A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information

Juntao Chen, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we consider a delegated dynamic systemic cyber risk management problem between a resource owner (principal) and a risk manager (agent). The principal can only observe cyber risk outcomes of the network rather than the efforts that the agent spends on protecting the resources. Under this asymmetric information, the principal aims to minimize the systemic cyber risks by designing a dynamic contract that specifies the compensation flows and the anticipated efforts of the manager by taking into account his incentives and rational behaviors. We formulate a bi-level mechanism design problem for dynamic contract design which can be seen as a special class of differential game. We show that the principal has rational controllability of the systemic risk by designing an incentive compatible estimator of the agent's hidden efforts. We characterize the optimal mechanism design by reformulating the problem into a stochastic optimal control program and derive the solution explicitly. We further reveal a separation principle for dynamic risk management where the effort estimation and the compensation design can be achieved separately.

Original languageEnglish (US)
Title of host publication2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages575-582
Number of pages8
ISBN (Electronic)9781538665961
DOIs
StatePublished - Feb 5 2019
Event56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018 - Monticello, United States
Duration: Oct 2 2018Oct 5 2018

Publication series

Name2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018

Conference

Conference56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018
CountryUnited States
CityMonticello
Period10/2/1810/5/18

Fingerprint

Asymmetric Information
Quadratic Differentials
Differential Games
Risk Management
Risk management
Mechanism Design
Incentives
Managers
Effort Estimation
Separation Principle
Stochastic Optimal Control
Resources
Controllability
Minimise
Estimator
Design
Compensation and Redress

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Signal Processing
  • Energy Engineering and Power Technology
  • Control and Optimization

Cite this

Chen, J., & Zhu, Q. (2019). A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information. In 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018 (pp. 575-582). [8636007] (2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ALLERTON.2018.8636007

A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information. / Chen, Juntao; Zhu, Quanyan.

2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018. Institute of Electrical and Electronics Engineers Inc., 2019. p. 575-582 8636007 (2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chen, J & Zhu, Q 2019, A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information. in 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018., 8636007, 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018, Institute of Electrical and Electronics Engineers Inc., pp. 575-582, 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018, Monticello, United States, 10/2/18. https://doi.org/10.1109/ALLERTON.2018.8636007
Chen J, Zhu Q. A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information. In 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018. Institute of Electrical and Electronics Engineers Inc. 2019. p. 575-582. 8636007. (2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018). https://doi.org/10.1109/ALLERTON.2018.8636007
Chen, Juntao ; Zhu, Quanyan. / A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information. 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 575-582 (2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018).
@inproceedings{df3988e8ce064362a119981e3373f6db,
title = "A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information",
abstract = "In this paper, we consider a delegated dynamic systemic cyber risk management problem between a resource owner (principal) and a risk manager (agent). The principal can only observe cyber risk outcomes of the network rather than the efforts that the agent spends on protecting the resources. Under this asymmetric information, the principal aims to minimize the systemic cyber risks by designing a dynamic contract that specifies the compensation flows and the anticipated efforts of the manager by taking into account his incentives and rational behaviors. We formulate a bi-level mechanism design problem for dynamic contract design which can be seen as a special class of differential game. We show that the principal has rational controllability of the systemic risk by designing an incentive compatible estimator of the agent's hidden efforts. We characterize the optimal mechanism design by reformulating the problem into a stochastic optimal control program and derive the solution explicitly. We further reveal a separation principle for dynamic risk management where the effort estimation and the compensation design can be achieved separately.",
author = "Juntao Chen and Quanyan Zhu",
year = "2019",
month = "2",
day = "5",
doi = "10.1109/ALLERTON.2018.8636007",
language = "English (US)",
series = "2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "575--582",
booktitle = "2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018",

}

TY - GEN

T1 - A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information

AU - Chen, Juntao

AU - Zhu, Quanyan

PY - 2019/2/5

Y1 - 2019/2/5

N2 - In this paper, we consider a delegated dynamic systemic cyber risk management problem between a resource owner (principal) and a risk manager (agent). The principal can only observe cyber risk outcomes of the network rather than the efforts that the agent spends on protecting the resources. Under this asymmetric information, the principal aims to minimize the systemic cyber risks by designing a dynamic contract that specifies the compensation flows and the anticipated efforts of the manager by taking into account his incentives and rational behaviors. We formulate a bi-level mechanism design problem for dynamic contract design which can be seen as a special class of differential game. We show that the principal has rational controllability of the systemic risk by designing an incentive compatible estimator of the agent's hidden efforts. We characterize the optimal mechanism design by reformulating the problem into a stochastic optimal control program and derive the solution explicitly. We further reveal a separation principle for dynamic risk management where the effort estimation and the compensation design can be achieved separately.

AB - In this paper, we consider a delegated dynamic systemic cyber risk management problem between a resource owner (principal) and a risk manager (agent). The principal can only observe cyber risk outcomes of the network rather than the efforts that the agent spends on protecting the resources. Under this asymmetric information, the principal aims to minimize the systemic cyber risks by designing a dynamic contract that specifies the compensation flows and the anticipated efforts of the manager by taking into account his incentives and rational behaviors. We formulate a bi-level mechanism design problem for dynamic contract design which can be seen as a special class of differential game. We show that the principal has rational controllability of the systemic risk by designing an incentive compatible estimator of the agent's hidden efforts. We characterize the optimal mechanism design by reformulating the problem into a stochastic optimal control program and derive the solution explicitly. We further reveal a separation principle for dynamic risk management where the effort estimation and the compensation design can be achieved separately.

UR - http://www.scopus.com/inward/record.url?scp=85062876031&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85062876031&partnerID=8YFLogxK

U2 - 10.1109/ALLERTON.2018.8636007

DO - 10.1109/ALLERTON.2018.8636007

M3 - Conference contribution

AN - SCOPUS:85062876031

T3 - 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018

SP - 575

EP - 582

BT - 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -