This award supports two workshops: the Workshop on Economics of Information Security (WEIS) and the Workshop on Cybersecurity Incentives (WOCI), to be held consecutively at George Mason University. These workshops will facilitate better understanding of how economic factors affect the deployment and use of technical cybersecurity measures and how incentives of various kinds might be influence improvements in the security of cyberinfrastructure.
This award supported two workshops on cyber security incentives and economics held at George Mason University from June 14-16, 2011: The Workshop on the Economics of Information Security (WEIS) and the Workshop on Cybersecurity Incentives (WoCI). NSF support of these projects helped contribute to collaboration of a diverse multi-disciplinary group of individuals drawing from academia the private and public sector and included international participants. Some of the disciplines who provided input during these workshops include computer science, engineering, economics, behavior science, organizational theory, legal theory and public policy. WEIS continued in its tradition as a forum for interdisciplinary scholarship on information security, while WoCI addressed addressed the use of incentives--past, present and future--to help balance the need for security against goals of cyberspace such as efficiency, innovation, privacy and other societal values WEIS papers and presentations are available at: http://weis2011.econinfosec.org/program.html, with the main page available at: http://weis2011.econinfosec.org/. WoCI presentations are available at: http://cip.gmu.edu/program.html, with the main page located at: http://cip.gmu.edu/woci2011.html. The research presented at WoCI was collected and utilized to create a white paper which is available at: http://cip.gmu.edu/archives/WOCI%20White%20Paper%20Draft%201-23-2012%20V2%20(Distributed%20for%20Edits).pdf The presentations and papers shown at WEIS addressed numerous topics including: the effect of disclosure on propagation of attacks a look at the economy of fake antivirus software liability issues in networked environments, and numerous presentations on the incentives of information security The presenters at WOCI 2011 noted the following impediments to improving cyber security: misaligned incentives lack of liability unavailability of metrics, and inadequate standards Some of these deficiencies arise from business practices, such as the standard software agreements that limit liability, while others arise from properties such as a very strong network effect which are inherent to the field itself. The solutions posed by presenters attempted to solve these issues through government intervention and private sector action. The issues that are inherent to the field may require governmental taxation or regulation to fill the void in security provision the private sector is unable to provide. Many of the solutions can be implemented by individuals firms, for example by placing responsibility for cyber security in different divisions, while others will require intra-industry coordination in order to develop things like useful metrics and standards. For any questions regarding the Workshop, please visit cip.gmu.edu
