Co‐opetition and Investment for Supply‐Chain Resilience

This paper considers the problem of disruption risk management in global supply chains. We consider a supply chain with two participants, who face interdependent losses resulting from supply chain disruptions such as terrorist strikes and natural hazards. The Harsanyi–Selten–Nash bargaining framework is used to model the supply chain participants' choice of risk mitigation investments. The bargaining approach allows a framing of both joint financing of mitigation activities before the fact and loss‐sharing net of insurance payouts after the fact. The disagreement outcome in the bargaining game is assumed to be the result of the corresponding non‐cooperative game. We describe an incentive‐compatible contract that leads to First Best investment and equal “gain” for all players, when the solution is “interior” (as it almost certainly is in practice). A supplier that has superior security practices (i.e., is inherently safer) exploits its informational advantage by extracting an “information rent” in the usual spirit of incomplete information games. We also identify a special case of this contract, which is robust to moral hazard. The role of auditing in reinforcing investment incentives is also examined.     

Game Theory and Risk Analysis

Risk analysts often analyze adversarial risks from terrorists or other intelligent attackers without mentioning game theory. Why? One reason is that many adversarial situations—those that can be represented as attacker‐defender games, in which the defender first chooses an allocation of defensive resources to protect potential targets, and the attacker, knowing what the defender has done, then decides which targets to attack—can be modeled and analyzed successfully without using most of the concepts and terminology of game theory. However, risk analysis and game theory are also deeply complementary. Game‐theoretic analyses of conflicts require modeling the probable consequences of each choice of strategies by the players and assessing the expected utilities of these probable consequences. Decision and risk analysis methods are well suited to accomplish these tasks. Conversely, game‐theoretic formulations of attack‐defense conflicts (and other adversarial risks) can greatly improve upon some current risk analyses that attempt to model attacker decisions as random variables or uncertain attributes of targets (“threats”) and that seek to elicit their values from the defender's own experts. Game theory models that clarify the nature of the interacting decisions made by attackers and defenders and that distinguish clearly between strategic choices (decision nodes in a game tree) and random variables (chance nodes, not controlled by either attacker or defender) can produce more sensible and effective risk management recommendations for allocating defensive resources than current risk scoring models. Thus, risk analysis and game theory are (or should be) mutually reinforcing.     

基于相互依赖性的信息安全投资博弈

相互依赖性是现阶段信息安全风险所具备的一个重要特征,网络中企业的信息安全决策会相互影响.本文以企业间的病毒传染为例,依据相互依赖性和威胁侵入类型的多样性,提出了企业间信息安全的投资博弈模型.通过外部性对企业间的依赖程度进行度量,说明了投资风险与企业间的病毒传染的概率和网络中企业数量之间的关系,并根据该关系,确定了多个企业进行信息安全投资的纳什均衡解.     

Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts

Most attacker–defender games consider players as risk neutral, whereas in reality attackers and defenders may be risk seeking or risk averse. This article studies the impact of players' risk preferences on their equilibrium behavior and its effect on the notion of deterrence. In particular, we study the effects of risk preferences in a single‐period, sequential game where a defender has a continuous range of investment levels that could be strategically chosen to potentially deter an attack. This article presents analytic results related to the effect of attacker and defender risk preferences on the optimal defense effort level and their impact on the deterrence level. Numerical illustrations and some discussion of the effect of risk preferences on deterrence and the utility of using such a model are provided, as well as sensitivity analysis of continuous attack investment levels and uncertainty in the defender's beliefs about the attacker's risk preference. A key contribution of this article is the identification of specific scenarios in which the defender using a model that takes into account risk preferences would be better off than a defender using a traditional risk‐neutral model. This study provides insights that could be used by policy analysts and decisionmakers involved in investment decisions in security and safety.     

Bargaining and Cooperation in Strategic Form Games

In this paper we view bargaining and cooperation as an interaction superimposed on a game in strategic form. A multistage bargaining procedure for N players, the “proposer commitment” procedure, is presented. It is inspired by Nash's two‐player variable‐threat model; a key feature is the commitment to “threats.” We establish links to classical cooperative game theory solutions, such as the Shapley value in the transferable utility case. However, we show that even in standard pure exchange economies, the traditional coalitional function may not be adequate when utilities are not transferable. (JEL: C70, C71, C78, D70)     

CLUSTERING IN N‐PLAYER PREEMPTION GAMES

We study a complete information preemption game in continuous time. A finite number of firms decide when to make an irreversible, observable investment. Upon investment, a firm receives flow profits, which decrease in the number of firms that have invested. The cost of investment declines over time exogenously. We characterize the subgame‐perfect equilibrium outcome, which is unique up to a permutation of players. When the preemption race among late investors is sufficiently intense, the preemption incentive for earlier investors disappears, and two or more investments occur at the same time. We identify a sufficient condition in terms of model parameters: clustering of investments occurs if the flow profits from consecutive investments are sufficiently close. This shows how clustering can occur in the absence of coordination failures, informational spillovers, or positive payoff externalities.     

Marketing as an Investment in Shareholder Value

We present resource‐based and capability‐based arguments of marketing investment intensity to offer a strategic view of marketing as an investment in shareholder value. We find that marketing investment intensity has a U‐shaped quadratic effect on shareholder value creation (Tobin's q) that calls for marketing investment to be protected and increased, not surrendered. We show how marketing investments interact with investments in R&D, human capital and operations to reveal how strategic co‐investments can alter the shareholder value of marketing. Finally, we show how competitive intensity and failings in the firm's investment productivity (its ability to convert investment expenditure into sales) point to malaise in the firm's own strategic architecture as a fault for perceived poor returns from marketing investments. Our findings suggest that marketing investment should not be scapegoated when its contributions to shareholder value are not as expected. When invested in strategically and in combination with other investments, marketing can unlock exciting improvements in shareholder value.     

基于Stackelberg博弈模型的化工企业安全生产管理机制治理研究

本文针对我国传统化工企业安全生产管理机制治理存在的漏洞,基于Stackelberg博弈模型,对政府部门与化工企业之间进行动态博弈分析。首先针对政府制定安全生产管理机制的策略、针对化工企业确定产量与安全成本的策略,同时引入政府监管检查概率、社会公众监督举报安全事故的概率,以政府部门的社会效益、化工企业的经营效益为支付,分析政府与化工企业的最优反应函数,构建一种新的安全生产管理机制治理研究模型。研究发现,化工企业投入的安全生产管理费用是单位产量可变成本、被政府查处或被社会公众监督举报概率、平均损失、罚款的递增函数。政府制定的平均罚款金额是平均损失、被政府查处或被社会公众监督举报概率的递减函数。化工企业安全成本与生产成本比例的最小值与投入的最大资金呈正相关,与安全事故造成的损害上限呈负相关。通过对博弈模型进行算例分析,发现模拟结果与研究结果相一致。本文的结论可以看作是对当下提高企业安全生产管理机制合理性与有效性的一种思考。     

A Game‐Theoretical Model to Improve Process Plant Protection from Terrorist Attacks

The New York City 9/11 terrorist attacks urged people from academia as well as from industry to pay more attention to operational security research. The required focus in this type of research is human intention. Unlike safety‐related accidents, security‐related accidents have a deliberate nature, and one has to face intelligent adversaries with characteristics that traditional probabilistic risk assessment techniques are not capable of dealing with. In recent years, the mathematical tool of game theory, being capable to handle intelligent players, has been used in a variety of ways in terrorism risk assessment. In this article, we analyze the general intrusion detection system in process plants, and propose a game‐theoretical model for security management in such plants. Players in our model are assumed to be rational and they play the game with complete information. Both the pure strategy and the mixed strategy solutions are explored and explained. We illustrate our model by an illustrative case, and find that in our case, no pure strategy but, instead, a mixed strategy Nash equilibrium exists.     

Modeling Interdependent Risks

In an interdependent world the risks faced by any one agent depend not only on its choices but also on those of all others. Expectations about others' choices will influence investments in risk management and the outcome can be suboptimal for everyone. We model this as the Nash equilibrium of a game and give conditions for such a suboptimal equilibrium to be tipped to an optimal one. We also characterize the smallest coalition to tip an equilibrium, the minimum critical coalition, and show that this is also the cheapest critical coalition, so that there is no less expensive way to move the system from the suboptimal to the optimal equilibrium. We illustrate these results by reference to airline security and the control of infectious diseases via vaccination.     

非线性技术演化条件下的专利研发投资决策研究

本文将基于TRIZ理论的非线性技术演化规律引入到专利研发投资的期权博弈模型中,分别在完全垄断市场和双寡头竞争市场条件下,讨论了受技术演化影响时企业所蕴含的实物期权特征,并基于博弈均衡分析了企业于技术演化时间轴上进行专利研发投资的最优投资时机选择和面对具有不同投资风险技术时的应对方案。研究结果表明：在非线性技术演化条件下,完全垄断市场中的企业投资临界值会随技术发展下降,进而促使企业对高技术风险专利展开提前投资;在双寡头竞争市场中,企业会为争当领导者而选择放弃其期权价值,将投资提前至专利价值较低的技术发展初期执行,形成非帕累托最优的同时投资均衡;此外,企业会对高风险高收益的技术呈现优先投资的偏好。本文的结论能够在一定程度上解释企业在技术发展初期就进行高额研发投资的动机,以及技术自身属性如何对投资决策造成的影响,可以为现实中企业在面临类似投资问题时做出理性决策提供参考。     

Optimal Security Investments and Extreme Risk

In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one‐period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance.     

A Comprehensive Risk Analysis of Transportation Networks Affected by Rainfall‐Induced Multihazards

Climate change and its projected natural hazards have an adverse impact on the functionality and operation of transportation infrastructure systems. This study presents a comprehensive framework to analyze the risk to transportation infrastructure networks that are affected by natural hazards. The proposed risk analysis method considers both the failure probability of infrastructure components and the expected infrastructure network efficiency and capacity loss due to component failure. This comprehensive approach facilitates the identification of high‐risk network links in terms of not only their susceptibility to natural hazards but also their overall impact on the network. The Chinese national rail system and its exposure to rainfall‐related multihazards are used as a case study. The importance of various links is comprehensively assessed from the perspectives of topological, efficiency, and capacity criticality. Risk maps of the national railway system are generated, which can guide decisive action regarding investments in preventative and adaptive measures to reduce risk.     

Sourcing Information Security Operations: The Role of Risk Interdependency and Competitive Externality in Outsourcing Decisions

Firms are increasingly outsourcing information security operations to managed security service providers (MSSPs). Cost reduction and quality (security) improvement are often mentioned as motives for outsourcing information security, and these are also the frequently cited reasons for outsourcing traditional information technology (IT) functions, such as software development and maintenance. In this study, we present a different explanation—one based on interdependent risks and competitive externalities associated with IT security—for firms' decisions to outsource security. We show that in the absence of competitive externalities and interdependent risks, a firm will outsource security if and only if the MSSP offers a quality advantage over in‐house operations, which is consistent with the conventional explanation for security outsourcing. However, when security risks are interdependent and breaches impose competitive externalities, although firms still have stronger incentive to outsource security if the MSSP offers a higher quality in terms of preventing breaches than in‐house management, a quality advantage of MSSP over in‐house management is neither a prerequisite for a firm to outsource security nor a guarantee that a firm will. In addition to MSSP quality, the type of externality (positive or negative), the degree of externality, whether outsourcing increases or decreases risk interdependency, and the breach characteristics determine firms' sourcing decisions. When security breaches impose a positive externality, the incentive to outsource is enhanced if the MSSP decreases the risk interdependency and diminished if the MSSP increases this interdependency. A negative externality has the opposite effect on firms' incentives to outsource. A high demand spillover to a competitor, together with a high loss in industry demand because of a security breach, enhances these incentives to outsource security operations when the externality is negative. Finally, we extend our base model in several dimensions and show that our main results regarding the impact of interdependent risks and competitive externalities on sourcing decisions are robust and generalizable to different specifications.     

Axiomatic Equilibrium Selection for Generic Two‐Player Games

For a finite game with perfect recall, a refinement of its set of Nash equilibria selects closed connected subsets, called solutions. Assume that each solution's equilibria use undominated strategies and some of its equilibria are quasi‐perfect, and that all solutions are immune to presentation effects; namely, if the game is embedded in a larger game with more pure strategies and more players such that the original players' feasible mixed strategies and expected payoffs are preserved regardless of what other players do, then the larger game's solutions project to the original game's solutions. Then, for a game with two players and generic payoffs, each solution is an essential component of the set of equilibria that use undominated strategies, and thus a stable set of equilibria as defined by Mertens (1989).     

Bargaining,Reputation, and Equilibrium Selection in Repeated Games with Contracts

Consider a two‐person intertemporal bargaining problem in which players choose actions and offers each period, and collect payoffs (as a function of that period's actions) while bargaining proceeds. This can alternatively be viewed as an infinitely repeated game wherein players can offer one another enforceable contracts that govern play for the rest of the game. Theory is silent with regard to how the surplus is likely to be split, because a folk theorem applies. Perturbing such a game with a rich set of behavioral types for each player yields a specific asymptotic prediction for how the surplus will be divided, as the perturbation probabilities approach zero. Behavioral types may follow nonstationary strategies and respond to the opponent's play. In equilibrium, rational players initially choose a behavioral type to imitate and a war of attrition ensues. How much should a player try to get and how should she behave while waiting for the resolution of bargaining? In both respects she should build her strategy around the advice given by the “Nash bargaining with threats” (NBWT) theory developed for two‐stage games. In any perfect Bayesian equilibrium, she can guarantee herself virtually her NBWT payoff by imitating a behavioral type with the following simple strategy: in every period, ask for (and accept nothing less than) that player's NBWT share and, while waiting for the other side to concede, take the action Nash recommends as a threat in his two‐stage game. The results suggest that there are forces at work in some dynamic games that favor certain payoffs over all others. This is in stark contrast to the classic folk theorems, to the further folk theorems established for repeated games with two‐sided reputational perturbations, and to the permissive results obtained in the literature on bargaining with payoffs as you go.     

基于线性分段恢复函数的基础设施韧性分析模型——以C县电力系统网络为例

针对近年来一系列突发事件冲击和破坏着城市关键基础设施系统的正常运行,并造成了较为严重的社会后果的现实问题,提出了如何保护关键基础设施系统的研究问题,以使基础设施系统能够对灾害情景做出迅速的响应,并迅速地处理以恢复到常态。本研究基于三种典型的恢复函数提出了线性分段恢复函数,构建了关键基础设施系统韧性分析模型,并用蒙特卡洛模拟的方法应用到C县的电力系统网络加以验证,得到了该韧性分析模型不仅可以帮助决策者在灾害情境下权衡预算成本和韧性的关系,也可以识别关键基础设施系统网络中需要保护的关键节点,从而实现对关键基础设施系统的针对性保护的结论。本研究构建的韧性分析模型有为灾害情境下对电力系统采取针对性保护的现实价值,和开拓了对基础设施系统进行保护研究的分析模型的理论价值。     

Security of Separated Data in Cloud Systems with Competing Attack Detection and Data Theft Processes

Empowered by virtualization technology, service requests from cloud users can be honored through creating and running virtual machines. Virtual machines established for different users may be allocated to the same physical server, making the cloud vulnerable to co‐residence attacks where a malicious attacker can steal a user's data through co‐residing their virtual machines on the same server. For protecting data against the theft, the data partition technique is applied to divide the user's data into multiple blocks with each being handled by a separate virtual machine. Moreover, early warning agents (EWAs) are deployed to possibly detect and prevent co‐residence attacks at a nascent stage. This article models and analyzes the attack success probability (complement of data security) in cloud systems subject to competing attack detection process (by EWAs) and data theft process (by co‐residence attackers). Based on the suggested probabilistic model, the optimal data partition and protection policy is determined with the objective of minimizing the user's cost subject to providing a desired level of data security. Examples are presented to illustrate effects of different model parameters (attack rate, number of cloud servers, number of data blocks, attack detection time, and data theft time distribution parameters) on the attack success probability and optimization solutions.     

Global Maize Trade and Food Security: Implications from a Social Network Model

In this study, we developed a social network model of the global trade of maize: one of the most important food, feed, and industrial crops worldwide, and critical to food security. We used this model to analyze patterns of maize trade among nations, and to determine where vulnerabilities in food security might arise if maize availability was decreased due to factors such as diversion to nonfood uses, climatic factors, or plant diseases. Using data on imports and exports from the U.N. Commodity Trade Statistics Database for each year from 2000 to 2009 inclusive, we summarized statistics on volumes of maize trade between pairs of nations for 217 nations. There is evidence of market segregation among clusters of nations; with three prominent clusters representing Europe, Brazil and Argentina, and the United States. The United States is by far the largest exporter of maize worldwide, whereas Japan and the Republic of Korea are the largest maize importers. In particular, the star‐shaped cluster of the network that represents U.S. maize trade to other nations indicates the potential for food security risks because of the lack of trade these other nations conduct with other maize exporters. If a scenario arose in which U.S. maize could not be exported in as large quantities, maize supplies in many nations could be jeopardized. We discuss this in the context of recent maize ethanol production and its attendant impacts on food prices elsewhere worldwide.