towards a unifying framework - ptolemy project...towards a unifying framework rainer bohme ? and...
TRANSCRIPT
![Page 1: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/1.jpg)
Modeling Cyber-InsuranceTowards a Unifying Framework
Rainer Bohme?and Galina Schwartz†
∗University of Munster, Germany †EECS, UC Berkeley
November 10 - 11, 2010TRUST Workshop at Stanford University
![Page 2: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/2.jpg)
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
![Page 3: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/3.jpg)
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
![Page 4: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/4.jpg)
Talk Outline
1. Characteristics of Cyber-Risk
2. Framework Overview
3. Selected FeaturesI Network topologyI Unified approach to interdependent security and correlated risk
4. Discussion and Conclusion
Galina Schwartz Cyber-Insurance
![Page 5: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/5.jpg)
1Characteristics of Cyber-Risk
Galina Schwartz Cyber-Insurance
![Page 6: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/6.jpg)
What Is Specific to Cyber-Risks ?
success factors of ICT
Cyber-risks [focal features]
distribution & interconnection
→ interdependent securityown security dependson other parties’ actions(security)
universality & reuse
→ correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
![Page 7: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/7.jpg)
What Is Specific to Cyber-Risks ?
success factors of ICT Cyber-risks [focal features]
distribution & interconnection → interdependent securityown security dependson other parties’ actions(security)
universality & reuse
→ correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
![Page 8: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/8.jpg)
What Is Specific to Cyber-Risks ?
success factors of ICT Cyber-risks [focal features]
distribution & interconnection → interdependent securityown security dependson other parties’ actions(security)
universality & reuse → correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
![Page 9: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/9.jpg)
What Is Specific to Cyber-Risks ?
success factors of ICT Cyber-risks [focal features]
distribution & interconnection → interdependent securityown security dependson other parties’ actions(security)
universality & reuse → correlated risksincidents cause furtherincidents
+
= complexity → imperfect information
Galina Schwartz Cyber-Insurance
![Page 10: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/10.jpg)
Examples
Textbook risks [economics & insurance literature]
neither interdependence nor correlation
Airline baggage security
interdependence, but no correlation
Kunreuther & Heal, 2003
Natural disasters in the actuarial literature
spatial correlation, but no interdependence
Embrechts et al., 1999
Cyber-insurance
BOTH interdependence and correlation. . .
Galina Schwartz Cyber-Insurance
![Page 11: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/11.jpg)
Examples
Textbook risks [economics & insurance literature]
neither interdependence nor correlation
Airline baggage security
interdependence, but no correlation
Kunreuther & Heal, 2003
Natural disasters in the actuarial literature
spatial correlation, but no interdependence
Embrechts et al., 1999
Cyber-insurance
BOTH interdependence and correlation[never modeled together so far]
Galina Schwartz Cyber-Insurance
![Page 12: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/12.jpg)
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal models
interdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
![Page 13: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/13.jpg)
Focusof the Cyber-Insurance Models
interdependent security (IDS)correlated risk
information asymmetries
Ogut et al., 2005
Hofmann, 2007
Bolot & Lelarge, 2008
Lelarge & Bolot, 2009
Schwartz et al., 2009
Radosavac et al., 2008
Bandyopadhyay et al., 2009
Bohme, 2005
Bohme & Kataria, 2006
Galina Schwartz Cyber-Insurance
![Page 14: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/14.jpg)
2Framework Overview
Galina Schwartz Cyber-Insurance
![Page 15: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/15.jpg)
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
![Page 16: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/16.jpg)
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
![Page 17: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/17.jpg)
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
![Page 18: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/18.jpg)
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal models
interdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
![Page 19: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/19.jpg)
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
![Page 20: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/20.jpg)
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature
4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
![Page 21: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/21.jpg)
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature
4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
![Page 22: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/22.jpg)
Overview of Model Attributes
1. network environment 2. demand side 3. supply side
defense function node control market structurenetwork topology heterogeneity insurer risk aversionrisks features agent risk aversion insurer markupattacker model action space &
timingcontract design
4. information structure 5. organizational environment
Information asymmetries regulator(s)Their timing: ICT manufacturersex ante (adverse selection) network intermediariesex post (moral hazard) security service providers
Galina Schwartz Cyber-Insurance
![Page 23: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/23.jpg)
Variables of Interest
Cyber-insurance market
Under which conditions will cyber-insurance thrive?
Network security
Can we expect fewer attacks if cyber-insurance is broadlyadopted?
Social welfare
Will the world be a better place with cyber-riskreallocation?
Galina Schwartz Cyber-Insurance
![Page 24: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/24.jpg)
3Selected Features
Galina Schwartz Cyber-Insurance
![Page 25: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/25.jpg)
Network TopologyExamples
ideosyncratic fully connected single-factor model Erdos-Renyi graph
hardware failure email spam OS vulnerability inter-organizationaldependence
→ Comprehensive insurance policies are bundles of contracts.
Galina Schwartz Cyber-Insurance
![Page 26: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/26.jpg)
Network TopologyExamples
ideosyncratic fully connected single-factor model Erdos-Renyi graph
hardware failure email spam OS vulnerability inter-organizationaldependence
→ Comprehensive insurance policies are bundles of contracts.
Galina Schwartz Cyber-Insurance
![Page 27: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/27.jpg)
Network TopologyExamples
ideosyncratic fully connected single-factor model Erdos-Renyi graph
hardware failure email spam OS vulnerability inter-organizationaldependence
→ Comprehensive insurance policies are bundles of contracts.
Galina Schwartz Cyber-Insurance
![Page 28: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/28.jpg)
Unifying “Interdependence” and “Correlation”
Defense function D for node i (security interdependence only):
Pi = D(li ,wi , s,G , . . . )
li – size of loss
wi – initial wealth
s – vector of security investments: s = si ∪ sj 6=i
G – network topology
Defense function D for node i (simplified):
pi = D(si , s,G , . . . )
Galina Schwartz Cyber-Insurance
![Page 29: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/29.jpg)
Illustration
Node i
Node j
security si
security sj
probability pi
probability pj
loss event xi loss event xj
D
D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
![Page 30: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/30.jpg)
Illustration
Node i
Node j
security si
security sj
probability pi
probability pj
loss event xi
loss event xj
D
D
nature
nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
![Page 31: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/31.jpg)
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
![Page 32: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/32.jpg)
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
![Page 33: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/33.jpg)
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
![Page 34: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/34.jpg)
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
![Page 35: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/35.jpg)
Illustration
Node i Node j
security si security sj
probability pi probability pj
loss event xi loss event xj
D D
nature nature
Topology G
interdependent security
correlated risk
Modeling interdependence AND information asymmetries is hard;modeling correlated risks is hard. requires recursive methods; maylead to complex equilibrium configurations (& dynamics).
Galina Schwartz Cyber-Insurance
![Page 36: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/36.jpg)
“Interdependence” and “Correlation” together
Security interdependence and correlated risk can be modeled jointly[D dependent on both security choices s and realizations x.]
Defense function D for node i
pi = D(si , s,G , x, . . . )
s – vector of security investments: s = si ∪ sj 6=i
G – network topology
pi – probability of loss for node i
Galina Schwartz Cyber-Insurance
![Page 37: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/37.jpg)
4Discussion and Conclusion
Galina Schwartz Cyber-Insurance
![Page 38: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/38.jpg)
Dependent Variablesin the Cyber-Insurance Literature
network securityinsurer market
social welfare
Ogut et al., 2005
Hofmann, 2007
Radosavac et al., 2008
Bolot & Lelarge, 2008
Lelarge & Bolot, 2009
Schwartz et al., 2010
Bandyopadhyay et al., 2009
Bohme, 2005
Bohme & Kataria, 2006
Galina Schwartz Cyber-Insurance
![Page 39: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/39.jpg)
Discrepanciesbetween Statements and Models
Cyber-insurers will improve information about security
. . . but relevant parameters are not included in models.
Cyber-insurers will positively affect (i) agents’ securitydecisions (ii) the network environment
. . . but existing models of contracts do not reflect that;... real cyber-insurers do not condition premiums on security.
Broad adoption of cyber-insurance will change (i) insurermarket structure(s) and (ii) behavior of ICTmanufacturers
. . . but never modeled parametrically.
Galina Schwartz Cyber-Insurance
![Page 40: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/40.jpg)
To Do
Future papers should model (i.e., endogenize) key parameters of:network environment, etc.
Example:endogenous network formation [model of platform switching]
Policy recommendations should be justified by formal (gametheory) models.
Galina Schwartz Cyber-Insurance
![Page 41: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/41.jpg)
To Do
Future papers should model (i.e., endogenize) key parameters of:network environment, etc.
Example:endogenous network formation [model of platform switching]
Policy recommendations should be justified by formal (gametheory) models.
Galina Schwartz Cyber-Insurance
![Page 42: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/42.jpg)
Framework
1.network
environment(nodes)
1.network
environment(nodes)
2.demand side
(agents)
2.demand side
(agents)
3.supply side(insurers)
3.supply side(insurers)
playersnature 4. information structure
5. organizational environment
4. information structure
5. organizational environment
design
utility
risk risk
Galina Schwartz Cyber-Insurance
![Page 43: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/43.jpg)
To Do
Future papers should model (i.e., endogenize) key parameters of:network environment, etc.
Example:endogenous network formation [model of platform switching]
Policy recommendations should be justified by formal (gametheory) models.
Galina Schwartz Cyber-Insurance
![Page 44: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/44.jpg)
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
![Page 45: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/45.jpg)
Cyber-Insurance: Research Papers
2011. . .
2002 2003 2004 2005 2006 2007 2008 2009 2010
formal modelsinterdependent security (IDS)
correlated riskinformation asymmetries
enthusiasm
obstacles
Galina Schwartz Cyber-Insurance
![Page 46: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/46.jpg)
Q & A
Thank you for your attention.
Rainer Bohme?and Galina Schwartz†
∗University of Munster, Germany †EECS, UC Berkeley
November 10 - 11, 2010TRUST Workshop at Stanford University
Galina Schwartz
![Page 47: Towards a Unifying Framework - Ptolemy Project...Towards a Unifying Framework Rainer Bohme ? and Galina Schwartzy University of Munster, Germany yEECS, UC Berkeley November 10 - 11,](https://reader030.vdocuments.site/reader030/viewer/2022040616/5f12bfd3206be62c097627c9/html5/thumbnails/47.jpg)
Galina Schwartz