Abstract
In this paper, we develop a supply chain network game theory model consisting of retailers and demand markets with retailers competing noncooperatively in order to maximize their expected profits by determining their optimal product transactions as well as cybersecurity investments subject to nonlinear budget constraints that include the cybersecurity investment cost functions. The consumers at the demand markets reflect their preferences through the demand price functions, which depend on the product demands and on the average level of cybersecurity in the supply chain network. We identify the supply chain network vulnerability to cyberattacks as well as that of the individual retailers. We demonstrate that the governing Nash equilibrium conditions can be formulated as a variational inequality problem and we provide a novel alternative formulation, along with the accompanying theory. We also propose an algorithm for the alternative formulation, which yields, at each iteration, closed form expressions in product transactions, security levels, and Lagrange multipliers associated with the budget constraints. We then apply the algorithm to compute solutions to a spectrum of numerical supply chain network cybersecurity investment examples. The examples broaden our understanding of the impacts of the addition of retailers, changes in budgets, demand price functions, and financial damages, on equilibrium product transactions and cybersecurity investments, as well as on the supply chain network vulnerability and retailer vulnerability under budget constraints.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Akerlof, G. A. (1970). The market for ’lemons’: Quality uncertainty and the market mechanism. Quarterly Journal of Economics, 84(3), 488–500.
Caruthers, R. (2014). JPMorgan will double cybersecurity spending but many other companies may cut costs. Fierce Financial IT, October 14.
CBS News. (2014). Why SPSSlashDollar250 million didn’t protect JP Morgan from hackers. Retrieved from: http://www.cbsnews.com/news/why-250m-didnt-protect-jp-morgan-from-hackers/.
Center for Strategic and International Studies. (2014). Net losses: Estimating the global cost of cybercrime. California: Santa Clara.
Cournot, A. A. (1838). Researches into the mathematical principles of the theory of wealth, English translation. London: MacMillan.
Daniele, P. (2006). Dynamic networks and evolutionary variational inequalities. Cheltenham: Edward Elgar Publishing.
Daras, N. J., & Rassias, M. T. (Eds.). (2015). Computation, cryptography, and network security. Cham: Springer.
Dupuis, P., & Nagurney, A. (1993). Dynamical systems and variational inequalities. Annals of Operations Research, 44, 9–42.
EY. (2013). Under cyber attack: EYs global information security report. Retrieved from: http://www.ey.com/Publication/vwLUAssets/EY_-_2013_Global_Information_Security_Survey/$FILE/EY-GISS-Under-cyber-attack.pdf
Gabay, D., & Moulin, H. (1980). On the uniqueness and stability of Nash equilibria in noncooperatiive games. In A. Bensoussan, P. Kleindorfer, & C. S. Tapiero (Eds.), Applied stochastic control in econometrics and management science (pp. 271–294). Amsterdam: North-Holland.
Glazer, E. (2015). J.P. Morgan to accelerate timeline for cybersecurity spending boost. The Wall Street Journal, August 3. Retrieved from: http://www.wsj.com/articles/j-p-morgan-to-accelerate-timeline-for-cybersecurity-spending-boost-1438641746.
IT Security (2015). Sony spends SPSSlashDollar15 million on security industry views. Retrieved from: http://www.itsecurityguru.org/2015/02/04/sony-spends-15-million-security-industry-views/.
Kinderleher, D., & Stampacchia, G. (1980). Variational inequalities and their applications. New York: Academic Press.
Kirk, J. (2014). Target contractor says it was victim of cyberattack. PC World, February 6. Retrieved from: http://www.pcworld.com/article/2095560/target-contractor-says-it-was-victim-of-cyberattack.html.
Koshal, J., Nedic, A., & Shanbhag, U. V. (2011). Multiuser optimization, distributed algorithms and error analysis. SIAM Journal on Optimization, 21(3), 1046–1081.
Lewis, D. (2014). Sony Pictures data breach and the PR Nightmare. Forbes, December 16.
Manshei, M. H., Zhu, Q., Alpcan, T., Basar, T., & Hubaux, J.-P. (2013). Game theory meets networks security and privacy. ACM Computing Surveys, 45(3), 25:1–25:39.
Nagurney, A. (1999). Network economics: A variational inequality approach, second and (revised ed.). Boston, MA: Kluwer.
Nagurney, A. (2006). Supply chain network economics: Dynamics of prices, flows, and profits. Cheltenham: Edward Elgar.
Nagurney, A. (2015). A multiproduct network economic model of cybercrime in financial services. Service Science, 7(1), 70–81.
Nagurney, A., Nagurney, L. S., & Shukla, S. (2015). A supply chain game theory framework for cybersecurity investments under network vulnerability. In N. Daras & M Th Rassias (Eds.), Computation, cryptography, and network security (pp. 381–398). Cham: Springer.
Nagurney, A., & Zhang, D. (1996). Projected dynamical systems and variational inequalities with applications. Boston, MA: Kluwer.
Nash, J. F. (1950). Equilibrium points in n-person games. Proceedings of the National Academy of Sciences, USA, 36, 48–49.
Nash, J. F. (1951). Noncooperative games. Annals of Mathematics, 54, 286–298.
PricewaterhouseCoopers. (2014a). Managing cyber risks in an interconnected world: Key findings from The Global State of Information Security Survey 2015, September 30.
PricewaterhouseCoopers. (2014b). US cybercrime: Rising risks, reduced readiness Key findings from the 2014 US state of cybercrime survey. Retrieved from: http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.
Purnell, N. (2015). Cyberdefense spending rises amin high profile hacks. The Wall Street Journal, April 8, 2015.
Rue, R., Pfleeger, S.L., & Ortiz, D. (2007). A framework for classifying and comparing models of cyber security investment to support policy and decision-making. In Proceedings of the sixth workshop on the economics of information security (WEIS 2007), Pittsburgh, Pennsylvania, June 7–8.
Shetty, N. G. (2010). Design of network architectures: Role of game theory and economics. PhD dissertation, Technical Report No. UCB/EECS-2010-91, Electrical Engineering and Computer Sciences, University of California at Berkeley, June 4.
Shetty, N., Schwartz, G., Felegehazy, M., & Walrand, J. (2009). Competitive cyber-insurance and Internet security. In Proceedings of the eighth workshop on the economics of information security (WEIS 2009), University College London, England, June 24–25.
Toyasaki, F., Daniele, P., & Wakolbinger, T. (2014). A variational inequality formulation of equilibrium models for end-of-life products with nonlinear constraints. European Journal of Operational Research, 236, 340–350.
Yakowicz, W. (2014). Be prepared to up your cybersecurity budget. Inc, February 26.
Acknowledgments
This research of the first author was supported by the National Science Foundation (NSF) Grant CISE #1111276, for the NeTS: Large: Collaborative Research: Network Innovation Through Choice project awarded to the University of Massachusetts Amherst as well as by the Advanced Cyber Security Center through the Grant: Cybersecurity Risk Analysis for Enterprise Security. This support is gratefully acknowledged. The authors thank the two anonymous reviewers for their careful reading of the original manuscript and many constructive comments, which have improved the presentation of the results.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nagurney, A., Daniele, P. & Shukla, S. A supply chain network game theory model of cybersecurity investments with nonlinear budget constraints. Ann Oper Res 248, 405–427 (2017). https://doi.org/10.1007/s10479-016-2209-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10479-016-2209-1