Perverse Incentives in Security Contracts: A Case Study in the - - PowerPoint PPT Presentation

Perverse Incentives in Security Contracts: A Case Study in the Colombian Power Grid

Carlos Barreto and Alvaro C´ ardenas

University of Texas at Dallas

The 15th Annual Workshop on the Economics of Information Security

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 1 / 24

Conflict in Colombia

Colombia has suffered decades of civil war. The main guerrilla groups are: FARC (Revolutionary Armed Forces of Colombia) ELN (National Liberation Army) Terrorist groups started as revolutionary movements (1964) originated because of Political violence Social dissatisfaction Communist influence (Cuban revolution)

Objective of guerrillas

Replace the state and impose their own ideals. Started in rural areas with the intention of spread influence along the country.

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 2 / 24

Terrorism Funding

Guerrillas support the war against the state with illegal activities such as Illegal drug trade, Extortion, and Exploitation of resources

Guerrillas target critical infrastructures to Extort companies Display an ideology to attract popular support (ELN)

▶ They are against exploitation of

resources by multinationals Undermine the national economy Show military capacity

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 3 / 24

Problem: Perverse incentives in repair contracts

Repair services become necessary due to the large number of attacks. In 2007 93% of the attacks on towers took place in the same region. Investigators discovered that1 All the towers belonged to the same company (ISA) The modus operandi was the same (e.g., bombs were installed in the same place) All repairs were made by the same contractor

2000 2002 2004 2006 2008 2010 2012 2014 Year 50 100 150 200 250 300 350 Attacks on T

• wers

Attacks vs Pending Repairs Attacks Pending Repairs 1Semana: Negocio redondo, http://www.semana.com/nacion/articulo/negocio-redondo/94315-3, 2008, (visited on

02/01/2016).

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 4 / 24

Problem: Perverse incentives in repair contracts

Detectives infiltrated the company and found that since 2005 a repair company conspired with terrorists to attack electricity towers. Executives of the company hired guerrilla militants to dynamite towers with Easy access Cause partial damage

2000 2002 2004 2006 2008 2010 2012 2014 Year 50 100 150 200 Attacks on T

• wers

Start of fraud Discovery Attacks on Main Affected Regions ANTIOQUIA CAUCA** (Region of fraud) NORTE DE SANTANDER

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 5 / 24

Problem: Perverse incentives in repair contracts

Attack’s objective: increase repair services provoking attacks Perverse incentives were feasible because: Attacks easily attributed to terrorist groups Sponsored attacks allows

▶ Reduce the repair costs ▶ Pretend efficiency repairing towers to assure future contracts

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 6 / 24

Contributions

We model the changes to contracts that the transmission company implemented to reduce perverse incentives. Idea: Hinder unlawful benefits by assigning contracts randomly (so attacked towers are not repaired by the contractor who sponsored the attack)

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 7 / 24

Outline

1

Structure of repair contracts

2

Frauds in repair contracts

3

Design of a contracts that reduce attacks

4

Conclusions

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 8 / 24

Repair contracts: Ideal Case

Contracts are assigned using reverse auctions. Contractors offer repair services Profit Bids c1 c2 . . . cm U1 U2 . . . Um Electricity company chooses the contractor with the lowest bid Payment for the service: p = mini∈{1,...,m} ci = c1 Ideally, the contractors will make bids that guarantee the minimum expected benefit Ui.

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 9 / 24

Outline

1

Structure of repair contracts

2

Frauds in repair contracts

3

Design of a contracts that reduce attacks

4

Conclusions

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 10 / 24

Repair contracts: Fraud

From the reports we know: Number of sponsored attacks during 2005-2008: ˜ θi = 215/3 This region had attacks every week! Payment for the militants: b = $4444 Repair payments $27778 ≤ p ≤ $83333

2000 2002 2004 2006 2008 2010 2012 2014 Year 50 100 150 200 Attacks on T

• wers

Start of fraud Discovery Attacks on Main Affected Regions ANTIOQUIA CAUCA** (Region of fraud) NORTE DE SANTANDER

Benefits of sponsoring attacks: Increase the number of repair services: θ → θ + ˜ θi Reduce the cost of repairs, which increases the benefits: Ui → ˜ Ui The bribe or cost of sponsoring one attacks is b

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 11 / 24

Model of fraud

Contractors could reduce their benefit to make lower bids (and become more competitive) Li = ˜ Ui − Ui: excess benefit with sponsored attacks γ ∈ [0, 1]: benefit reduction New benefit: ˜ Ui − γLi New repair cost: ˜ ci = ci −

˜ θi θ+˜ θi γLi

The profit of a contractor with sponsored attacks becomes

genuine attacks

• θUi

+

sponsored attacks

• ˜

θi( ˜ Ui − γLi) −

bribe

• b(˜

θi) b(˜ θi) =

fixed cost

• ˜

θib0 +

variable cost

• λ(1 + α)˜

θi − 1

α λ, α: parameters to model the increasing cost of additional attacks

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 12 / 24

Repair contracts: Optimal Attack

The optimal number of attacks ˜ θ∗

i can be found solving:

maximize

˜ θi

θUi + ˜ θi( ˜ Ui − γLi) − b(˜ θi) subject to ˜ θi ∈ Z∗, (1) The optimal number of attacks is ˜ θ∗

i = ln

( α( ˜ Ui − γLi − b0) λ ln(1 + α) )/ ln(1 + α) (2)

Attacks are unprofitable if ˜ θ∗

i < 1

λ α(1 + α) ln(1 + α) + b0 > ˜ Ui − γLi ≥ Ui. (3) The cost of the attacks is smaller than the expected profit of the contractor. The number of attacks cannot be manipulated by the company

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 13 / 24

Example

Known Parameters:

Repair cost: pmax = $83333 pmin = $27778 Bribe for one attack b(1) = 4444

Unknown Parameters:

Benefit with genuine repairs U1 Benefit with dishonest actions ˜ U1 Parameters of the bribe function λ α We assume that the benefit can be expressed as U1 = p − E where E are repair expenses. If the contractor requires a return of investment of 10%, that is, U1 = 0.1E then U1 = p/11. Thus U = pmax/11 ≈ $7575.7 E = 10U ≈ $75757 U = pmin/11 ≈ $2525.3 E = 10U ≈ $25253

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 14 / 24

Example

In the worst case the company won’t know the real repair cost. Hence The electricity company will make a payment pmax (usual repair cost

• f attacks)

The expenses of sponsored attacks are E (sponsored attacks have the minimum repair cost) Thus, benefit of a sponsored attack is ˜ U1 = pmax − E ≈ 58081 The benefit of sponsored attacks ˜ U1 is more than seven times the benefit non-sponsored attacks. ˜ U1 U1 > 7

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 15 / 24

Example

We assume that the variable cost λ is equal to 20% of the constant cost, i.e., λ = 0.2b0. Thus, since b(1) = b0 + λ we extract b0 = $3704 We assume that the reported number of sponsored attacks was optimal. Then, ˜ θ∗

i = 215/3 ≈ 72. Assuming that γ = 1 we can estimate α = 0.0234

0.2 0.4 0.6 0.8 1 60 80 100 120 140 160 180 200

Benefit reduction (γ) Number of attacks Number of attacks as a function of γ

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 16 / 24

Solutions: Use regulatory mechanisms

Regulation might reduce undesirable incentives, e.g., Offer repair contracts with fixed payments (regardless of the number

• f attacks)

Limitation: Malicious contractors could increase the number of attacks to increase the contract’s payments Set remuneration comparing costs of multiple similar firms (Yardstick competition)2. Limitation: A malicious contractor can offer costs consistent with Yardstick competition while still offering smaller bids.

2Andrei Shleifer: A theory of yardstick competition, in: The RAND Journal of Economics 1985, pp. 319–327.

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 17 / 24

Outline

1

Structure of repair contracts

2

Frauds in repair contracts

3

Design of a contracts that reduce attacks

4

Conclusions

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 18 / 24

Mechanism to Disincentivize attacks

Contractors offer repair services Bids c1 c2 . . . cn . . . cm Electricity company chooses n contractors with the lowest bid Payment for the service: ˆ p(n) = maxi∈{1,...,n} ci = cn Selecting n contractors is more expensive for the electric transmission

• perator because the payments are defined as
• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 19 / 24

Mechanism to Disincentivize attacks

The expected profit with sponsored attacks becomes θUi + ˜ θi( ˜ Ui − γLi) n − b(˜ θi). (4) The optimal number of sponsored attacks ˜ θ∗

i (n) now is a function of the

number of contractors n. Now the transmission company can manipulate the optimal number of attacks with n. The transmission company would choose n companies to make attacks unprofitable with minimum expenses. minimize

n

(θ + ˜ θi)(ˆ p(n) + o) subject to n ≥ 1, ˜ θi( ˜ Ui − γLi) n − b(˜ θi) < 0 (5)

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 20 / 24

Example: The maximum number of attacks decrease with n

In this experiment the number of attacks is less than one if n ≥ 14. We use γ = 0, which is the best scenario for the contractor.

2 4 6 8 10 12 14 50 100 150 200

Number of contractors (n) Number of attacks Number of attacks as a function of n

Figure 1: Number of attacks as a function of the number of companies n.

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 21 / 24

Example: More contractors decrease the profit with attacks

With n = 1 is ˜ θ∗

i = 186. However, with n = 14 ˜

θ∗

i = 0. Thus, random

selection of contractors reduces the incentives for sponsored attacks.

50 100 150 200

• 4e+06
• 2e+06

2e+06 4e+06 6e+06 8e+06 1e+07

Number of attacks (˜ θi) Profit (USD) Profit of a Malicious Contractor a Function of ˜ θi Profit with n = 1 Profit with n = 14

Figure 2: Profit of a contractor in contracts with either 1 or 14 contractors.

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 22 / 24

Conclusions and future work

We analyze contracts between the transmission company and the contractor in charge of repairing towers. We show how misaligned incentives enabled contractors to profit by hiring guerrilla groups. We model the changes to contracts that the transmission company implemented to avoid perverse incentives. In future work we will introduce more detailed models incorporating other parties in the larger internal conflict in Colombia. This mechanism can be used in analogous situations, e.g., cases in which anti-DDoS service contractors sponsor DDoS attacks so they get paid to help the afflicted company survive these incidents.

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 23 / 24

Thank You

Questions?

Contact: Carlos Barreto, carlos.barretosuarez@utdallas.edu

• C. Barreto and A. C´

ardenas Perverse Incentives in Security Contracts 24 / 24