Perverse economic incentives

Some challenges in cyber security are not necessarily technical. On the contrary, some issues arise due to the lack of economic incentives. For example, the market logic of minimizing costs to maximize profit lead to insecure products. A perfect example of this is the SolarWinds hack (2020). Likewise, perverse economic incentives can also motivate attacks. I have studied incidents of real attacks on electricity towers motivated by greed and facilitated by information asymmetries. Concretely, I formulated a game between contractors and a power transmission company to show how misaligned incentives enabled contractors to profit by colluding with guerrilla groups. I also analyze how to modify the contractual policies reducing the incentives to collude with guerrillas.

Repair services become necessary due to the large number of attacks

In 2007 93% of the attacks on towers took place in the same region. Since 2005 a repair company conspired with terrorists to attack electricity towers

Selected publications

1. C. Barreto and A. A. Cárdenas, “Perverse incentives in security contracts: a case study in the colombian power grid”, in The annual workshop on the economics of information security (weis) (2016).

2. C. Barreto, A. A. Cardenas, J. Holmes, A. Palao, and J. C. Restrepo, “A business that can’t lose: investing in attacks against the colombian power grid”, International Journal of Critical Infrastructure Protection 26, 100303 (2019).