Cyber Risk Management and Mitigation via Controlled Stochastic SIS Dynamics: An Optimal Control Approach

In this paper, we formulate cyber risk management and mitigation as a stochastic optimal control problem under a stochastic Susceptible-Infected-Susceptible (SIS) epidemic model. To capture the dynamics and interplay of management and mitigation strategies, we introduce two stochastic controls: (i) a proactive risk management control to reduce external cyber attacks and internal contagion effects, and (ii) a reactive mitigation control to accelerate system recovery from cyber infection. The interplay between these controls is modeled by minimizing the expected discounted running costs, which balance proactive management expenses against reactive mitigation expenditures. We derive the associated Hamilton-Jacobi-Bellman (HJB) equation and characterize the value function as its unique viscosity solution. For numerical solutions, we propose a Policy Improvement Algorithm (PIA) and prove its convergence via Backward Stochastic Differential Equations (BSDEs). Finally, we present a comprehensive numerical analysis through a benchmark example, suboptimal control analysis, sensitivity analysis, and comparative statics.

💡 Research Summary

**
This paper formulates cyber‑risk management and mitigation as a stochastic optimal control problem built on a Susceptible‑Infected‑Susceptible (SIS) epidemic framework. Recognizing that cyber threats spread in a manner analogous to biological contagion, the authors first introduce a stochastic SIS model for the fraction of infected nodes, normalising the total system size to one. Two control variables are then incorporated: (i) a proactive control η∈