Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Decision-Making Frameworks for Network Resilience -- Managing and Mitigating Systemic (Cyber) Risk

Gregor Svindland, Alexander Voß

TL;DR

This work introduces a decision-making framework tailored for the management of systemic risk in networks and draws parallels to risk management of other complex systems where analogous approaches may be adequate.

Abstract

We introduce a decision-making framework tailored for the management of systemic risk in networks. This framework is constructed upon three fundamental components: (1) a set of acceptable network configurations, (2) a set of interventions aimed at risk mitigation, and (3) a cost function quantifying the expenses associated with these interventions. While our discussion primarily revolves around the management of systemic cyber risks in digital networks, we concurrently draw parallels to risk management of other complex systems where analogous approaches may be adequate.

Decision-Making Frameworks for Network Resilience -- Managing and Mitigating Systemic (Cyber) Risk

TL;DR

This work introduces a decision-making framework tailored for the management of systemic risk in networks and draws parallels to risk management of other complex systems where analogous approaches may be adequate.

Abstract

We introduce a decision-making framework tailored for the management of systemic risk in networks. This framework is constructed upon three fundamental components: (1) a set of acceptable network configurations, (2) a set of interventions aimed at risk mitigation, and (3) a cost function quantifying the expenses associated with these interventions. While our discussion primarily revolves around the management of systemic cyber risks in digital networks, we concurrently draw parallels to risk management of other complex systems where analogous approaches may be adequate.
Paper Structure (55 sections, 29 theorems, 67 equations, 9 figures)

This paper contains 55 sections, 29 theorems, 67 equations, 9 figures.

Table of Contents

  1. Introduction
  2. A Motivating Example
  3. Literature
  4. Outline
  5. Decision-Making Frameworks for Network Resilience
  6. Graphs and Networks
  7. Acceptance Sets
  8. Interventions
  9. Cost Function
  10. Decision-Making Frameworks for Network Resilience
  11. Properties of Acceptance Sets for Systemic Cyber Risk Management
  12. P1
  13. P2
  14. P3
  15. P4
  16. ...and 40 more sections

Key Result

Lemma 2.7

Suppose that the non-empty set $\mathcal{I}$ of interventions is not (partially) self-reverse in the sense that for all $G\in\mathcal{G}$ and all $\alpha\in [\mathcal{I}]$ with $\alpha(G)\neq G$, there is no $\kappa\in[\mathcal{I}]$ such that $\kappa\circ \alpha(G)=G$. Then defines a partial order on $\mathcal{G}$. In particular, $\mathcal{I}$ is risk-reducing for $\mathcal{A}$ if and only if $\m

Figures (9)

  • Figure 1: A stylized cyber map consisting of a cyber and a financial (sub-)network. The figure is taken from Euro2022 and owned by Deutsche Bundesbank. Reproduced with permission.
  • Figure 2: A graph that contains a super-spreader node (left), and a complete graph, where any node is a star node.
  • Figure 3: Splitting (left to right) and merging (right to left) as mutually reverse operations. Targeted nodes are coloured in red.
  • Figure 5: An undirected ring graph (left), an undirected line graph (middle), and a directed line graph (right), all consisting of $N=7$ nodes.
  • Figure 6: Infection and recovery for the SIR network model.
  • ...and 4 more figures

Theorems & Definitions (76)

  • Example 2.1
  • Remark 2.2
  • Definition 2.3
  • Definition 2.4
  • Definition 2.5
  • Definition 2.6
  • Lemma 2.7
  • proof
  • Definition 2.8
  • Definition 2.9
  • ...and 66 more