The Law and Economics of Cybersecurity

From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

The Law and Economics of Cybersecurity

Full Citation

The Law and Economics of Cybersecurity (Mark F. Grady & Francesco Parisi eds., 2006).

BibTeX Google Books World Cat Amazon


Key Words

Computer Network Attacks, Cybersecurity as an Externality, Cyber Terrorism, Cyber Crime, Data Mining, Internet Service Providers, Outreach and Collaboration


Cybersecurity is a leading national problem for which the market may fail to produce a solution because individuals often select less than optimal security levels in a world of positive transaction costs. The problem is compounded because the insecure networks extend far beyond the regulatory jurisdiction of any one nation or even coalition of nations. This book brings together the views of leading law and economics scholars on the nature of the cybersecurity problem and possible solutions to it. Many of these solutions are market based, but in need of aid, either from government or industry groups or both.

Unlike traditional crime, which terrorizes all, but has far fewer direct victims, cybercrime impacts the lives of virtually all citizens and almost every company. The Computer Security Institute and the FBI recently released the results of a study of 538 companies, government agencies and financial institutions. Eighty-five percent of the respondents reported having security breaches, 64% experienced financial loss as a result.4 As this problem grows on a daily basis, it becomes imperative that society identify the most economically efficient way of fighting cybercrime. In this volume, the authors present a unique cross-section of views that attempt to identify the true problems of cybersecurity and present solutions that will help resolve these challenges. In the first section of the book, two authors outline some of the major problems of cybersecurity and explain how the provision of cybersecurity differs from traditional security models.

The second section of this volume Yochai Benkler argues that cybersecurity is best addressed by making system survivability the primary concern of security measures, rather than attempting to create impregnable cyber fortresses. By mobilizing excess capacity that users have on their personal devices, a network-wide, self-healing device could be created. The already existing system of music-sharing offers a model of how this type of security could be achieved.

The second-half of the volume attempts to create regulatory solutions that will address the major problems of cybersecurity. The authors highlight the debate between public and private security with highly divergent positions. Amitai Aviram offers the perspective of private ordering as achieved through private legal systems (PLSs), institutions which aim to enforce norms when the law fails, neglects or chooses not to regulate behavior. Aviram’s article gives a broad perspective to how PLSs are formed and then offers practical applications for the field of cybersecurity. Aviram reasons that PLSs cannot spontaneously form because new PLSs often cannot enforce cooperation. This gap occurs because the effectiveness of the enforcement mechanism depends on the provision of benefits by the PLS to its members, a factor that is non-existent in new PLSs.

Once you have moved past the question of whether private or public action should be favored, you must look to the issue of whether local action is sufficient. Cybercrime proposes unique jurisdictional questions because actions in one country may have effects in another. If the host country will not enforce laws against the cybercriminals, how can the victim country stop the attack? This issue of ambiguous jurisdiction is one of the failures of modern international law in this area. This would seem to suggest that international cooperation should take place. Trachtman suggests creating an umbrella organization that has jurisdiction over these matters and can act transnationally. Trachtman concludes by offering a variety of game theory presentations that exhibit when and how international cooperation can best occur in the realm of cybersecurity.

The authors in this volume have attempted to provide a source for better understanding the dilemmas and debates over how cybersecurity is best provided. Whether it is through private legal systems or public enforcement or a combination of the two, society can scarcely wait in finding new and more efficient tools in the war on cybercrime.

Additional Notes and Highlights

Expertise Required: Law - Low, Economics - Low

PDF of the book's Table of Contents

The Law and Economics of Cybersecurity: An Introduction
  Mark Grady and Francesco Parisi

Part one: Problems
 Cybersecurity and Its Problems
  1 Private versus Social Incentives in Cybersecurity: Law and Economics
    Bruce K. Kobayashi
  2 A Model for When Disclosure Helps Security: What Is Different about Computer and Network Security?
    Peter P. Swire
 Intervention Strategies: Redundancy, Diversity and Autarchy
  3 Peer Production of Survivable Critical Infrastructures 
    Yochai Benkler
  4 Cybersecurity: Of Heterogeneity and Autarky 
    Randal C. Picker
Part two: Solutions
 Private Ordering Solutions
  5 Network Responses to Network Threats: The Evolution into Private Cybersecurity Associations 
    Amitai Aviram
  6 The Dark Side of Private Ordering: The Network/Community Harm of Crime 
    Neal K. Katyal
 Regulation and Jurisdiction for Global Cybersecurity
  7 Holding Internet Service Providers Accountable 
    Doug Lichtman and Eric P. Posner
  8 Global Cyberterrorism, Jurisdiction, and International Organization 
    Joel P. Trachtman

Review by Thomas H. Koenig, Professor and Chair, Department of Sociology and Anthropology, Northeastern University.