With the continuing growth of the use of the Internet for business purposes, the consequences of a possible cyber attack that could create a large scale outage of long time duration is an increasingly important economic issue. In 2003, the President's National Strategy to Secure Cyberspace stated that government action is warranted where alleged "market failures result in underinvestment in cyber security". However, there is scant empirical evidence and/or theoretical support for such "market failure". While there exists a large body of technical literature on cyber security, research on the economics of cyber security is still in its very early stages.
This project contributes to a better understanding of the economics of Internet security through a combination of theoretical and empirical research efforts. First, the economic motivations for investment in added Internet security by Internet Service Providers (ISPs) are analyzed using game theoretic models. Customer's sensitivity to quality of service and depreciation of investments in added security play key roles in determining the ISPs' investment incentives. However, these incentives may not be perfectly aligned with the social value (derived from Internet usage) at stake during a cyber attack. Empirical research is undertaken to estimate to what extent private incentives for investment may lead to a situation of underinvestment in cyber security.
The results of this research project will have a broader impact in informing the process of regulatory policy-making towards securing cyberspace. In addition, the interplay between the economic and technological issues associated with the provision of Internet will be the subject of a number of educational initiatives both at graduate and undergraduate levels. These include: a graduate seminar on cyber security, new material for existing courses in E-commerce and the economics of engineering systems and "Capstone" projects (senior theses). The research findings will be reported in the project web site (www.people.virginia.edu/~ag7s/economics_of_internet_security.htm
