6. The Skill of Cybersecurity: Adversarial Thinking 143 Since there are nine companies and three battlefields, the instinctual strategy is to allocate three companies per battlefield [3, 3, 3]. This is known as the proportional allocation strategy. While it is indeed mathematically efficient, it is not very strategic—it is the level-0 strategy in this game. Many different strategies could qualify as level-1 responses to the level-0 strategy, but the most straightforward might be [1, 4, 4]. This strategy loses the first battlefield but wins the second and third for an overall victory. Anticipating this strategy would lead to a level-2 strategy and so on. The Colonel Blotto game involves level-k reasoning in multiple dimensions. How many battlefields should be prioritized? Which battlefields should be prioritized (this involves focal point biases)? How many soldiers should be allocated to “abandoned” battlefields? The Colonel Blotto game sheds light on the complexity of the scarce resource allocation problem. It makes it clear there are no foolproof or simple solutions. It also provides valuable insights because it helps in the rigorous analysis of security scenarios. 6.3.2 Behavioral Game Theory Summary Behavioral game theory is a better predictor of strategic choices than analytical game theory for many situations because there is a limit to the degree of rationality people apply. Behavior game theory’s concept of level-k reasoning is a helpful way to approach strategic contests. Not all strategic contests lend themselves to level-k reasoning because there may not be an obvious, level-0 strategy. In some situations there are multiple dimensions of level-k reasoning in play. Studies show that two or three levels of reasoning performs well in most games because it anticipates the natural strategic choices of others. 6.4 Conclusion Cybersecurity, at its essence, is an adversarial conflict—without adversaries, there is no such thing as cybersecurity. Therefore, adversarial thinking is the hallmark of the discipline. Furthermore, it is the fundamental skill of cybersecurity—those who excel at it will be prized cyber defenders. This chapter has shown that adversarial thinking has three distinct components that map to Sternberg’s triarchic theory of intelligence. Most of cybersecurity education focuses on the first component: technological capabilities. In order to practice adversarial thinking for cybersecurity, technological capabilities are indeed vital—this levels the playing field between the attackers and the defenders. The second component, unconventional perspectives, AKA the hacker mindset, is also widely acknowledged as important for cybersecurity education. Cyber students are taught creative attack vectors through case studies and labs and are encouraged to practice outside-the-box approaches in capture-the-flag competitions. The third component, strategic reasoning, does not receive as much attention, but it is no less important. Cybersecurity practitioners need to be able to think like a hacker when it comes to planning and strategizing. In an effort to improve the reader’s strategic reasoning abilities, this chapter presented some basic game theory concepts from both analytical and behavioral game theory. The biggest takeaway is that one
RkJQdWJsaXNoZXIy MTM4ODY=