You can only die once interdependent security in an uncertain world
Download
1 / 34

- PowerPoint PPT Presentation


  • 168 Views
  • Updated On :

You Can Only Die Once: Interdependent Security in an Uncertain World . Howard Kunreuther Center for Risk Management and Decision Processes The Wharton School University of Pennsylvania ([email protected]) CIS620/OPIM952 February 11, 2003. Characteristics of the Problem.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - lanza


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
You can only die once interdependent security in an uncertain world l.jpg
You Can Only Die Once:Interdependent Security in an Uncertain World

Howard Kunreuther

Center for Risk Management and Decision Processes

The Wharton School

University of Pennsylvania

([email protected])

CIS620/OPIM952

February 11, 2003


Characteristics of the problem l.jpg
Characteristics of the Problem

  • Risk faced by one person depends

    on actions of others (negative stochastic externalities)

  • Non-additive damages (You can only die once – two events no worse than one)


What is interdependent security l.jpg
What is Interdependent Security?

Protect against a risk by making an investment

Airline can invest in baggage security system to reduce chance of bomb explosions

Investment in computer protection against viruses and hackers

BUT can be contaminated by others even after investing

Airline can be contaminated by bags transferred from other airlines that did not invest

Computer can be attacked by viruses from other computers on the network


Types of problems l.jpg
Types of Problems

  • Investing in airline security

  • Securing computer systems against attacks.

  • Avoiding divisional gambles that could bring bankrupt entire firm.

    • Nick Leeson & collapse of Baring’s

    • Arthur Andersen brought into bankruptcy by Houston branch.

  • Investing in Research and Development (R&D)

  • Vaccination Against Diseases


Scenario illustrating ids l.jpg
Scenario Illustrating IDS

Be Careful (BC) Airlines considers installing baggage checking system for added protection.

Needs to balance the cost of this system with reduction in risk of explosion of luggage not only checked in with BC but also from bags of passengers checked in on other airlines & transferred to BC.


Game theory framework identical agents l.jpg
Game Theory Framework Identical Agents

Airlines A1 and A2.

  • Y = income of airline before expenditure on security 

  • Probability contaminated bag is accepted & explodes in A i : p

  • Probability contaminated bag accepted by Ai is transferred to another airline where it explodes : q

  • Loss if a bag explodes : L.

  • Investment Cost of Baggage Security System: c

  • Threatsrespond to security measures


Payoffs contamination l.jpg
Payoffs & Contamination

Investing (S) & Not Investing (N) in Security System

AIRLINE 2

S N

SY -c, Y -c Y- c - qL, Y - pL

AIRLINE 1

N Y- pL, Y – c - qL Y–pL– (1-p)qL, Y–pL– (1-p)qL

If c < pL(1-q) then each will invest.

Alone would invest if c < pL.

Tighter inequality reflects reduced incentive to invest because of interdependence & risk of contamination.

Investment no longer buys complete security


A simple numerical example l.jpg
A Simple Numerical Example

Expected Costs Associated with Investing (S) and

Not Investing (N) in Baggage Security System

AIRLINE 2

S N

SY -95, Y -95 Y-295, Y -100

AIRLINE 1

NY-100, Y -295 Y -280, Y -280

Decisions

If A2 has a security system (S) then it is worthwhile for A1 to invest in one

  Expected losses reduced by pL= - 100

Cost of baggage security system. = 95

If A2 does not invest in security (N) then A1 will not want to invest in one

  Expected losses reduced by p(1-q)L - (280-200) = -80

Cost of baggage security system. = 95


Types of nash equilibria for different c values l.jpg
Types of Nash Equilibria for Different c Values

If c > pL then (N,N) is a dominant strategy

If c < pL(1-q) then (S, S) is dominant strategy

If pL(1-q) < c < pL then (S,S) & (N,N) are Nash equilibria

Illustrative Example: p=.1 q=.2 L=1000

If c > 100 then (N, N) is a dominant strategy

If c < 80 then (S, S) is dominant strategy

If 80 < c <100 then (S,S) & (N,N) are Nash equilibria


Impact of contamination on nash equilibria if there are n agents l.jpg
Impact of Contamination on Nash Equilibria if there are n Agents

Define Xi(n,0) to be the negative externalities to Agent i if it invests in security and none of the other agents do.

What is expected cost to Agent i from investing in security if none of the other agents invest in security?

E(Cost from Investing) = Y - c – Xi(n,0)

What is expected cost to Agent i from not investing in security if none of the other agents invest in security?

E(Cost from Not Investing ) = Y- pL - (1-p) Xi(n,0)

Agent i will only want to invest in security if

Y- c – Xi(n,0) > Y- pL- (1-p) Xi(n,0)

This implies that c < p [L- Xi(n,0)]


Impact of contamination for n agents airline security problem l.jpg
Impact of Contamination for n Agents: Airline Security Problem

What is the expected loss [E(L)] to Airline i if it does not invest in security and none of the others invest in security?

E (L) = pL + (1-p) Xi(n,0)

In the limit as n  then Xi(n,0) = (1 -e-q) L

We know that if c < p[ L –Xi(n,0)] then Airline i will not invest in security

Hence if c < p [e-q L] then Airline i will not invest in security

One can show that the negative externalities to airline i if it invests in security and none of the others do is:

n-2

Xi(n,0) =[q/(n-1)]  [ [1-q/(n-1)] t] L= {1- [1-q/(n-1)] n-1} L

t=0


Impact of contamination on computer security l.jpg
Impact of Contamination on Computer Security

One unprotected computer can infect all the others in the network

Expected negative externalities imposed by all other agents on i = Xi(n,0))

What is the expected loss [E(L)] to Computer i if it invests in security and none of the others do?

E (L) = pL + (1-p) Xi(n,0)

In the limit as n  then Xi(n,0) = L so that E(L)=L

Note: c < p [ L –Xi(n,0) ] for Computer i to want to invest in security

Hence in the limit c < 0 so there is no cost incentive to invest in protecting any machine against viruses or hackers if none of the other machines are protected.

n-2

Xi(n,0) =q L  [ (1-q) t]= [1-(1-q) n-1] L

t=0


More is worse much l.jpg
More is worse – much!

  • Bottom line – one unprotected firm/individual poses a contamination problem for others

  • Link many of them so that security of each depends on what others do and problem gets worse as number of unprotected agents increases

  • Some individuals/firms offer vast policy leverage because of their linkages & positions in the network

    (Have tipping power: Can lead everyone to protect)


Game theory framework heterogeneous agents l.jpg
Game Theory Framework Heterogeneous Agents

Airlines A1 and A2.

  • Y = income of airline before expenditure on security 

  • Probability contaminated bag is accepted & explodes in A i : pi

  • Probability contaminated bag accepted by Ai is transferred to another airline where it explodes : qi

  • Loss if a bag explodes : L.

  • Investment Cost of Baggage Security System for Ai : ci


Payoffs contamination15 l.jpg
Payoffs & Contamination

Investing (S) & Not Investing (N) in Security System

AIRLINE 2

S N

SY –c1 Y –c2Y- c2 – q1 L, Y – p2 L

AIRLINE 1

N Y– p1 L, Y – c2 – q1 L Y – p1 L – (1-p1 )q 2L,

Y – p2 L – (1-p2 )q 1L

If ci < pi L(1-qj ) then each will invest.

Alone would invest if ci < pi L.

Tighter inequality reflects reduced incentive to invest because of interdependence & risk of contamination.

Investment no longer buys complete security


Tipping contamination when airlines have different costs and risks l.jpg
Tipping & contamination when airlines have different costs and risks

Ei (n,0) - negative externalities imposed by airline i on all other airlines when no other airlines invest and airline i changes from investing to not investing

Note Ei (n,0) is externality imposed by airline i on other airlines while Xi (n,0) is externality imposed on airline i when no other airlines invest in security

  • If by switching from N to S a single airline ican cause all others to switch from N to S it will be the one with the highest Ei (n,0). This turns out to be the same as the airline with the highest qi.

  • If by switching from N to S a group of K airlines can cause all others to follow they will be the ones having the K highest Ei (n,0).


Illustrative example of tipping l.jpg
Illustrative Example of Tipping and risks

Consider 3 airlines

  • Airlines 1 and 2 are identical

    (p1 = p2 =0.1; q1 = q2 =0.1; c1 = c2 =90

  • Airline 3 has risks and costs so that the Nash Equilibrium is where no airline invests in security

    ( q3 =0.5 and c3 is high enough so A3 doesn’t want to invest)

    If A3 is taxed so it decides to invest in security it will tip the equilibrium so both A1 and A2 will also want to invest in security


Slide19 l.jpg

100, 100 and risks

c2

Equilibrium in DS is (N,N)

90, 90

Actual costs (85, 85)

in (N,N) region

75, 75

71.25, 71.25

Equilibrium in DS is

(S,S)

c1

Figure 2


Slide20 l.jpg

Equilibrium in DS is (N,N) and risks

c2

100, 100

Equilibrium in DS is

(S,S)

90, 90

Actual costs (85, 85)

in (S,S) region

71.25, 71.25

75, 75

c1

Figure 3


Investing in r d l.jpg
Investing in R&D and risks

Same structure as airline security problem with the following key differences

  • airline security---investment by one airline encourages others to also invest and can lead to tipping behavior

  • R&D—investment by one firm discourages others from following suit and can lead to free riding

    Nash Equilibrium for R&D Problem

  • If no firms are investing then E(return) is at its highest level

  • In all firms are investing then E(return) is at its lowest level

  • If there are gains to being first, there is a wider range where investment by all firms can be a dominant strategy


Slide22 l.jpg

Figure 4 and risks


Bioterrorism vaccination l.jpg
Bioterrorism & Vaccination and risks

  • What should public policy be on smallpox vaccination? (e.g. requiring it for certain groups; voluntary decision)

  • Interdependent security models relevant –

    • You only catch smallpox once

    • My risk depends on whether you are vaccinated

  • Applying IDS models to analyze public policy here


Bioterrorism vaccination24 l.jpg
Bioterrorism & Vaccination and risks

  • Analyze Nash equilibrium of individual choices over vaccination

  • Each person’s choice depends on probability of infection, severity, and costs of vaccination

  • And probability of infection depends on what choices others make


Bioterrorism vaccination25 l.jpg
Bioterrorism & Vaccination and risks

  • Epidemiological models assume either all or none vaccinated

  • Modeling individual choice an important advance as this can make or break public policies

  • Show that a wide range of outcomes is possible and how to influence the outcome


Patterns of vaccination l.jpg
Patterns of vaccination and risks

3 person case

  • c < pL: V,V,V

  • pL < c < pL + (1-p)qL: V,V,NV

  • pL + (1-p)qL < c < TR(3,0)L: V,NV,NV

  • TR(3,0)L < c: NV,NV,NV

    TR(3,0) = total risk of infection to 1 of 3 individuals when noone is vaccinated


Types of interventions internalizing negative externalities l.jpg
Types of Interventions and risks(Internalizing Negative Externalities)

Insurance

  • Not feasible under current system because insurer of agent i does not pay for damage to agent j j i

  • Social insurance provides premium reduction to agent i for reduction in contamination to all other agents

    Liability---This policy tool only works if contaminating agent is held liable for damage to others if it did not invest in protection

    Regulations Importance of well-enforced codes and standards to ensure that cost-effective security measures are adopted


Types of interventions internalizing externalities l.jpg
Types of and risks Interventions(Internalizing Externalities)

Taxation—Can levy a tax of t dollars on any agent that did not invest in protection to encourage them to adopt security measures

Coordinating mechanisms

  • International Air Transport Association (IATA)---require baggage security on all bags to be transferred to other airlines

  • Coops in NYC—Require that all buyers of apartments invest in sprinkler system as a condition for purchase

  • Social norms—role of friends and neighbors


Future research directions l.jpg
Future Research Directions and risks

Prescriptive Questions

  • Do you tax some agents more because they have a greater chance of contaminating others?

  • Role of regulations (e.g. building codes, required baggage check-in)

    Multi-Period and Dynamic Models

  • Importance of time horizon and discount rate

  • How do you get process of investing in security started?

  • Importance of developing sequential models of choice which incorporates learning


Future research directions30 l.jpg
Future Research Directions and risks

Behavioral Considerations

Impact of ambiguity

Misperceptions of risk

Myopia (i.e. short time horizons)

Importance of affect

(e.g. worry, dread, anxiety)


Future research risk management strategies l.jpg
Future Research: Risk Management Strategies and risks

Collecting information on risk and costs (e.g. constructing scenarios so that one can estimate pi qiLiand ciwith greater accuracy)

Designing incentive systems (e.g. subsidies or taxes) to encourage investment by agents in protective measures.

Developing insurance programs for encouraging investment in protective measures when firms are faced with contamination.

Designing well-enforced standards (e.g. building codes for high-rises to withstand future terrorist attacks) using third-party inspections.

Federal reinsurance or state-operated pools providing protection against future losses from terrorist attacks to supplement private insurance

I


Future empirical studies l.jpg
Future Empirical Studies and risks

Why do some agents and organizations invest in protection and others do not when there is an IDS problem?

What actions can the public sector take to encourage property owners and organizations to invest in protective and security measures and constrain others from doing so?

What role can private sector mechanisms such as subsidies, fines, insurance, bank loans and potential liability play?

What are the appropriate roles of taxation, regulations and standards to supplement private sector mechanisms?


Future empirical studies33 l.jpg
Future Empirical Studies and risks

 What institutional mechanisms would aid the decision process of agents in adopting protective measures given that there are interdependent security problems?

Can industry associations (e.g. IATA for the airlines) play an important role in facilitating actions by individual companies?

What types of property rights would encourage agents to undertake security measures?

  • Turkey requires unanimity for apartments to change rules

  • NYC Coops has government board (majority rule)


Conclusions l.jpg
Conclusions and risks

IDS structure – non-additive damages & interdependent risks – characterizes wide range of problems

Airlines, computers, vaccination, R&D, …

Bankruptcy of an organization

Need new computational techniques to take advantage of special problem structure such as ones covered in this course

Need for public-private partnerships


ad