6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Merritt Baer<br />
refined the metrics for estimating impact and intent of cyberattack, and applies Markov game theory, a<br />
stochastic approach. (Shen et al. 2007) However the two-player stochastic model is not valid any time<br />
when more than one player is involved, and this is the more likely scenario— as in the case of a<br />
generalized security model that would account for more than one player as a potential threat, or a<br />
model that includes potential alliances.<br />
The minimax solution in zero-sum games is Nash equilibrium (where each player is at her optimal<br />
level, taking into account the other players' strategy). There exists “at least one Nash equilibrium,<br />
possibly involving mixed strategies, for any normal- form static game with a finite number of players<br />
and strategies” (Jamakka, 2005:14). However, in cyberwarfare, there are obstacles to reaching<br />
minimax stasis: there is no assumption that it is a zero-sum game (power may exist relative to others<br />
but in cyber there can be emerging forms of power and there may be no clear endpoint that signifies<br />
“winning”); there may be more than two players; players may make simultaneous and overlapping<br />
moves (instead of taking turns like in chess); and there is no valid assumption of perfect information<br />
(one‟s minimax strategy may depend on knowing the capabilities of the other players).<br />
Moreover, the possibility of alliances disrupts Nash equilibrium because if players can agree on<br />
strategies different from minimax, they may achieve higher payouts. The classic example of this is a<br />
cartel manipulating the market; in the cyber realm, it could take the form of inter- national or even nonnationstate<br />
collaboration among players. U.S. vulnerability to alliance-making by other players is<br />
accentuated by the fact that we have more to lose— our government and our private-sector cyber<br />
capabilities/ data are overall more valuable than other countries' (Hathaway, 2009:16).<br />
Some, including former Department of Homeland Security Secretary Michael Chertoff (in Espiner<br />
2010) compare nuclear strategy to cyber strategy. However, cyber weapons defy nuclear game<br />
theoretic strategy because cyber weapons are amorphous and can be pinpointed— used as a scalpel<br />
instead of, or as well as, a hammer. Even cyber weapons that are clearly war-oriented, like Stuxnet,<br />
can be more controlled and monitored in use than nuclear weapons, may take time to detect and may<br />
cover the executor‟s tracks. Unlike the nuclear arena, in which even those with capabilities have so far<br />
resisted employing nuclear weapons, cyberwar weapons have been and will continue to actually<br />
come into use—but in nuanced and creative ways that elude traditional definitions of use of force,<br />
weapons, or war.<br />
For all these reasons, it seems likely that we cannot use game theory in the traditional method of<br />
modeling the game‟s endpoints and then reversing the moves that would lead to stasis, because we<br />
may never reach equilibrium. This is another way of saying that the game may have multiple Nash<br />
equilibria-- “Game theory cannot necessarily predict the outcome of a game if there are more than<br />
one Nash equilibriums [sic] for the game. Especially when a game has multiple Nash equilibriums [sic]<br />
with conflicting payoffs...” (Jamakka et al., 2005: 14). If the parties do not reach stasis then by<br />
definition the game will continue because players have an incentive to change their decision--it is only<br />
at equilibrium that (optimal payout exists and therefore) there is no incentive to change decisions.<br />
Accordingly, this paper‟s analysis begins from an acknowledgment that in cyberwar, there may be no<br />
“solution.” In cyberwar, unlike in checkers, game theory cannot follow each decision path to its<br />
conclusion and then trace the right decisions back. The “right decisions” may evolve and the endpoint,<br />
if there is one, is unknown. However, game theory continues to be useful in cyberwar strategy<br />
because the rational predictability of game theory will continue to drive decisions and seek out<br />
patterns in them, and because game theory may identify and intelligently weight nodes of a decision<br />
tree that are not immediately recognizable or historically favored by human decision-makers.<br />
The paper begins by acknowledging a number of ways in which cyberwar defies traditional game<br />
theory models. It describes why a biological model is the most useful analogy, including the<br />
epidemiological response to invasion and the evolutionary tendency toward equilibrium. Then it<br />
explores the benefits of game theory, describing ways in which it is a uniquely useful tool for<br />
cyberwarfare strategy as an ongoing set of decisions in a changing set of conditions.<br />
24