Critical information infrastructure protection is the subject “du jour.” An important part to addressing the issue is to answer the question whether the private sector or the government should be responsible for protection. The choice of governing arrangement – government provision, private provision or any combination thereof – is essential to ensuring an adequate level of security. This paper discusses how the market for critical information infrastructure protection may be susceptible to various market failures, namely public goods, externalities and information deficits. The presence of these market failures suggests that government intervention in the market is necessary. While this paper does not present a specific regulatory model or a set of regulatory tools to address these market failures, it asserts that understanding the market failures inherent in critical information infrastructure protection is a key element to designing a successful regulatory policy. Failure to understand and acknowledge the reasons for the inability of the private sector to provide adequate protection can impact a nation-state’s security and render it vulnerable to attack.
Keywords: Critical information infrastructure protection, cyber security, market failures, government regulation
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
G. Akerlof, The market for “lemons:” Quality, uncertainty and the market mechanism, The Quarterly Journal of Economics, vol. 84(3), pp. 488-500, 1970.
P. Auerswald, L. Branscomb, T. La Porte and E. Michel-Kerian (Eds. ), Seeds of Disaster, Roots of Response: How Private Action Can Reduce Public Vulnerability, Cambridge University Press, New York, 2006.
A. Aviram and A. Tor, Overcoming impediments to information sharing, Alabama Law Review, vol. 55(2), p. 231, 2004.
L. Branscomb and E. Michel-Kerjan, Public-private collaboration on a national and international scale, in Seeds of Disaster, Roots of Re- sponse: How Private Action Can Reduce Public Vulnerability, P. Auer- swald, L. Branscomb, T. La Porte and E. Michel-Kerjan (Eds. ), Cambridge University Press, New York, pp. 395-403, 2006.
L. Camp and C. Wolfram, Pricing security, in Economics of Information Security, L. Camp and S. Lewis (Eds. ), Kluwer, Boston, Massachusetts, pp. 17-34, 2004.
R. Coase, The problem of social cost, Journal of Law and Economics, vol. 3, pp. 1-44, 1960.
C. Coyne and P. Leeson, Who protects cyberspace? Journal of Law, Eco- nomics and Policy, vol. 1(2), pp. 473-495, 2006.
B. Crowell, Too many secrets: Overclassification as a barrier to critical information sharing, Testimony to the Markle Taskforce on National Security in the Information Age, Subcommittee on National Security, Emerging Threats and International Relations, House Committee on Government Reform, U. S. House of Representatives, Washington, DC (www.fas. org/sgp/congress/2004/082404crowell. html), August 24, 2004.
N. Elkin-Koren and E. Salzberger, Law, Economics and Cyberspace, Edward Elgar, Cheltenham, United Kingdom, 2004.
H. Kunreuther and G. Heal, Interdependent security, Journal of Risk and Uncertainty, vol. 26(2/3), pp. 231-249, 2003.
R. Mandel, The Changing Face of National Security: A Conceptual Analysis, Greenwood Press, Westport, Connecticut, 1994.
P. McNutt, Public goods and club goods, in Encyclopedia of Law and Economics, Volume I -The History and Methodology of Law and Economics, B. Bouckaert and G. de Geest (Eds. ), Edward Elgar, Cheltenham, United Kingdom, pp. 927-951, 2000.
A. Ogus, Regulation: Legal Form and Economic Theory, Clarendon Press, London, United Kingdom, 1994.
B. Powell, Is cyber security a public good? Evidence from the financial services industry, Journal of Law, Economics and Policy, vol. 1(2), pp. 497-510, 2005.
S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11-25, 2001.
P. Samuelson, The pure theory of public expenditure, The Review of Economics and Statistics, vol. 36(4), pp. 387-389, 1954.
B. Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley, New York, 2000.
A. Smith, The Wealth of Nations, Bantam Classics, New York, 2003.
M. Trebilcock and E. Iacobucci, Privatization and accountability, Harvard Law Review, vol. 116(5), pp. 1422-1453, 2003.
U. S. -Canada Power System Outage Task Force, Final Report on the August 14, 2003 Blackout in the United States and Canada: Causes and Recommendations, U. S. Department of Energy, Washington, DC (reports. energy. gov/BlackoutFinal-Web. pdf ), 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Assaf, D. (2008). Government Intervention in Information Infrastructure Protection. In: Goetz, E., Shenoi, S. (eds) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-75462-8_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-75462-8_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-75461-1
Online ISBN: 978-0-387-75462-8
eBook Packages: Computer ScienceComputer Science (R0)