TY - GEN
T1 - A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information
AU - Chen, Juntao
AU - Zhu, Quanyan
PY - 2019/2/5
Y1 - 2019/2/5
N2 - In this paper, we consider a delegated dynamic systemic cyber risk management problem between a resource owner (principal) and a risk manager (agent). The principal can only observe cyber risk outcomes of the network rather than the efforts that the agent spends on protecting the resources. Under this asymmetric information, the principal aims to minimize the systemic cyber risks by designing a dynamic contract that specifies the compensation flows and the anticipated efforts of the manager by taking into account his incentives and rational behaviors. We formulate a bi-level mechanism design problem for dynamic contract design which can be seen as a special class of differential game. We show that the principal has rational controllability of the systemic risk by designing an incentive compatible estimator of the agent's hidden efforts. We characterize the optimal mechanism design by reformulating the problem into a stochastic optimal control program and derive the solution explicitly. We further reveal a separation principle for dynamic risk management where the effort estimation and the compensation design can be achieved separately.
AB - In this paper, we consider a delegated dynamic systemic cyber risk management problem between a resource owner (principal) and a risk manager (agent). The principal can only observe cyber risk outcomes of the network rather than the efforts that the agent spends on protecting the resources. Under this asymmetric information, the principal aims to minimize the systemic cyber risks by designing a dynamic contract that specifies the compensation flows and the anticipated efforts of the manager by taking into account his incentives and rational behaviors. We formulate a bi-level mechanism design problem for dynamic contract design which can be seen as a special class of differential game. We show that the principal has rational controllability of the systemic risk by designing an incentive compatible estimator of the agent's hidden efforts. We characterize the optimal mechanism design by reformulating the problem into a stochastic optimal control program and derive the solution explicitly. We further reveal a separation principle for dynamic risk management where the effort estimation and the compensation design can be achieved separately.
UR - http://www.scopus.com/inward/record.url?scp=85062876031&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85062876031&partnerID=8YFLogxK
U2 - 10.1109/ALLERTON.2018.8636007
DO - 10.1109/ALLERTON.2018.8636007
M3 - Conference contribution
AN - SCOPUS:85062876031
T3 - 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018
SP - 575
EP - 582
BT - 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018
Y2 - 2 October 2018 through 5 October 2018
ER -