Managing Externalities of Internet Security with Scoring Rules
25 Pages Posted: 14 Nov 2018
Date Written: September 1, 2018
Abstract
Internet security is a major challenge in fulfilling the Internet's productivity potential. Without a secure Internet environment, individuals and organizations may not be able to efficiently connect through the Internet and could even refuse to connect due to security concerns. However, issues of incentive in Internet security have not been carefully considered. The incentive of the agent who designs and invests in a security system may not be fully aligned with social efficiency because such an investment would exert positive externalities on society and such a misalignment would generally lead to underinvestment. A challenge of addressing such externalities is information asymmetry, where the investment in the security systems and their potential failure is privately known by the agents who design or invest in these systems but not publicly revealed. We propose a mechanism for the agents to credibly communicate their security levels. We introduce a third party to whom the agents can report their beliefs on their systems' possibility of potential failure. The third party scores the agents based on their reports and the ex post observations of the security performance of their systems. These scores will influence the agents' payoff and thus provide them with additional incentives. We use a network contagion model with endogenous network formation as a benchmark to show how our mechanism can incentivize agents to both invest more in security and gain trust in each other's security and then make connections that create value.
Keywords: Internet security, externalities, scoring rules
Suggested Citation: Suggested Citation