The paper discusses the incentives an agent has to strenghten its operation by applying security tools and techniques. This comes down to balancing the cost of the security measures against the cost of an attack weighed by its probability. To complicate matters, the agent is part of a network of cost-competing agents, that exchange items that each can be part of an attack. Usually an agent will consider security measures only if their cost is lower than the perceived cost of recovering from an attack. The paper shows that the probability of an attack increases in a network of agents (because the attack can be either directed against an agent A, or indirectly through an intermediary agent that exchanges items with agent A). Since the security measures help only in directed attacks against an agent, investing in security pays off only when the risk of an attack through an intermediary is small or zero. Thus, one agent's incentive to apply security measures becomes dependent on the behavior of other agents: if other agents apply security measures, an individual agent might still find it worthwhile (i.e. with a competitive cost) to apply security measures. But if other agents (some or all) do not apply security measures, one's agent security costs reduce its own competitiviness. Open issues:
|