Game Theory and the Cyber domain

According to this leak:

Russia alleged that an arms control race was unfolding in cyberspace and that constraints on state capabilities were necessary

Now where had I heard that before? It was in 2009 while watching a presentation given by iDefense’s Eli Jellenc. In it he presented the following variation of the Prisoner’s Dilemma:

The Security Dilemma

The basic premise of the model is that efforts to increase your own security makes others insecure. In Cyber warfare it is easier to attack than to defend a complex system (or at least it feels that way since time is on the side of the persisent, patient attacker). It is also very difficult at times to distinguish between offense and defense and the fact of the matter is that both the digital underground and the private sector have well established offensive capabilities for hire. The result of the situation is that everybody is forced to deploy offensive capabilies with a spiral of mistrust being built at the same time as a side effect.

Indeed an example of why such a spiral of death is formed is given in “Strategy and the Revolution of Military Afairs: From Theory to Policy“:

“Why, foreign leaders ask, would the world’s only superpower seek radical improvement of its armed forces in the absence of a clear threat? Given the expense of accumulating national power, some may assume it is meant to be used and conclude that the United States is improving its military capabilities in order to impose its will on others. The United States can either accept such suspicions or find a new, less intimidating method of pursuing the revolution in military affairs, perhaps through greater cooperation with potential allies. The problem is that such cooperation could speed the dissemination of new technology, techniques, and ideas, and thus contribute to the emergence of challengers. But if the United States unilaterally pursues the RMA, other states will respond, whether symmetrically or asymmetrically. In turn, knowing the benign intentions of the United States, American leaders and planners will consider this threatening. Why, they will ask, would other states seek to improve their military capability unless contemplating aggression? Vigorous American pursuit of the RMA may make other nations feel less secure and their response will make the United States feel less secure. The result may be a spiral of mutual misperception and a new arms race, albeit a qualitative rather than quantitative one.”

Ironic how I was scolded in a meeting a couple of months ago for mentioning Game Theroy as a tool to study strategies (“Theory is one thing, reality is another”) when in fact we see how such simple models are suited to study reality.

But what do I know dear officer? In his “How cyberattacks threaten real-world peace” TEDxParis talk (a quick summary of which you can read here), Guy-Philippe Goldstein presented the following 1978 model by Rober Jervis in “Cooperation under the security dilemma“:

Cyberwar Game

As Jervis puts it:

“The fear of being exploited is what drives the security dilemma”

Game Theory and the Cyber Domain? What do I know. I simply read about stuff.

Further reading:

Now I am off to read “Security and Game Theorythanks to Sakis.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s