Protecting national critical infrastructure assets from cyber incidents is an important challenge. One facet of this challenge is that the vast majority of the owners and operators of critical infrastructure components are public or private companies. This paper examines the threats faced by for-profit critical infrastructure entities, the incentives and drivers that influence investment in cyber security measures, and how policy initiatives might influence cyber preparedness in critical infrastructure entities.
Keywords: Information security, economic incentives, government policy
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
G. Bush, Executive Order on Critical Infrastructure Protection, The White House, Washington, DC (www. whitehouse. gov/news/releases/2001/ 10/20011016-12. html), October 16, 2001.
R. Dacey, Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems, Report GAO-04-628T, U. S. General Accounting Office, Washington, DC, 2004.
S. Dynes, Information security and health care -A field study of a hospital after a worm event (mba. tuck. dartmouth. edu/digital/Research/Research Projects/InfoSecHealthCare. pdf ), 2006.
S. Dynes, E. Andrijcic and M. Johnson, Costs to the U. S. economy of infor- mation infrastructure failures: Estimates from field studies and economic data, presented at the Fifth Workshop on the Economics of Information Security, 2006.
S. Dynes, H. Brechbühl and M. Johnson, Information security in the ex- tended enterprise: Some initial results from a field study of an industrial firm, presented at the Fourth Workshop on the Economics of Information Security, 2005.
B. Gellman, Cyber-attacks by al Qaeda feared, The Washington Post, June 27, 2002.
L. Gordon and M. Loeb, The economics of information security investment, ACM Transactions on Information and System Security, vol. 5(4), pp. 438- 457, 2002.
J. Lewis (Ed. ), Cyber Security: Turning National Solutions into Interna- tional Cooperation, CSIS Press, Washington, DC, 2003.
L. Loeb, CardSystems solution becomes a cautionary tale, eWeek, July 21, 2005.
National Infrastructure Advisory Council (www. dhs. gov/xprevprot/committees/editorial 0353. shtm).
National Infrastructure Advisory Council, The National Strategy to Secure Cyberspace, The White House, Washington, DC (www. whitehouse. gov/pcipb/cyberspace strategy. pdf ), 2003.
Public Broadcasting Service, PBS Frontline: Hackers (www.pbs. org/wgbh/pages/frontline/shows/hackers), 2001.
J. Watters, Analyzing corporate risks with RiskMAP, presented at the Second I3P Process Control Systems Workshop, 2006.
Wikipedia, Sutton’s Law (en. wikipedia. org/w/index. php?title=Sutton%27s law&oldid=119669553).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Dynes, S., Goetz, E., Freeman, M. (2008). Cyber Security: Are Economic Incentives Adequate?. In: Goetz, E., Shenoi, S. (eds) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-75462-8_2
Download citation
DOI: https://doi.org/10.1007/978-0-387-75462-8_2
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-75461-1
Online ISBN: 978-0-387-75462-8
eBook Packages: Computer ScienceComputer Science (R0)