The economics of cyber - and infrastructure -- security

Published 15 May 2008

New book explores the economics of protecting cyberspace; the book “links our nation’s critical infrastructures across public and private institutions in sectors ranging from food and agriculture, water supply and public health, to energy, transportation and financial services,” says one of the authors

Here is a book you may want to read. As far as we can tell, Cyber Security: Economic Strategies and Public Policy Alternatives provides the first systematic analysis of the economics of protecting cyberspace. “Cyberspace, or the nation’s information technology infrastructure, is the nervous system of the country,” said Michael Gallaher, Ph.D., director of the Technology, Energy, and the Environment Group at Research Triangle Park, North Carolina-based RTI International. “It links our nation’s critical infrastructures across public and private institutions in sectors ranging from food and agriculture, water supply and public health, to energy, transportation and financial services.” The new book is written by Gallaher; Albert Link, Ph.D., a professor of economics at the University of North Carolina at Greensboro; and Brent Rowe, a research economist at RTI.

The book explores private sector cyber security investment decisions and implementation strategies, public policy efforts to ensure overall security, and the government’s role in the process. According to the National Science and Technology Council, “safeguarding the nation’s IT infrastructure and critical infrastructure sectors for the future is a matter of national and homeland security.” The authors draw on case studies and survey data to describe and critique the economic strategies and broad technical approaches that private sector organizations have adopted to secure their information technology infrastructure. Based on their analysis, the authors suggest policy changes the government should make to help organizations in their efforts to protect cyberspace. Those recommendations include helping to fund the collection, analysis and dissemination of both reliable and cost-effective information related to cyber security for benchmarking purposes and providing guidelines for evaluating the effectiveness and efficiency of potential cyber security solutions.

The authors also suggest the government underwrite a share of the research and implementation costs for organizations that are pilot testing new innovations. In addition, the government should investigate mechanisms that redistribute the costs associated with a security breach to better provide incentives for individual organizations to enhance their cyber security. For example, the government could mandate that Internet service providers provide security to their customers as part of their service offerings. The book is written for private and public sector managers and strategists involved in cyber security, as well as academics and researchers in the fields of economics, management, information systems, systems engineering, political science and public policy.

Cyber Security, published by Edward Elgar Publishing.