The Law and Economics of Cybersecurity
Full Title of Reference
The Law and Economics of Cybersecurity
The Law and Economics of Cybersecurity (Mark F. Grady & Francesco Parisi eds., 2006).
- Resource by Type: Books
- Actors and Threats: States
- Issues: Economics of Cybersecurity; Incentives; Information Sharing/Disclosure; Public-Private Cooperation; Risk Management and Investment
- Approaches: Regulation/Liability
Cybersecurity is a leading national problem for which the market may fail to produce a solution because individuals often select less than optimal security levels in a world of positive transaction costs. The problem is compounded because the insecure networks extend far beyond the regulatory jurisdiction of any one nation or even coalition of nations. This book brings together the views of leading law and economics scholars on the nature of the cybersecurity problem and possible solutions to it. Many of these solutions are market based, but in need of aid, either from government or industry groups or both.
Unlike traditional crime, which terrorizes all, but has far fewer direct victims, cybercrime impacts the lives of virtually all citizens and almost every company. The Computer Security Institute and the FBI recently released the results of a study of 538 companies, government agencies and financial institutions. Eighty-five percent of the respondents reported having security breaches, 64% experienced financial loss as a result.4 As this problem grows on a daily basis, it becomes imperative that society identify the most economically efficient way of fighting cybercrime. In this volume, the authors present a unique cross-section of views that attempt to identify the true problems of cybersecurity and present solutions that will help resolve these challenges. In the first section of the book, two authors outline some of the major problems of cybersecurity and explain how the provision of cybersecurity differs from traditional security models.
The second section of this volume Yochai Benkler argues that cybersecurity is best addressed by making system survivability the primary concern of security measures, rather than attempting to create impregnable cyber fortresses. By mobilizing excess capacity that users have on their personal devices, a network-wide, self-healing device could be created. The already existing system of music-sharing offers a model of how this type of security could be achieved.
The second-half of the volume attempts to create regulatory solutions that will address the major problems of cybersecurity. The authors highlight the debate between public and private security with highly divergent positions. Amitai Aviram offers the perspective of private ordering as achieved through private legal systems (PLSs), institutions which aim to enforce norms when the law fails, neglects or chooses not to regulate behavior. Aviram’s article gives a broad perspective to how PLSs are formed and then offers practical applications for the field of cybersecurity. Aviram reasons that PLSs cannot spontaneously form because new PLSs often cannot enforce cooperation. This gap occurs because the effectiveness of the enforcement mechanism depends on the provision of benefits by the PLS to its members, a factor that is non-existent in new PLSs.
Once you have moved past the question of whether private or public action should be favored, you must look to the issue of whether local action is sufficient. Cybercrime proposes unique jurisdictional questions because actions in one country may have effects in another. If the host country will not enforce laws against the cybercriminals, how can the victim country stop the attack? This issue of ambiguous jurisdiction is one of the failures of modern international law in this area. This would seem to suggest that international cooperation should take place. Trachtman suggests creating an umbrella organization that has jurisdiction over these matters and can act transnationally. Trachtman concludes by offering a variety of game theory presentations that exhibit when and how international cooperation can best occur in the realm of cybersecurity.
The authors in this volume have attempted to provide a source for better understanding the dilemmas and debates over how cybersecurity is best provided. Whether it is through private legal systems or public enforcement or a combination of the two, society can scarcely wait in finding new and more efficient tools in the war on cybercrime.
Additional Notes and Highlights
Expertise Required: Law - Low, Economics - Low
The Law and Economics of Cybersecurity: An Introduction Mark Grady and Francesco Parisi Part one: Problems . Cybersecurity and Its Problems 1 Private versus Social Incentives in Cybersecurity: Law and Economics Bruce K. Kobayashi 2 A Model for When Disclosure Helps Security: What Is Different about Computer and Network Security? Peter P. Swire Intervention Strategies: Redundancy, Diversity and Autarchy 3 Peer Production of Survivable Critical Infrastructures Yochai Benkler 4 Cybersecurity: Of Heterogeneity and Autarky Randal C. Picker . Part two: Solutions . Private Ordering Solutions 5 Network Responses to Network Threats: The Evolution into Private Cybersecurity Associations Amitai Aviram 6 The Dark Side of Private Ordering: The Network/Community Harm of Crime Neal K. Katyal Regulation and Jurisdiction for Global Cybersecurity 7 Holding Internet Service Providers Accountable Doug Lichtman and Eric P. Posner 8 Global Cyberterrorism, Jurisdiction, and International Organization Joel P. Trachtman
Review by Thomas H. Koenig, Professor and Chair, Department of Sociology and Anthropology, Northeastern University.