The Law and Economics of Cybersecurity
Edited by Mark F. Grady and Francesco Parisi Cambridge University Press ISBN 0-521-85527-6 320 pages $75 http://www.cambridge.org/catalogue/catalogue.asp?isbn=0521855276
The book contains the following eight very thoughtful papers about computer security in a networked environment. And let’s face it. if you are connected to the Internet, you’re in a networked environment.
1. Private versus social incentives in cybersecurity, law and economics Bruce K. Kobayashi
2. A model for when disclosure helps security: what is different about computer and network security? by Peter Swire
3. Peer production of survivable critical infrastructures by Yochai Benkler
4. Cyber security: of heterogeneity and autarchy by Randal C. Picker
5. Network responses to network threats: the evolution into private cyber-security associations by Amitai Aviram
6. The dark side of private ordering for cybersecurity by Neal K. Katyal
7. Holding Internet Service Providers accountable, Doug Lichtman and Eric P. Posner
8. Global cyberterrorism, jurisdiction, and international organization by Joel T. Trachtman.
Not one of the papers offers the solution, but, rather, engages the reader in some very thought provoking exercises and what might work depending upon the different environments and the users’ different incentives. For example the type of security features, even the choice between open sources and proprietary security features, can very much depend upon the environment in which you operate. For example, most of us out surfing the Web have found that known suppliers and methods of protecting ourselves against mischief has been the best way. Why? It is tried, tested, and fixed as a result of the shear volume of security breach attempts, past success, and re- engineered defense after a method of breaching the security has been found. However, operating in a military environment, this manner of testing your security and sharing with the world your success and failures may not be as prudent. Based upon the user’s environment, the papers dissect in economic terms tradeoffs in security, regulation, and punishment to deal with the complex issues of choosing an optimal collection of models for private and public sector applications and environments.
There are two shortcomings to the book. One regrettable feature is the manner in which several of the papers deal with crime. We, having worked against criminals, studied criminals, and spent way too much time with criminals. Our empirical knowledge tells us that the lens or filter used to deal with the economics of criminal behavior over the internet is naive. The second shortcoming, which we hope the editors will contemplate (we are encouraging this) is the need for a shorter edition of the book in layman’s terms. While the editors of ÆGIS are collectively well versed in programming, math, models, and econometrics, the book reviewed presents sufficiently relevant information that it should be shared with those less conversant.
Valuable information? Yes. Worth the $75.00? Yes.