6. The Skill of Cybersecurity: Adversarial Thinking 131 Assume that Eve knows that Trudy is being offered the same deal in the other room. Therefore, she realizes that they each have the same two choices: sticking to their agreement (cooperating), or ratting one another out (defecting). If Trudy and Eve cooperate with one another, the cops will be unable to convict them of the salami attack, and they will both get tried and convicted under the CFAA, resulting in one year of prison time. If they both defect from their agreement and rat one another out, they will both be found guilty of the bigger cybercrime and share a five year prison sentence. If one cooperates while the other defects, the defector will get just probation (no prison time) while the one who keeps the agreement will be convicted as the sole perpetrator of the salami attack and get ten years in prison. Of those scenarios, Eve’s utility preferences are clear: the more prison time she serves, the less she likes the outcome! In order for Eve to make the best possible choice, she should consider what Trudy is going to do and how she should respond. What should Eve do if Trudy defects? If Eve also defects she gets five years in prison, but if she cooperates she gets ten years. Therefore, if Trudy defects, Eve should also defect. But what if Trudy cooperates? If Eve defects, she just gets probation, but if she cooperates, she gets one year in prison. Clearly, if Trudy cooperates she should defect—no prison time is much better than a year in prison! This analysis shows that, no matter what Trudy does, whether she cooperates or defects, Eve should defect to maximize her utility preferences. Since everything is the same from Trudy’s perspective, she should also defect from their agreement. This is the solution to the game: they should both defect, rat one another out, and end up with five years in prison. However, this is ironic because if they just stick to their original agreement, they would both end up with just one year in prison instead of five—a much better outcome. The hacker’s dilemma is a cyber-themed retelling of the prisoner’s dilemma—one of the most famous games in game theory. It has been dramatically portrayed in literature, films, television shows, and even in a popular British game show. What makes it fascinating is the unfortunate result for the players. Is this bad outcome for both players really the solution to the game? Why is that? Figure 6.3 The hacker’s dilemma in normal form.
RkJQdWJsaXNoZXIy MTM4ODY=