Download this Paper Open PDF in Browser

Curbing the Market for Cyber Weapons

28 Pages Posted: 10 Dec 2013 Last revised: 3 Jul 2014

Paul Stockton

Sonecon, LLC

Michele Golabek-Goldman

Yale University - Law School; Harvard University - Harvard Kennedy School (HKS)

Date Written: December 18, 2013


The United States and its international partners are permitting an unregulated, global market for cyber weapons to flourish. Weaponized zero-day ("Øday") exploits to attack the control systems for the power grid and other critical infrastructure components are on sale to criminals, terrorists, and rogue nations. Policymakers have begun to recognize the imperative to curb this market. There is no consensus, however, on the measures needed to do so.

We propose three initial steps to begin curbing the market for weaponized Øday exploits. First, the United States should incentivize developers of critical infrastructure industrial control systems and applications layer software to minimize security flaws in their products. The Support Anti-Terrorism by Fostering Effective Technologies Act provides an especially promising means to strengthen these incentives and should be amended to authorize such software developers to apply for liability coverage under the Act. Second, through the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, the United States and its international partners should establish uniform controls of dangerous Øday exploit sales targeting critical infrastructure. Third, the United States should amend the Computer Fraud and Abuse Act to strengthen its ability to prosecute researchers located both domestically and abroad who recklessly sell dangerous exploits targeting critical infrastructure to America’s adversaries.

Keywords: zero-day exploit, cyber weapon, cyberattack, software, liability, Safety Act, prosecution, export controls, Wassenaar Arrangement, cyberspace, cyberterrorism, CFAA

Suggested Citation

Stockton, Paul and Golabek-Goldman, Michele, Curbing the Market for Cyber Weapons (December 18, 2013). Yale Law & Policy Review, Forthcoming. Available at SSRN:

Paul Stockton (Contact Author)

Sonecon, LLC ( email )

633 Pennsylvania Avenue, NW
Suite 600
Washington, DC 20004
United States

Michele Golabek-Goldman

Yale University - Law School ( email )

127 Wall St.
New Haven, CT 06511
United States

Harvard University - Harvard Kennedy School (HKS) ( email )

79 John F. Kennedy Street
Cambridge, MA 02138
United States

Paper statistics

Abstract Views