This proposal provides support for the 2013 Workshop on the Economics of Information Security (WEIS) and a one-day follow-on workshop. WEIS fosters cross-disciplinary, cross-sector (i.e., academia, industry, nonprofit, and government), and cross-national discussion on information security. The focus on the economics of information security was chosen not only because of its intrinsic importance, but also because of its basis for bringing together social, computer, and information scientists and engineers to share knowledge, information and methods from their respective domains. WEIS covers issues that are core to the NSF's Secure and Trustworthy Cyberspace (SaTC) program, and spans both the Computer and Information Science and Engineering (CISE) and Social, Behavioral and Economic Sciences (SBE) Directorates within the Foundation. The one-day follow-on workshop focuses on incentive-related issues to cybersecurity.
Funds for this grant are from NSF for student travel support, and via inter-agency transfer from DHS Science & Technology for sponsorship of the follow-on workshop.
The 12th Workshop on the Economics of Information Security (WEIS), the leading forum for interdisciplinary scholarship on information security combining expertise from the fields of economics, social science, business, law, policy and computer science, was held at Georgetown University on June 11-12, 2013. The workshop provided the opportunity to build on past efforts using empirical and analytic tools to not only understand threats, but strengthen security and privacy through novel evaluations of available solutions. WEIS focuses on advancing knowledge and understanding both within represented fields (e.g., computer science, engineering, information science, economics, etc.) and across fields, especially computer science and economics. The workshop's interdisciplinary content allows for a richer consideration of information security than is often the case at purely technical workshops or conferences. The science and technology context, as well as issues relating to their use, are central concerns. WEIS conferences are held annually in different international venues. These annual conferences help delineate the important issues/perspectives of participants from multiple fields, enrich the level of discussion, and improve the quality of subsequent research that is published in peer-reviewed journals. The differing locations facilitate engagement of different expert communities by varying the participant mix according to expertise, local experience, and sector. The 2013 workshop's location in Washington, DC allowed for a unique opportunity to engage with public policymakers. During the 2013 workshop, student attendance was greatly encouraged in order to ensure the participation of the next generation of scholars. Roughly 20 junior-level academics (PhD students, researchers, and post-doctoral researchers) were in attendance for the workshop. During the proceedings, several PhD candidates participated as panel discussion presenters and keynote speakers. In their roles as panel members, junior academics were given the opportunity to have research that they have participated in reviewed by senior academics. The 2013 workshop was extended by one conference day to deepen considerations of economic incentives related to information security. This additional conference day was used to discuss the incentives and regulation of cybersecurity and the challenges that would come along with cybersecurity public policy. The additional day featured representatives from the Departments of Homeland Security, Treasury, and Commerce, academics from New York University, Southern Methodist University, Indiana University, Georgetown University, the University of Baltimore County, Delft University of Technology, and representatives from organizations and companies such as AT&T, Alion Science and Technology Corporation, the Internet Security Alliance, the Utilities Telecom Council, the North American Electric Reliability Corporation, and Energy Sector Security Consortium.
