Abstract

  
 

Footnotes (384)



 


 



Regulating Cybersecurity


Nathan Alexander Sales


George Mason University School of Law
April 5, 2012

Northwestern University Law Review, Forthcoming
George Mason Law & Economics Research Paper No. 12-35

Abstract:     
The conventional wisdom is that this country’s privately owned critical infrastructure – banks, telecommunications networks, the power grid, and so on – is vulnerable to catastrophic cyberattacks. The existing academic literature does not adequately grapple with this problem, however, because it conceives of cybersecurity in unduly narrow terms: Most scholars understand cyberattacks as a problem of either the criminal law or the law of armed conflict. Cybersecurity scholarship need not run in such established channels. This article argues that, rather than thinking of private companies merely as potential victims of cyber crimes or as possible targets in cyber conflicts, we should think of them in administrative law terms. Firms that operate critical infrastructure tend to underinvest in cyberdefense because of problems associated with negative externalities, positive externalities, free riding, and public goods – the same sorts of challenges the modern administrative state faces in fields like environmental law, antitrust law, products liability law, and public health law. These disciplines do not just yield a richer analytical framework for thinking about cybersecurity; they also expand the range of possible responses. Understanding the problem in regulatory terms allows us to adapt various regulatory solutions for the cybersecurity context, such as monitoring and surveillance to detect malicious code, hardening vulnerable targets, and building resilient and recoverable systems. In short, an entirely new conceptual approach to cybersecurity is needed.

Number of Pages in PDF File: 58

Keywords: al Qaeda, biosurveillance, Bliley, Bruce Smith, China, Christopher Coyne, Estonia, Gramm, hackers, hackbacks, high frequency, intrusion, LOAC, Leach, low severity, military, Richard Clarke, Peter Leeson, RSA, Russia, SCADA, Soviet Union, Tallinn, United Nations Charter, virus, vulnerabilities, worm

JEL Classification: G28, H56, K14, K21, K23, K32, K42, L96, N40

Accepted Paper Series


Download This Paper

Date posted: April 5, 2012  

Suggested Citation

Sales, Nathan Alexander, Regulating Cybersecurity (April 5, 2012). Northwestern University Law Review, Forthcoming; George Mason Law & Economics Research Paper No. 12-35. Available at SSRN: http://ssrn.com/abstract=2035069

Contact Information

Nathan Alexander Sales (Contact Author)
George Mason University School of Law ( email )
3301 Fairfax Drive
Arlington, VA 22201
United States
(703) 993-4420 (Phone)

George Mason Law School Logo

Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 682
Downloads: 153
Download Rank: 96,090
Footnotes:  384

© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright
This page was processed by apollo4 in 0.547 seconds