Understanding the Importance of Proper Incentives for Critical Infrastructures Management – How System Dynamics Can Help

Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 501)

Abstract

Computer and information systems are now at the core of numerous critical infrastructures. However, their security management is by far not a trivial issue. Further, these systems, by their very nature, belong to the domain of complex systems, where system dynamics (SD) is an established method, which aims at modelling such systems, their analysis and understanding. Further, on this basis it enables simulation of various policies to properly manage complex systems. More precisely, through understanding of the basic elements of the whole mosaic and their interplay, proper incentives can be tested. And this is important, because proper incentives can lead to the desired patterns of behavior of such systems, which may often be counter-intuitive. Therefore this paper presents a novel approach by using SD for managing critical infrastructures (more precisely the internet) when it comes to security related incentives. Based on already developed archetypes it provides a template model that bridges these conceptual models with concrete models that are suited to particular environments, and enable quantitative simulations.

Keywords

Critical infrastructures Policies Management Modeling and simulation 

References

  1. 1.
    Bastable, J., Mason, A., Allan, T.: Great Secrets of History. The Reader’s Digest Assoc., London (2012)Google Scholar
  2. 2.
    Horowitz, A.: New Orlean’s new flood maps: an outline for disaster. The New York Times, Opinion Today, 1 June 2016Google Scholar
  3. 3.
    Anderson, R.: Security Engineering. John Wiley and Sons, New York (2001)Google Scholar
  4. 4.
    Anderson, R.: Why information security is hard? An economic perspective. In: Proceedings of the 17th Computer Security Applications Conference, ASAC 2001, IEEE (2001)Google Scholar
  5. 5.
    Anderson, R.: The economics of information security. Science 314(AAA), 610–613 (2006)CrossRefGoogle Scholar
  6. 6.
    Anderson, R.: Information security: where computer science, economics and psychology meet. Philos. Trans. Royal Soc. 367, 2717–2727 (2009)CrossRefGoogle Scholar
  7. 7.
    Moore, T.: The economics of cybersecurity: principles and policy options. Int. J. Critical Infrastruct. Prot. 2, 103–117 (2010). ElsevierCrossRefGoogle Scholar
  8. 8.
    Akerlof, G.: The market for lemons: qualitative uncertainty and the market mechanism. Quart. J. Econ. 84(3), 488–500 (1970)CrossRefGoogle Scholar
  9. 9.
    MITRE Corp.: Making Security Measurable, https://makingsecuritymeasurable.mitre.org/. Accessed 6th May 2016
  10. 10.
    Gonzalez, J.J., Trček, D.: Proper incentives for proper IT security management - a system dynamics approach, HICSS 2017, Hawai (2017)Google Scholar
  11. 11.
    Arief, B., Bin Adzmi, M.A., Gross, T.: Understanding cybersecurity from its stakeholders’ perspective. Secur. Priv. 15(1), 71–76 (2015). IEEECrossRefGoogle Scholar
  12. 12.
    Arief, B., Bin Adzmi, M.A., Gross, T.: Understanding cybersecurity from its stakeholders’ perspective - defenses and victims. Secur. Priv. 15(1), 84–88 (2015). IEEECrossRefGoogle Scholar
  13. 13.
    Trček, D., Trobec, R., Pavešič, N., Tasič, J.: Information systems security and human behavior. Behav. Inf. Technol. 26(2), 113–118 (2007). Taylor FrancisCrossRefGoogle Scholar
  14. 14.
    Senge, P.: The Fifth Discipline. Doubleday, New York (1990)Google Scholar
  15. 15.
    Wolstenholme, E.F.: Towards the definition and use of a core set of archetypal structures in system dynamics. Syst. Dyn. Rev. 19(7), 7–26 (2003)CrossRefGoogle Scholar
  16. 16.
    Sterman, J.: Business Dynamics. McGraw-Hill, New York (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.Laboratory of e-media, Faculty of Computer and Information ScienceUniversity of LjubljanaLjubljanaSlovenia
  2. 2.Centre for Integrated Emergency Management, University of AgderGrimstadNorway

Personalised recommendations