Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits
- PDF / 2,055,028 Bytes
- 12 Pages / 595.276 x 790.866 pts Page_size
- 65 Downloads / 185 Views
Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits Kjell Hausken 1
&
Jonathan W. Welburn 2
# The Author(s) 2020
Abstract Two players strike balances between allocating resources for defense and production of zero-day exploits. Production is further allocated into cyberattack or stockpiling. Applying the Cobb Douglas expected utility function for equivalent players, an analytical solution is determined where each player’s expected utility is inverse U shaped in each player’s unit defense cost. More generally, simulations illustrate the impact of varying nine parameter values relative to a benchmark. Increasing a player’s unit costs of defense or development of zero-days benefits the opposing player. Increasing the contest intensities over the two players’ assets causes the players to increase their efforts until their resources are fully exploited and they receive zero expected utility. Decreasing the Cobb Douglas output elasticity for a player’s stockpiling of zero-days causes its attack to increase and its expected utility to eventually reach a maximum, while the opposing player’s expected utility reaches a minimum. Altering the Cobb Douglas output elasticities for a player’s attack or defense contests towards their maxima or minima causes maximum expected utility for both players. Keywords Game . Cyber security . Zero-days . Vulnerability . Production . Attack . Defense JEL Classification Numbers: C70 . C72 . D72 . D74
1 Introduction 1.1 Background In 2010, the Natanz nuclear facility in Iran suffered a series of malfunctions causing significant damage to its nuclear program. The cause was a sophisticated cyber attack, a worm called Stuxnet, that is widely considered one of the first significant acts of cyber war, in large part, due to its use of zeroday vulnerabilities. The zero-day vulnerability gets its name from a vulnerability in a defender’s computer system being known to the defender for zero days before it was discovered
* Kjell Hausken [email protected] Jonathan W. Welburn [email protected] 1
Faculty of Science and Technology, University of Stavanger, 4036 Stavanger, Norway
2
RAND Corporation, National Security Research Division, 1776 Main St, Santa Monica, CA 90401, USA
through the attack or in some other way. That is, the zero-day was unknown to or unaddressed through public patches or a fix by the defender. Because they are unknown and unpatched, zero-day cyberattacks are highly effective. They are also hard to produce, often requiring a significant allocation of resources by the attacker. As a result, it was noteworthy that the cyberattack on the Natanz facility exploited not one but four zero-day vulnerabilities, a previously unobserved use of cyber firepower. In the new landscape of cyberwar, such zero-day attacks are well-researched and highly prized weapons of cyber armies. The catch? They can only be used once. Cyber armies therefore face the tradeoff between using weapons today or stockpiling them for tomorrow.
1.2 Contributi
Data Loading...
