Vous êtes sur la page 1sur 5
Roles and Responsibilites •   The private sector owns 95% of the cyber infrastructure •

Roles and Responsibilites

The private sector owns 95% of the cyber infrastructure • Government must “provide for the common defense” • The private sector leagly obligated to maximize shareholder value • Economics must be at the core of the public private partnership • Pub Policy is largely ignoring economics

CURRENT ECONOMIC INCENTIVES FAVOR ATTACKERS •   Attacks are cheap and easy •   Profits

CURRENT ECONOMIC INCENTIVES FAVOR ATTACKERS

Attacks are cheap and easy

Profits from attacks are enormous • You won’t get caught--successful prosecution is less than 1% • On the other hand . • Defense is a generation behind the attacker • The preimter that must be defended is infinate • Even if there is ROI its hard to show the value of an attack you prevented

Risk Tolerance is Different for Public and Private Sectors •   Industry will tolerate risk

Risk Tolerance is Different for Public and Private Sectors

Industry will tolerate risk on a cost--- benefit basis (retailers know a % of their invantory walks out the back door every month ---but tolerate it if security is more costly • Government cannot tolerate as much risk • To make up the “gap” between pub and private sectors we need to use incentives

Regulation is not the answer •   Compliance (not security) already eats up much of

Regulation is not the answer

Compliance (not security) already eats up much of the “security” budget • Specific Regs can’t keep up with attacks • Vague regs show no effect • Regs increase costs uniquely for American companies • Regs can be counter productive ‘ceilings” (Campaign Finance)

Insurance •   Is traditionally used to promote pro-social behavior in health & safety •

Insurance

Is traditionally used to promote pro-social behavior in health & safety • Cyber insurance:

--- could create and maintain standards of practice much faster than regulators ----provide an ongoing private sector funded evaluation system ----provide a market incentive for vol adoption of best practices & services