This article was downloaded by: [Black, dk]

On: 30 November 2010

Access details: Sample Issue Voucher: Information Security Journal: A Global PerspectiveAccess Details:
[subscription number 930380563]
Publisher Taylor & Francis
Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-
41 Mortimer Street, London W1T 3JH, UK

Information Security Journal: A Global Perspective

Publication details, including instructions for authors and subscription information:
http://www.informaworld.com/smpp/title~content=t768221795

A Postmodern Theory of Cyberterrorism: Game Theory

Jonathan Matusitza
a
University of Central Florida, Lake Mary, Florida, USA

Online publication date: 07 December 2009

To cite this Article Matusitz, Jonathan(2009) 'A Postmodern Theory of Cyberterrorism: Game Theory', Information
Security Journal: A Global Perspective, 18: 6, 273 — 281
To link to this Article: DOI: 10.1080/19393550903200474
URL: http://dx.doi.org/10.1080/19393550903200474

PLEASE SCROLL DOWN FOR ARTICLE

Full terms and conditions of use: http://www.informaworld.com/terms-and-conditions-of-access.pdf

This article may be used for research, teaching and private study purposes. Any substantial or
systematic reproduction, re-distribution, re-selling, loan or sub-licensing, systematic supply or
distribution in any form to anyone is expressly forbidden.

The publisher does not give any warranty express or implied or make any representation that the contents
will be complete or accurate or up to date. The accuracy of any instructions, formulae and drug doses
should be independently verified with primary sources. The publisher shall not be liable for any loss,
actions, claims, proceedings, demand or costs or damages whatsoever or howsoever caused arising directly
or indirectly in connection with or arising out of the use of this material.
 Information Security Journal: A Global Perspective, 18:273–281, 2009
Copyright © Taylor & Francis Group, LLC
ISSN: 1939-3555 print / 1939-3547 online
DOI: 10.1080/19393550903200474

A Postmodern Theory of Cyberterrorism:

1939-3547 Security Journal: A Global Perspective
1939-3555
UISS
Information Perspective, Vol. 18, No. 6, November 2009: pp. 0–0

Game Theory
Jonathan Matusitz
A Matusitz
J. Postmodern Theory of Cyberterrorism

University of Central Florida, ABSTRACT This article analyzes how the battle between computer security
Lake Mary, Florida, USA experts and cyberterrorists can be explained through game theory. This article
is important because it not only applies game theory to the study of cyberter-
rorism, which has been rarely done so far, but it also breaks new ground by
intersecting the game theoretical model with another theory, social network
theory. An important thesis of this analysis is that under the principles of
game theory, each player is assumed to be rational; all players wish the out-
Downloaded By: [Black, dk] At: 20:41 30 November 2010

come to be as positive or rewarding as possible. Another key argument is that

game theory is a postmodern theory; against opponents who wage attacks in a
postmodern fashion, conventional strategies lead nowhere. The cyberterrorist
and the cyber forensics expert not only engage in real-time game play but also
use tactics that are not conceivable in conventional conflict.

KEYWORDS Cyberterrorism, game theory, information technology, internet, networks,

postmodernism

INTRODUCTION
This article analyzes how the battle between computer security experts and
cyberterrorists can be explained through game theory. This article is important
because it not only applies game theory to the study of cyberterrorism, which
has been rarely done so far (i.e., Lye & Wing, 2005), but it also breaks new
ground by intersecting the game theoretical model with another theory, social
network theory. A key premise of this analysis is that under the principles of
game theory, each player is assumed to be rational; all players wish the out-
come to be as positive or rewarding as possible. Game theory is a postmodern
theory; against opponents who wage attacks in a postmodern fashion, conven-
tional strategies lead nowhere. The cyberterrorist and the cyber forensics
expert not only engage in real-time game play but also use tactics that are not
conceivable in conventional conflict.
This article begins with an explanation of the rationale for using game theory
in the context of cyberterrorism. The article then provides an extensive literature
Address correspondence to Jonathan
review on game theory, describing the meaning of the theory, three types of
Matusitz, PhD, University of Central outcomes that result from the actions taken by the players in the game (i.e.,
Florida Partnership Center, 100 the Nash equilibrium, the zero-sum game, and the positive-sum game and the
Weldon Blvd., Sanford, FL 32773.
E-mail: matusitz@gmail.com negative-sum game), and the importance of the role of communication in

273
 game theory. What comes after the literature review is
the heart of the article: the application of game theory
to cyberterrorism. As such, this section provides a
clear definition of cyberterrorism, and describes how
game theory can be applied to this context, how the
theory is postmodern, and what postmodernism
means. The article ends with a general explanation of
how game theory and social network theory can be
intermingled. Finally, a discussion section and sugges-
tions for future research are offered.
RATIONALE FOR USING GAME
THEORY
Game theory examines the relationships between
individuals or groups, using models with clear state-
ments of consequences (individual payoffs) that depend
on the actions taken by more than one individual
(Aumann & Hart, 1992; Fudenberg & Tirole, 1991; von
Downloaded By: [Black, dk] At: 20:41 30 November 2010
Neumann & Morgenstern, 1944). Game theory has
been applied to many disciplines: economics, political
science, particularly voting decisions (Bilbao, Fernandez,
Jimenez, & Lopez, 2002), as well as other numerous
domains, including two important ones for the past sev-
eral years (law enforcement and cyber forensics (see
Fent, Feichtinger, & Tragler, 2002). The reason for using
game theory in this study is that game theory is all
about power and control. It deals with two-person (or
more) decision-making situations (with opposing or
joined interests). As explained later, game theory is well
suited to the analysis of cyberterrorism. Since games fre-
quently reproduce or share characteristics with real situ-
ations, they can offer strategies for dealing with such
circumstances. The basic assumption is that the players
(decision makers) follow specific objectives and take
into account both their skills and expectations of the
other player’s (decision maker’s) behavior.
Another reason why game theory is suited for this
study is that, in the face of opponents who carry out
attacks in a postmodern fashion, conventional strategies
lead nowhere. The cyber attacker and the computer
security agent not only engage in real-time game play
but also use strategies that are not conceivable in con-
ventional warfare. Game theory can explain how
viruses evolve (Turner, 2005). For this reason, the the-
ory can greatly contribute to a better understanding of
cyber strategy and its implications. For instance, when
a public Web server administrator notices something
unusual in the network (e.g., caused by a DOS attack),
J. Matusitz
he or she may suspect that an attack has occurred and
that action must be taken immediately. This implies
that the two players are in the same context. One
player wants to attack a computer system; the other
wants to protect it. The context involves short-term
strategies on the part of both sides. The interactions
between the cyberterrorist and the computer security
agent are to be viewed as a postmodern two-player
game. The goal here is to explain what strategies are
used by both players and how computer security
agents can use the outcomes of the game to improve
the security of their network.
LITERATURE REVIEW
This literature review on game theory provides a
description of the theory, illustrates three types of out-
comes that result from the actions taken by the players
in the game (i.e., the Nash equilibrium, the zero-sum
game, and the positive-sum game and the negative-
sum game), and justifies the role of communication in
game theory.
Description of Game Theory
Game theory, first outlined by John von Neumann
(von Neumann & Morgenstern, 1944), studies how
individuals behave when they are placed in situations
that require them to interact with other individuals.
Game theory analyzes rational behavior in interactive
or interdependent situations and proposes a set of
mathematical tools and models for analyzing these
interactive or interdependent processes (Neel, 2005). It
rests on the premise that each person “must first know
the decision of the other agents before knowing which
decision is best for himself or herself” (Jehle & Reny,
2001, p. 267). As the theory suggests, a game consists
of players. The number of players does not matter, but
the theory is best applicable when the number of play-
ers does not exceed “a few.” So, each person is a player
in the game and the player is also a decision maker,
choosing how he or she acts. Because each player
wants the greatest possible consequence according to
his or her preference, every decision made by each
player will have an impact — whether positive or nega-
tive — on the outcomes of the game. In other words,
each outcome is the result of particular moves made by
players at a given point in the game (Rapoport, 1974).
274
 The fundamental characteristic of game theory is
the assumption that players are rational and, therefore,
look for the maximization of the difference between
their own costs and benefits when considering an
action to take. With respect to decisions or moves
made by players, game theory shares fundamental
similarities with social exchange theory. Coined by
Hormans (1958), social exchange theory posits that
human relationships develop through the use of a
subjective cost-benefit analysis and the comparison of
alternatives (e.g., “what my partner gives may be a
cost to him, just as what my partner gets may be a
reward”). Just like game theory, social exchange the-
ory rests upon rationalization and the outweighing of
perceived benefits. An example of rationalization
would be the following: “It was the right thing to do.”
Thibaut and Kelley (1959) go even further by integrat-
ing the notion of irrational moves into the theory.
For instance, they illustrated vengefulness as an irra-
Downloaded By: [Black, dk] At: 20:41 30 November 2010
tional motive (e.g., “I would rather see both of us die
than see him get off easier than I”). They also
explained the role of moralization (e.g., “I will be for-
given in Heaven”). A parallel to game theory can be
drawn here, as each player is assumed to be rational.
This means they all wish the outcome to be as satis-
factory as possible according to the specific set of
reward and cost values (Sallhammar, Helvik, &
Knapskog, 2006).
As one can see, both game theory and social
exchange theory involve moves, decisions, strategies,
or actions that look like those used in a chess game,
where each player does not know what moves his or
her opponent will take. Therefore, each of the players
must find a strategy to examine the possible actions of
each other in the situation. The ultimate goal is to
determine the best course of action for each player
(Jehle & Reny, 2001). By providing tools for analyzing
strategic interactions among two or more players,
game theory uses simple models to study complex
interactive relations. The advantage is that game theory
helps illustrate the potential for, as well as the risks
associated with, collaborative behavior among distrust-
ful players in the game. Nevertheless, it is important to
note that, unlike in chess, pieces are never removed
from the game board. As Workman (2005) puts it,
under the principles of game theory, players remain
largely nomothetic, even when modeled out as a Con-
tinuous Time Markov Chain (CTMC). According to
the premises of CTMC, given the present state, future
275
states do not depend on past states (Workman, 2004).
In other words, the description of the present state
completely encapsulates and provides all the informa-
tion that could affect the future evolution of the process.
It is a probabilistic process, not deterministic, that will
allow future states to be reached (Markov, 1971).
According to Rapoport (1974), game theory
implies players (decision makers) and payoffs accu-
mulated by each player as a consequence of each pos-
sible outcome. A player will always take the path that
will result in a greater payoff to himself or herself
(which means that each player knows the payoffs and
the opponent(s) at any given end state). This also
implies that each player seeks to follow the strategies
that will accomplish the most beneficial goal in every
situation. Of equal relevance is that game theory is
the strategic thinking about how player A will act in a
situation where his or her moves will affect player B,
whose moves, in turn, will have an impact on player
A. What comes next is a description of three types of
outcomes that result from the actions taken by the
players in the game: (1) the Nash equilibrium, (2) the
zero-sum game, and (3) the positive-sum game and
the negative-sum game.
Nash Equilibrium
The concept of Nash equilibrium was coined by
John Nash (1950). It refers to the outcome of a game
that occurs when one player takes the best possible
action based on the action of another player. Likewise,
the latter player takes the best possible action based on
the action of the first player. In the Nash equilibrium,
both players perform their dominant strategies. What
this means is that neither of the two players would
change his or her strategy if offered the chance to do
so at the end of the game. So, each player makes the
best decision that he or she can, taking the actions of
his or her opponent as given (Mehlmann, 2000).
In addition, the Nash equilibrium also implies that
each player maximizes his or her own actual or expected
payoff. Recall that the payoff is the outcome obtained by
a combination of decisions. Again, each player takes the
other player’s current strategies as given (Nash, 1950). So,
a player has nothing to gain by changing only his or her
own strategy. If a player has chosen a strategy and if he
or she cannot benefit by changing that strategy, while
the other player keeps his or hers unchanged as well,
then the current set of strategies and the payoffs that
A Postmodern Theory of Cyberterrorism
 result from the outcome of the game constitute a Nash
equilibrium (Fudenberg & Tirole, 1991).
Zero-Sum Game
A zero-sum game is a game in which the interests of
each player are diametrically opposed (von Neumann &
Morgenstern, 1944). In other words, regardless of the
outcome of the game, the winnings of one player are
exactly balanced by the losses of the other player.
What this means is that each of the payoffs must be
the negative of the other(s) (Fudenberg & Tirole,
1991). The outcome of the game is named “zero-sum”
because when a player adds up his or her total gains
and subtracts the total losses of the other, they will
sum to zero. All in all, player A can gain only at the
expense of player B (or vice versa) and the benefits and
losses to both player A and player B sum to the same
value (von Neumann & Morgenstern, 1944).
Downloaded By: [Black, dk] At: 20:41 30 November 2010
Positive-Sum Game and Negative-Sum
Game
A positive-sum game is a situation in which each
player can benefit from the actions taken by all players,
even if some players benefit more than others. Thus, it
can result in one player losing and another gaining
with an overall gain (Mehlmann, 2000). The gains
exceed the losses. A negative-sum game is a situation
in which the actions of each player hurt both them-
selves and their opponents. It can also result in one
player losing and another gaining with an overall loss
(Mehlmann, 2000).
THE ROLE OF COMMUNICATION IN
GAME THEORY
Communication plays a central role in game theory
because the theory involves the analysis of conflict,
cooperation, and the degree of communication
needed to reach a desired outcome by each player.
Game theory also deals with strategic interaction
(Workman, 2008). A strategic interaction requires that
the players make decisions; the outcome of the game
depends on the players’ choices. A strategic interac-
tion inherently involves human communication. For
instance, the cyberterrorist needs to find a way
through communication and trust in order to reach a
J. Matusitz
collaborative outcome with the computer security
agent. In a collaborative game, the ability with which
each player communicates, the intensity of communi-
cation, and even the organization with which these
players communicate can affect, positively or nega-
tively, the outcome of the game. If there is no com-
munication between two players, then no cooperation
can be formed. However, if they can communicate
and engage in cooperative behavior, the outcome
would be quite different. For this reason, repeated
interaction might lead to different outcomes.
GAME THEORY AS APPLIED TO
CYBERTERRORISM
Cyberterrorism is the intentional use of threatening
and disruptive actions against computers, networks, or
the Internet in order to cause harm or further ideolog-
ical, political, or similar objectives, or to intimidate
any person in furtherance of such objectives (Arquilla,
Rondfeltd, & Zanini, 1999; Conway, 2002; Dunnigan,
2003). A similar definition of cyberterrorism is that it
is “aimed at coercing a population or its government
to accede to certain political or social objectives”
(Clem, Galwankar, & Buck, 2003, p. 272). Attacks
through the Internet need to have a terrorist compo-
nent in order to be labeled “cyberterrorism.” From an
historical standpoint, the word “cyberterrorism” was
born in the late 1980s when Collin, a senior research
fellow at the Institute for Security and Intelligence
(ISI) in California (Collin, 1996), coined this hot
techno-phrase by blending two linguistic elements:
cyberspace and terrorism. Now that we know what
cyberterrorism means, it would be interesting to see
how game theory can be applied to this context, how
the theory is postmodern, and what postmodernism
means. Then, an explanation of how game theory and
social network theory can be intermingled is provided.
Game Theory as Applied to
Cyberterrorism: An Overview
Just as we are able to understand the strategies used
by conventional terrorists in a particular game, we
may also be able to understand how cyberterrorists act
in a given situation. Two basic principles that make up
game theory are that the players are rational and
intelligent in strategic reasoning. With respect to
276
 cyberterrorists, why do many of them try to destroy
the computer system of the Pentagon or other federal
agencies? Why do they not cripple more targets
outside those organizations? The answer to these to
questions is simple. Cyberterrorists like to commit
malicious acts where they believe it will help influence
those who make decisions directly in the way of the
cyberterrorists’ goals. A network of cyberterrorists has as
its main objective to cause damage to the computer sys-
tem that it attacks. This damage can take many forms.
First, any action undertaken by the computer network
to strengthen its security system against attacks gener-
ates benefits for the cyberterrorists because it imposes
costs on the computer network. Second, any move
taken by the cyberterrorists that causes damage to the
computer network increases benefits for the cyberter-
rorist (e.g., self-glorification as the “enemy” suffers).
Conversely, the response from the computer net-
work against a cyberterrorist action can be twofold:
Downloaded By: [Black, dk] At: 20:41 30 November 2010
retaliation (offensive) or conciliation (collaborative).
Oddly enough, collaboration between the attackers
and the defenders can contribute to the shrinking of
the cyberterrorist network by reducing the number of
members who were part of their network. What happens
is that the computer network can make it appear that
the conciliation was not the result of the actions taken
by the cyberterrorists. Consequently, some members
may feel that the cyberterrorist attacks in question
have not carried the impact they had hoped. In reality,
though, the end result is a draw (or a win-win out-
come). Retaliation can also increase winnings for both
sides because it expends resources.
The outcome can also be a Nash equilibrium.
According to Lye and Wing (2005), a Nash equilibrium
gives a computer security expert or a public Web server
administrator an idea of the cyber attacker’s strategy
“and a plan for what to do in each state in the event of
an attack” (p. 9). Finding additional Nash equilibria
allows that public Web server administrator to learn
more about the cyber attacker’s best attack strategies.
Just like in a chess game, player A (e.g., a computer
security agent) does not know the next move of player
B (the cyberterrorist) and vice versa. Player A only
needs to act when an attack on the computer network
is suspected. It is fair to assume that both players know
what each other is capable of doing. Yet they do not
each other’s next move. Again, it is just like a chess
game, where the game is evolutionary.
277
FIGURE 1 The interactions between the attacker and the
system modeled as a stochastic game.
Sallhammar, Helvik, and Knapskog (2005) followed
the game model as applied to attacks on computer
networks, based on a reward and cost concept. Their
goal for using game theory was to compute the
expected attacker behavior in regards to decision
probabilities. As shown in Figure 1, the game model,
based on a reward/cost concept, assumes that attackers
will focus on the reward of successful actions and not
on the potential cost of detection (before they take
actions). Attackers will also try to take full advantage
of the expected outcome of the attack. Because the
game model hinges on a reward and cost concept, it
can adjust the transition rates of the stochastic model
according to a specific threat assumption, such as
potential attackers’ motivation and their awareness of
detection. The exchanges between an attacker and the
system are modeled as a two-player zero-sum game
(Sallhammar, Helvik, & Knapskog, 2006).
Please take notice of the word “random” in the
graph. This concept is part of stochastic game theory.
Stochastic simply means random, a process whose
behavior is nondeterministic; a system’s subsequent
state is influenced both by predictable actions of the
process and by randomness (Bellomo, 2007). After
solving the stochastic game, the expected attacker
behavior is then manifested in the transitions between
states in the system model by influencing the transition
rates based on a probability distribution. Eventually,
the corresponding stochastic process is employed to
calculate security measures of the system, just as in the
typical availability and reliability analysis of ICT systems
(Sallhammar, Knapskog, & Helvik, 2005).
A Postmodern Theory of Cyberterrorism
 Game Theory as Applied to
Cyberterrorism: A Postmodern View
As opposed to conventional war techniques, game
theory in cyberspace allows for the use of grand strate-
gies aiming at fast and easy disintegration of the
respective opponent. Not only can a player make mul-
tiple, simultaneous moves at the same time (as if he or
she were composed of multiple selves), but both players
also can make multiple, simultaneous moves coinci-
dentally. In most games, players alternate moves. In
cyberspace, this is not true anymore. An opponent can
launch multiple, simultaneous attacks easily and
quickly (Littman, 1994). What this also means is that
time is not “constraining” in the context of cyberterror-
ism. In other words, opponents in cyberspace are under
no time control constraints (Carmel & Markovtich,
1996). Timing for move and state updates is neither
fixed nor defined. In actual space, time is “perspectival”
(Gebser, 1985), while in cyberspace, time is “aperspec-
Downloaded By: [Black, dk] At: 20:41 30 November 2010
tival.” For this reason, time becomes a “fluxing inten-
sity, rather than a fixed extensity, and as such it is not
prone to being fragmented into identical and repetitive
units of measurement such as past, present, or future”
(Kramer, 1997, p. 122). This is postmodernism.
Postmodernism is a cultural movement of the late
twentieth century (Docherty, 1993; Jameson, 1991)
that endorses the view that we are living in an era of
individual freedom from imposed rules and social
constraint (McQuail, 2000). One of the fundamental
assumptions underlying the theory of postmodernism
is that it implies a blurring of the boundaries between
previously distinct or opposite phenomena (Lister,
Dovey, Giddings, Grant, & Kelly, 2003) and represents
a shift towards spatialization and a triumph over lin-
earity (Bubitt, 2002). For postmodernists, “nothing is
the same, the world is decoherent, discontinuous,
uncertain, inconsistent” (Kramer, 1997, p. 10). Mean-
ing is not important because it is always indetermi-
nate. Meaning is deconstructed (Derrida, 1973). To
have a good idea of what postmodernism is, it would
be interesting to compare it with modernism. While
modernism is a reaction to the early twentieth century
machine age, postmodernism is synonym with the age
of simulation, of online selves, and of computer and
electronic media (McDermott, 1992; Turkle, 1992).
The fragmentary aspect of the Internet and commu-
nication in cyberspace give each player more autonomy
to create his or her own environment and identity.
J. Matusitz
While modern identity is a location, postmodern
“identity” cannot be localized and “therefore often
seen as nonidentity” (Kramer, 1997, p. xviii). Because
they are able to change their identities every second
with just one mouse click, cyberterrorists are free from
imposed rules and social constraint as they know it in
the perspectival, physical world. Is the other player a
real threat, or is it just an FBI agent acting as a cyber
spy? Because of the postmodern nature of the Internet
and the absence of spatiality, the Web user can move
effortlessly across the spatial divide. When confront-
ing each other in cyberspace, the cyberterrorist and
the computer security agent find themselves in a space
and time that are aperspectival. Kramer (1997) writes
extensively on aperspectival time. For Kramer, “aper-
spectival time is a dimensional constituent of the
world. Time is not anywhere, nor is it going ‘any-
where.’ Nor is time a “constant” (p. 122).
Postmodernism always implies change and fluidity.
This is Derrida’s (1967) deconstruction of meaning
and of the Other’s sense making and intentions. The
player’s opponent may have an end goal that is com-
patible with his or hers. Likewise, the opponent may
be trying for something that the player does not like,
yet the opponent does not compromise the player’s
mission critical objectives (Hsu, Anantharaman,
Campbell, & Nowatzyk, 1990; Tesauro, 1994). Also
interesting is that the Internet and computer technology
allow players to change their goals more quickly and
more frequently (Carmel & Frequently, 1996). They
can even change the rules. In most games, the rules are
known by all participants beforehand. In the case of
cyberterrorism, anything goes.
Intersection of Game Theory and
Social Network Theory in the Study
of Cyberterrorism
The reason game theory can intersect with social
network theory in the study of cyberterrorism is
because the Internet is a large-scale communication
network that cannot be managed by one central
authority but rather by different nodes or hubs inter-
acting with each other and using various strategies.
Some nodes are cyberterrorists themselves and part of
the game. This lends to the analysis of the network
system using the game theory model, in which com-
munication paths or data streams can be altered by
selfish nodes — that is, cyberterrorists — who try to
278
 cause damage or modify the state of the network.
Instead of being a homogeneous network where users
interact safely and in an honest way, the Internet is
more like a social network of heterogeneous, selfish
users who try to maximize their personal desires
(Floyd & Fall, 1999). This is where game theory and
social network theory intersect. Game theory is a natural
modeling framework for understanding how nodes in
the network make decisions independently and how
they seek to optimize their desires by using strategies.
Computer security agents are the standard defenders
of the network (Floyd & Fall, 1999). They have to
intermingle with cyberterrorists and use different strate-
gies to reach their desired outcomes (for the benefit of
the network, of course). The scenario in Figure 2 repre-
sents our game model during the interaction between a
cyberterrorist and a computer security agent.
The public Web server, the private file server, and
the private workstation are very important nodes.
Downloaded By: [Black, dk] At: 20:41 30 November 2010
Since these three nodes are highly connected to thou-
sands of computers, they are actually hubs. The cyber-
terrorist represents a small external node, working
from a single computer. The cyberterrorist is not a
hub; however, his or her actions could be damaging.
The links that we see are direct communication paths.
The computer security agent can work, for instance,
from a private workstation and can have direct access
to all the features of the public Web server. From a
game theory perspective, all kinds of strategies are
available to each player. For example, “a common target
for use as a launching base in an attack is the public
Web server” (Lye & Wing, 2005, p. 4). By using this
hub as a springboard from which serious damage
could be inflicted, the cyberterrorist could try to flood
private-home computers with viruses. Until the cyber-
terrorist takes action, the computer security agent does
not know whether there is an attacker or not. He or
she does not even know about the existence of the
node. It is important to note that not all actions taken
private
fileserver
public
Cyberterrorist Webserver
private
workstation
FIGURE 2 Example of a local network attacked by a
cyberterrorist.
279
by the cyberterrorist can be observed. Once the game
has started, each player has several choices at any
given time during the game. An action pair, composed
of the cyberterrorist and the computer security agent,
can cause the local network to move from one state to
another (Lye & Wing, 2005).
There are highly expected payoffs based on the
actions taken by each player. The cyberterrorist’s
rewards might be in terms of the amount of damage
done to the network. For instance, a “defaced corpo-
rate website may cause the company to lose its reputa-
tion and its customer to lose confidence” (Lye &
Wing, 2005, p. 3). This is a reward for the cyber
attacker. By the same token, disrupting a hub (public
Web server) can be the desired outcome of the cyber-
terrorist, even if it just takes 15 minutes for the public
Web server administrator to determine the strategy
used and restart the service. On the other hand, the
reward of the computer security agent would see the
strategies taken by the cyberterrorist fail, which
happens in most cases (Mitnick & Simon, 2002). The
game can be a “cooperative” type of game if a
cyberterrorist uses inducements to get a public Web
server administrator to take actions that will reach a
positive outcome. The choices and actions made by
the cyberterrorist can be influenced by the adminis-
trator (and vice versa). For example, the cyberterrorist
can urge the administrator to install two levels of
password protection to make the effort required to
wreaking havoc more challenging to the attacker. It
might be the case that the cyberterrorist wants the
network to be in a good state in order to create the
biggest damage. After all, it takes a big target to create
a big damage.
Based on the motives of the attacker, the adminis-
trator might, in turn, increase security to prevent him
or her from carrying out an evil plan. The cyberterrorist
might perceive this next move as a tradeoff. Con-
versely, computer security agents might be able to
contemplate the idea that, while unknown cyberterrorist
actions may occur at any time, some of their moves
are more likely to occur than others.
DISCUSSION AND FUTURE
DIRECTIONS
What this article has demonstrated is that game
theory is well suited to studying cyberterrorism. In the
face of cyber attackers, who wage attacks in a post-
A Postmodern Theory of Cyberterrorism
 modern fashion, conventional strategies lead to no
avail. The cyberterrorist and the computer security
agent not only engage in real-time game play but also
use tactics that would not be utilizable in conven-
tional conflict. Given this, the theory can greatly con-
tribute to a better understanding of cyber strategy and
its implications. Not only can a player make multiple,
simultaneous moves at the same time (as if he or she
were composed of multiple selves), but both players
also can make multiple, simultaneous moves coinci-
dentally. As we have seen, cyberterrorists and their
opponents are free from time control constraints
(Carmel & Markovtich, 1996) because time is not
fixed; it is not even defined. While in physical space
time is perspectival (Gebser, 1985), in cyberspace it is
“aperspectival.” Time, then, becomes a fluxing inten-
sity, not a fixed extensity. There are no identical,
divided, and fragmented units of measurement such
as past, present, or future (Kramer, 1997). “Space,” as
Downloaded By: [Black, dk] At: 20:41 30 November 2010
we know it in actual space, is deconstructed; the
center in cyberspace is everywhere and the circumfer-
ence nowhere. This is where the value of postmod-
ernism comes into play: fluidity, fragmentation, and
decentralization.
One conclusion that can be drawn from this theo-
retical analysis is that cyberterrorists are postmodern
Internet-based terror reapers; they constantly seek to
turn the technological superiority and complexity of
their targets into liabilities rather than assets. Just
look at how immeasurably vulnerable our postmodern
society is in the face of malicious software programs,
destruction, or any disconnection of our information
systems or power supplies. Despite the fact that
abundant technical safeguards may be created by the
finest experts worldwide, the dangerous game we
have to face against cyberterrorists will be a strategies-
versus-counterstrategies game in which the players
who will prevail will be those who possess the
structural advantage. After all, to disrupt is structurally
less difficult than to protect. The modern protectors
may be playing a losing game against the postmodern
disruptors.
What this article has also shown is that game theory
and social network theory can be effectively inter-
sected to explore the complicated and enigmatic phe-
nomenon of cyberterrorism. Game theory is an
inherent modeling framework for comprehending
how nodes in the network make independent moves
J. Matusitz
and how they seek to optimize their desires by using
various tactics. Since computer security agents act as
the standard defenders of the network (Floyd & Fall,
1999), they put themselves in situations where they
intermingle with cyberterrorists and use strategies in
order to reach their desired outcomes (for the benefit
of the network, of course). The main advantage of
intersecting social network theory and game theory is
that it allows for a more complete analysis and bet-
ter understanding of confrontations taking place in
cyberspace.
For future research, scholars should continue to put
game theory into practice and investigate how the
cyberterrorist and his or her opponent eventually
reach their outcomes. It might prove useful to deter-
mine not only how the two opponents in the game
(i.e., computer security experts and law enforcement
officials vs. cyberterrorists) are creating a dichotomous
divide between the attacker and the defender but also
the extent to which the two are intertwined. As such,
it might be interesting to see whether or not those
who defend systems and those who attack them fall
into the gray areas in between. Or, think of the follow-
ing question: Do “good” and “evil” blur into gray? No
matter what the answer to this question may be, game
theory remains a promising theory for exploring the
complex phenomenon of cyberspace. The informa-
tion age has just begun and will pave the way for many
more marvels, events, and mysteries. Understanding
the tactics and strategies used by both cyberterrorists
and their opponents is only a beginning step for game
theory scholars.
REFERENCES
Arquilla, J., Ronfeldt, D., and Zanini, M. (1999). Networks, netwar and
information-age terrorism. In I. O. Lesser, B. Hoffman, J. Arquilla, D.
F. Ronfeldt, M. Zanini, & B. M. Jenkins (Eds.), Countering the new
terrorism, pp. 39–88, Santa Monica, CA: RAND.
Aumann, R. and Hart, S. (Eds.). (1992). Handbook of game theory
with economic applications. Amsterdam: Elsevier Science
Publishers.
Bellomo, N. (2007). Modeling complex living systems: A kinetic theory
and stochastic game approach. Boston: Birkhäuser.
Bilbao, J., Fernandez, J., Jimenez, N., and Lopez, J. (2002). Voting power
in the European Union enlargement. European Journal of Opera-
tional Research, 143, 181–196.
Bubitt, S. (2002). Digital filming and special effects. In D. Harries (Ed.),
The new media book, pp. 17–29, London: BFI Publishing.
Carmel, D. and Markovitch, S. (1996). Learning and using opponent
models in adversary search, Technical Report, CIS9606.
Clem, A., Galwankar, S., and Buck, G. (2003). Health Implications
of cyber-terrorism. Prehospital and Disaster Medicine, 18(3), 272–275.
280
 Collin, B. (1996). The future of cyberterrorism. Proceedings of the Elev-
enth Annual International Symposium on Criminal Justice Issues, The
University of Illinois at Chicago.
Conway, M. (2002). What is cyberterrorism? Current History, 2,
436–440.
Derrida, J. (1967). Writing and difference. Chicago: University of Chicago
Press.
Derrida, J. (1973). Speech and phenomena. Evanston, IL: Northwestern
University Press.
Docherty, T. (1993). Postmodernism: A reader. London:Harvester
Wheatsheaf.
Dunnigan, J. F. (2003). The next war zone: Confronting the global threat
of cyberterrorism. New York: Citadel Press.
Fent, T., Feichtinger, G., and Tragler, G. (2002). A dynamic game of
offending and law enforcement. International Game Theory Review,
4(1), 71–89.
Floyd, S. and Fall, K. (1999). Promoting the use of end-to-end
congestion control. IEEE/ACM Transactions on Networking, 7(4),
458–472.
Fudenberg, D. and Tirole, J. (1991). Game theory. Cambridge, MA: MIT
Press.
Gebser, J. (1985). The ever-present origin. Athens: Ohio University Press.
Homans, G. C. (1958). Social behavior as exchange. American Journal of
Sociology, 63(6), 597–606.
Hsu, F., Anantharaman, S., Campbell, M. S., and Nowatzyk, A. (1990).
Deep thought. In T.A. Marsland and J. Schaeffer (Eds.), Computer,
chess, and cognition, pp. 55–78, New York: Springer Verlag.
Downloaded By: [Black, dk] At: 20:41 30 November 2010
Jameson, F. (1991). Postmodernism, or the cultural logic of late capitalism.
Durham, NC: Duke University Press.
Jehle, G. A. and Reny, P. J. (2001). Advanced microeconomic theory,
third edition. Boston: Addison-Wesley Longman.
Kramer, E. M. (1997). Modern/postmodern: Off the beaten path of anti-
modernism. Westport, CT: Praeger.
Lister, M., Dovey, J., Giddings, S., Grant, I., and Kelly, K. (2003).New
media: A critical introduction. New York: Routledge.
Littman, M. L. (1994). Markov games as a framework for multi-agent
reinforcement learning. Proceedings of the Eleventh International
Conference on Machine Learning, pp. 157–163.
Lye, K. W. and Wing, J. M. (2005). Game strategies in network security.
International Journal of Information Security, 5(1), 1–10.
Markov, A. A. (1971). Extension of the limit theorems of probability theory
to a sum of variables connected in a chain. In R. Howard (Ed.), Dynamic
probabilistic systems, pp. 552–577, New York: John Wiley and Sons.
McDermott, C. (1992). Essential design. London: Bloomsbury.
281
McQuail, D. (2000). McQuail’s mass communication theory. Thousand
Oaks, CA: Sage.
Mehlmann, A. (2000). The game’s afoot! Game theory in myth and par-
adox. Providence, RI: American Mathematical Society.
Mitnick, K. D., and Simon, W. L. (2002). The art of deception: Controlling
the human element of security. Indianapolis, IN: Wiley Publishing, Inc.
Nash, J. (1950). Equilibrium points in n-person games. Proceedings of
the National Academy of the USA, 36(1), 48–49.
Neel, J. J. (2005). Gametheory can be used to analyze cognitive radio.
Electronic Engineering Times, 1386, 69–72.
Neumann, J. von and Morgenstern, O. (1944). Theory of games and
economic behavior. Princeton, NJ: Princeton University Press.
Pike, K. L. (1967). Language in relation to a unified theory of structure of
human behavior. The Hague: Mouton.
Rapoport, A. (Ed.). (1974). Game theory as a theory of conflict resolu-
tion. Boston: D. Reidel Publishing Company.
Sallhammar, K., Helvik, B. E., and Knapskog, S. J. (2005). Incorporating
attacker behavior in stochastic models of security. In Proceedings of
the 2005 International Conference on Security and Management,
Las Vegas, NV.
Sallhammar, K., Helvik, B. E., and Knapskog, S. J. (2006). A game-
theoretic approach to stochastic security and dependability
evaluation. In Proceedings of the Second IEEE International Sym-
posium on Dependable, Autonomic and Secure Computing, India-
napolis, IN.
Tesauro, G. (1994). TD-Gammon, a self-teaching backgammon program
achieves master-level play. Neural Computation, 6, 215–219.
Thibaut, J. W. and Kelley, H. H. (1959). The social psychology of groups.
New York: Wiley.
Turkle, S. (1992). Psychoanalytic politics: Freud’s French revolution. London:
Free Association Books.
Turner, P. E. (2005). Cheating viruses and game theory. American Sci-
entist, 93(5), 428–435.
Workman, M. (2004). When all you have are nails, nothing looks like a
hammer: Advancements in technologies and the ontological to
epistemic transformation. Reston, VA: Conference on Counter-Intel-
ligence and Cyber Counter-Terrorism.
Workman, M. (2005). Nomothetic and ideographic predictions: A gener-
alized application of Churchman heuristics in modeling attack epi-
sodes. Tampa, FL: A presentation to the Department of Defense
Northern Command and the National Security Agency, Project Green
Dragon.
Workman, M. (2008). Technology: The double-edged sword in terror
and interdiction. Melbourne, FL: The second annual conference of
the Global Center for Preparedness, pp. 2–11.
A Postmodern Theory of Cyberterrorism