tailieunhanh - Cyber Insurance as an Incentive for Internet Security
Citing failures of the crop insurance program to attract adequate participation at sufficiently high coverage levels, Congress has passed two crop insurance reform bills since 1980, in 1994 and 2000, that have increased the scope of the program and the size of government costs. The Agricultural Risk Protection Act of 2000 provides $ billion in subsidies over five years to encourage the purchase of federal crop insurance. Projected annual costs of the program under this legislation are estimated at $3 billion, almost double the annual costs under the previous program and a ten-fold increase over spending levels of the early 1980s. As the costs of the program have grown, criticisms have arisen that the high. | Cyber Insurance as an Incentive for Internet Security Jean Bolot Sprint California USA bolot@sprint. com Marc Lelarge INRIA-ENS Paris France Abstract Managing security risks in the Internet has so far mostly involved methods to reduce the risks and the severity of the damages. Those methods such as firewalls intrusion detection and prevention etc reduce but do not eliminate risk and the question remains on how to handle the residual risk. In this paper we consider the problem of whether buying insurance to protect the Internet and its users from security risks makes sense and if so of identifying specific benefits of insurance and designing appropriate insurance policies. Using insurance in the Internet raises several questions because entities in the Internet face correlated risks which means that insurance claims will likely be correlated making those entities less attractive to insurance companies. Furthermore risks are interdependent meaning that the decision by an entity to invest in security and self-protect affects the risk faced by others. We analyze the impact of these externalities on the security investments of the users using simple models that combine recent ideas from risk theory and network modeling. Our key result is that using insurance would increase the security in the Internet. Specifically we show that the adoption of security investments follows a threshold or tipping point dynamics and that insurance is a powerful incentive mechanism which pushes entities over the threshold into a desirable state where they invest in self-protection. Given its many benefits we argue that insurance should become an important component of risk management in the Internet and discuss its impact on Internet mechanisms and architecture. presented at WEIS 20081 Seventh Workshop on the Economics of Information Security Hanover NH USA June 25-28 2008. Shortened version presented at INFOCOM 08 mini-Conference 5 . 1 Introduction The Internet has .
đang nạp các trang xem trước