Day 41 of 100 Days of Cybersecurity - The Prisoner’s Dilemma
- Elizabeth Rasnick
- Jun 10, 2023
- 2 min read
Game Theory plays a fantastic role in cybersecurity. The prisoner’s dilemma is one of my favorite concepts that comes from game theory. It is not a zero-sum game, but rather has four possible outcomes. It helps illustrate the complex relationships that exist between players in the cyber realm. It also demonstrates the varying array of outcomes that are possible from any single situation.
The prisoner's dilemma works like this. Two people are arrested for a crime. They are separated with no means of communication and each is given the same offer. The offer is to confess to the investigator to receive a reduced sentence or to stay silent and receive a longer term. With two prisoners that creates four possible outcomes. If both of them confess, they each receive the same medium sentence. If neither confesses there is less evidence against either and so they each receive a lighter sentence. If one confesses and the other does not, the confessor is let off the hook while their partner receives a heavy sentence.
It turns out that the best outcome for both is achieved by staying quiet. However, as an individual looking out for their own best interest, it seems like confessing would lead to the shortest sentence. The problem is that if both people do this, they are providing the evidence needed against the other and so they both are punished.
Here is how this ties back into cybersecurity. Acting in one’s own best interest is detrimental to the collective interest. This is true in cybersecurity. If everyone acts in their own self-interest online, it is a disservice to the safety of the whole community. Keeping your device’s software up-to-date and patched reduces the likelihood of malware entering your organization’s network via your device. It takes a little effort on your part, but it provides a better result for the overall community. If each person protects their devices with a mind to what is better for everyone’s overall cyber safety, instead of what is quick and easy, we will all be better off.
Comments