may
5
2010

CRCS Seminar: Would a ‘Cyber Warrior’ Protect Us? Exploring Trade-offs Between Attack and Defense of Information Systems

Allan Friedman, CRCS Fellow

CRCS Lunch Seminar
Date: Wednesday, May 5, 2010
Time: 11:45am – 1:15pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Abstract: As information security shifts from the realm of computer science to national security, the priority for safe and secure systems will be balanced against the appeal of using information insecurity as a strategic asset. In“cyber war”, those tasked with defending friendly computer networks are also expected to exploit enemy networks. This paper presents two game-theoretic models of vulnerability discovery and exploitation, where nations must choose between protecting themselves by sharing vulnerability information with ven- dors or pursuing an offensive advantage while remaining at risk. One game describes a cold war of stockpiling, the other allows for actual attack. In both models, we predict that at least one state will have an incentive to pursue an aggressive cyber war posture, rather than secure its own systems. This finding – that a mutually defensive approach to security is not a stable equilibrium – holds up under a range of assumptions about social risk of cybercrime, technical so- phistication, military aggressiveness and the likelihood of vulnerability rediscovery. We conclude with a discussion of the security policy implications of a militarized cyberspace.

(This talk is based on joint work with Tyler Moore and Ariel Procaccia.)

Bio: Allan Friedman is a post-doctoral fellow at the Center for Research in Computation and Society at Harvard's School of Engineering and Applied Sciences. Friedman’s research centers on information technology policy, particularly in the areas of cybersecurity and privacy.. His work spans several disciplines in the social sciences, public policy, and computer science, and it explores issues ranging from cybersecurity regulation to behavioral models of privacy to how organizational behavior can be affected by communication networks. Friedman has a degree in computer science from Swarthmore College and a PhD in Public Policy from Harvard University. He is also affiliated with the Belfer Center for Science and International Affairs and the Harvard Program on Networked Governance.