides urgently needed guidelines on cybersecurity to decisionmakers. Overview

20 | Coles Research Symposium

Made with FlippingBook - Online catalogs