Abstract
In this paper, we develop a supply chain game theory framework consisting of retailers and consumers who engage in electronic transactions via the Internet and, hence, may be susceptible to cyberattacks. The retailers compete noncooperatively in order to maximize their expected profits by determining their optimal product transactions as well as cybersecurity investments in the presence of network vulnerability. The consumers reveal their preferences via the demand price functions, which depend on the product demands and on the average level of security in the supply chain network. We prove that the governing Nash equilibrium conditions of this model can be formulated as a variational inequality problem, provide qualitative properties of the equilibrium product transaction and security investment pattern, and propose an algorithm with nice features for implementation. The algorithm is then applied to two sets of numerical examples that reveal the impacts on the equilibrium product transactions, the security levels, the product prices, the expected profits, and the retailer vulnerability as well as the supply chain network vulnerability, of such issues as: increased competition, changes in the demand price functions, and changes in the security investment cost functions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akerlof, G.A.: The market for ‘lemons’: quality uncertainty and the market mechanism. Q. J. Econ. 84(3), 488–500 (1970)
Boyson, S.: Cyber supply chain risk management: revolutionizing the strategic control of critical IT systems. Technovation 34(7), 342–353 (2014)
Center for Strategic and International Studies: Net Losses: Estimating the Global Cost of Cybercrime, Santa Clara (2014)
Cournot, A.A.: Researches into the Mathematical Principles of the Theory of Wealth, English translation. MacMillan, London (1838)
Dafermos, S., Nagurney, A.: Oligopolistic and competitive behavior of spatially separated markets. Reg. Sci. Urban Econ. 17, 245–254 (1987)
Dupuis, P., Nagurney, A.: Dynamical systems and variational inequalities. Ann. Oper. Res. 44, 9–42 (1993)
Gabay, D., Moulin, H.: On the uniqueness and stability of Nash equilibria in noncooperative games. In: Bensoussan, A., Kleindorfer, P., Tapiero, C.S. (eds.) Applied Stochastic Control of Econometrics and Management Science. North-Holland, Amsterdam (1980)
Gartner: “Gartner reveals Top 10 Security Myths”, by Ellen Messmer. NetworkWorld (11 June 2013)
Gordon, L.A., Loeb1, M.P., Lucyshyn, W., Zhou, L.: Externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb model. J. Inf. Secur. 6, 24–30 (2015)
Kirk, J.: Target Contractor Says It Was Victim of Cyberattack. PC World (6 February 2014)
Mandiant: M-trends: Beyond the Breach. 2014 Threat report. Alexandria, Virginia (2014)
Manshei, M.H., Alpcan, T., Basar, T., Hubaux, J.-P.: Game theory meets networks security and privacy. ACM Comput. Surv. 45(3), Article No. 25 (2013)
Market Research: United States Information Technology Report Q2 2012 (24 April 2013)
Nagurney, A.. Network Economics: A Variational Inequality Approach, 2nd and revised edn. Kluwer Academic, Boston (1993)
Nagurney, A.: Supply Chain Network Economics: Dynamics of Prices, Flows, and Profits. Edward Elgar, Cheltenham (2006)
Nagurney, A.: A multiproduct network economic model of cybercrime in financial services. Service Science 7(1), 70–81 (2015)
Nagurney, A., Nagurney, L.S.: A Game Theory Model of Cybersecurity Investments with Information Asymmetry. Netnomics, (2015). in press
Nagurney, A., Zhang, D.: Projected Dynamical Systems and Variational Inequalities with Applications. Kluwer Academic, Boston (1996)
Nagurney, A., Yu, M., Masoumi, A.H., Nagurney, L.S.: Networks Against Time: Supply Chain Analytics for Perishable Products. Springer, New York (2013)
Nash, J.F.: Equilibrium points in n-person games. Proc. Natl. Acad. Sci. USA 36, 48–49 (1950)
Nash, J.F.: Noncooperative games. Ann. Math. 54, 286–298 (1951)
Ponemon Institute: Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies (2013)
Shetty, N.G.: Design of Network Architectures: Role of Game Theory and Economics. PhD dissertation, Technical Report No. UCB/EECS-2010-91, Electrical Engineering and Computer Sciences, University of California at Berkeley (4 June 2010)
Shetty, N., Schwartz, G., Felegehazy, M., Walrand, J.: Competitive cyber-insurance and Internet security. In: Proceedings of the Eighth Workshop on the Economics of Information Security (WEIS 2009). University College London, 24–25 June 2009
The Security Ledger: Supply Chain Risk Escapes Notice at Many Firms (6 November 2014)
Zhang, D., Nagurney, A.: On the stability of projected dynamical systems. J. Optim. Theory Appl. 85, 97–124 (1995)
Acknowledgements
This research of the first author was supported by the National Science Foundation (NSF) grant CISE #1111276, for the NeTS: Large: Collaborative Research: Network Innovation Through Choice project awarded to the University of Massachusetts Amherst as well as by the Advanced Cyber Security Center through the grant: Cybersecurity Risk Analysis for Enterprise Security. This support is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Nagurney, A., Nagurney, L.S., Shukla, S. (2015). A Supply Chain Game Theory Framework for Cybersecurity Investments Under Network Vulnerability. In: Daras, N., Rassias, M. (eds) Computation, Cryptography, and Network Security. Springer, Cham. https://doi.org/10.1007/978-3-319-18275-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-18275-9_16
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18274-2
Online ISBN: 978-3-319-18275-9
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)