Abstract

http://ssrn.com/abstract=2232471
 


 



Ghost in the Network


Derek E. Bambauer


University of Arizona - James E. Rogers College of Law

March 12, 2013

University of Pennsylvania Law Review, Vol. 162, 2014
Arizona Legal Studies Discussion Paper No. 13-16

Abstract:     
Cyberattacks are inevitable and widespread. Existing scholarship on cyberespionage and cyberwar is undermined by its futile obsession with preventing attacks. This Article draws on research in normal accident theory and complex system design to argue that successful attacks are unavoidable. Cybersecurity must focus on mitigating breaches rather than preventing them. First, the Article analyzes cybersecurity’s market failures and information asymmetries. It argues that these economic and structural factors necessitate greater regulation, particularly given the abject failures of alternative approaches. Second, the Article divides cyber-threats into two categories: known and unknown. To reduce the impact of known threats with identified fixes, the federal government should combine funding and legal mandates to push firms to redesign their computer systems. Redesign should follow two principles: disaggregation, dispersing data across many locations; and heterogeneity, running those disaggregated components on variegated software and hardware. For unknown threats -- “zero-day” attacks -- regulation should seek to increase the government’s access to markets for these exploits. Regulation cannot exorcise the ghost in the network, but it can contain the damage it causes.

Number of Pages in PDF File: 75

Keywords: cyberwar, hacking, espionage, Internet, cybersecurity, zero day, bug, vulnerability, breach, threat, software, cyberlaw, attack

Accepted Paper Series





Download This Paper

Date posted: March 13, 2013 ; Last revised: April 24, 2013

Suggested Citation

Bambauer, Derek E., Ghost in the Network (March 12, 2013). University of Pennsylvania Law Review, Vol. 162, 2014; Arizona Legal Studies Discussion Paper No. 13-16. Available at SSRN: http://ssrn.com/abstract=2232471

Contact Information

Derek E. Bambauer (Contact Author)
University of Arizona - James E. Rogers College of Law ( email )
P.O. Box 210176
Tucson, AZ 85721-0176
United States
Feedback to SSRN


Paper statistics
Abstract Views: 1,266
Downloads: 307
Download Rank: 57,829

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo6 in 0.360 seconds