Society For Risk Analysis Annual Meeting 2016

Session Schedule & Abstracts

* Disclaimer: All presentations represent the views of the authors, and not the organizations that support their research. Please apply the standard disclaimer that any opinions, findings, and conclusions or recommendations in abstracts, posters, and presentations at the meeting are those of the authors and do not necessarily reflect the views of any other organization or agency. Meeting attendees and authors should be aware that this disclaimer is intended to apply to all abstracts contained in this document. Authors who wish to emphasize this disclaimer should do so in their presentation or poster. In an effort to make the abstracts as concise as possible and easy for meeting participants to read, the abstracts have been formatted such that they exclude references to papers, affiliations, and/or funding sources. Authors who wish to provide attendees with this information should do so in their presentation or poster.

Common abbreviations

Deterrence Analysis in Homeland Security and Defense

Room: Marina 4   8:30 am–10:00 am

Chair(s): Richard John, Jinshui Cui

Sponsored by Security and Defense Specialty Group

W1-C.1  8:30 am  Deterrence: Exploiting the connection between affect, risk perception and self-efficacy to demotivate an adversary. Burns WJ*; Decision Research

Abstract: This presentation discusses an approach to understanding and facilitating deterrence in the context of domestic threats to commercial aviation and other high valued domestic targets. A theoretical framework is put forth for enhancing deterrence by exploiting the connection between affect, perceived risk, and self-efficacy. There is an extensive scientific literature that looks at the connection between these three factors and how to correct misperceptions. This study seeks to exploit these inherent biases as a way to deter an adversary from seeking to defeat a security system. An example is offered to illustrate the concept.

W1-C.2  8:50 am  Defender-User Coordination and Attacker Deterrence in a Three-way Behavioral Cyber Security Game. Cui J*, John RS, Rosoff H; University of Southern California

Abstract: This study focuses on cyber attackers’ choices in a three-way cyber security game involving attackers, defenders, and users. An attacker can choose to attack the defender (a 2-step action) or the user (a 1-step action) or not to attack. Conversely, the defenders and users select either a standard or enhanced security level. In Experiment 1, a total of 175 respondents played as attackers over 20 rounds of the game and were incentivized based on their performance. The uncertainties involve both defenders’ and users’ security choices, as well as exogenous uncertainty about the outcome. Defenders’ and users’ marginal security levels were held constant, while the relationship between their security levels was manipulated as either complementing, substituting, or nearly independent. In Experiment 2, a total of 497 respondents played as attackers over 30 rounds of a similar game where the outcome of attacker’s move was only contingent upon defenders’ and user’s security levels. The relationship between defenders’ and users’ strategies was again manipulated as either complementing, substituting, or independent. We found that there was greater deterrence (cyber attackers choosing not to attack) for negatively correlated defenses than for independent defenses in both experiments. The effect was stronger under exogenous outcome uncertainty. We also manipulated defenders’ and users’ marginal security levels in Experiment 2. As predicted, there was greater deterrence associated with greater likelihood of enhanced security for both defenders and users. Attackers were more likely to attack defenders (users) when defenders (users) had greater likelihood of standard security than users (defenders). In addition, we found that attackers were more likely to shift from attacking users to defenders after learning users had enhanced security. Attackers were less likely to continue the second step of defender hack (deterred) after learning defenders had enhanced security.

W1-C.3  9:09 am  An Interactive Real-time Behavioral Game For Cyber Security. Kusumastuti SA*, Rosoff F, John RS; University of Southern California

Abstract: This study describes an experiment in the form of a cyber security game with three players: attacker, defender, and user. Attacker is given 3 choices: attack the defender, attack the user or not attack anyone. The defender and user are given 2 choices, to defend either with standard or enhanced security. The outcome of the game depends on the combination of the three player’s choice of action. The likelihood of successfully defending from attacks for the defender and user may be enhanced by cooperating in making their security decisions, therefore there is an incentive to adjust one’s choices according to the other. In this game we observe whether the capability for the defender to see the user’s choice or vice versa would affect their own choice of security level. In addition, we observe if the attacker is sensitive to the level of coordination between attacker and user choices, particularly their likelihood to be deterred from making an attack.This experiment is implemented in o-tree, an online behavioral game platform that allows simultaneous interactive multiplayer games and uses online participants from Amazon Mechanical Turk.

W1-C.4  9:30 am  Behavioral Experimentation Of Cyber Attacker Deterrence With Deter Testbed. Rosoff H*, Blythe J, Kusumastuti S, John R; University of Southern California

Abstract: Deterrence is now being considered as a strategy to prevent and defend against cyber attacks. One part of implementing this strategy is having a powerful defense. If the defender’s security can sufficiently make an attack exceedingly difficult, an attacker might choose not to attack. The challenges of enhanced security are that the number of potential attackers is numerous, there are limited barriers to entry and there is ample opportunity for concealment. In addition, unique to cyber space is the significant distance between attacker and defender at the time of attack, and the potential for attacker concealment. We study the complexities of cyber deterrence by conducting behavioral experiments with DETER (cyber defense technology experimental research interface) on the effects of enhanced security on attacker and defender decision making. By using DETER a more realistic exchange of the iterative process between the attacker and defender can be monitored allowing for collected data to more aptly represent their interactions when deterrence strategies are implemented. In our experiment, participants’ role play as attackers confronted by different defense strategies. Specifically, we study the deterrent effect of layered security and monitoring, in the pursuit of various targets. Layered security is defined as either: (1) a series of moderately effective defense components where each covers the gaps in the other’s protective capabilities or (2) a “best of breed” defense where one component of the integrated layers is implemented and extremely effective. Monitoring is defined as either: (1) a sophisticated monitoring system that when in operation detects all threats; however, this system is randomized and as such is only turned on at specific times, or (2) a less sophisticated monitoring system that is in operation all the time. We assess whether the attacker continues with the planned attack, is diverted to another target, or chooses not to attack after acquiring knowledge about the defensive security in place.

[back to schedule]