Managing Externalities of Internet Security with Scoring Rules

25 Pages Posted: 14 Nov 2018

See all articles by Xiaofan Li

Xiaofan Li

University of Texas at Austin - Department of Information, Risk and Operations Management

Andrew B. Whinston

University of Texas at Austin - Department of Information, Risk and Operations Management

Date Written: September 1, 2018

Abstract

Internet security is a major challenge in fulfilling the Internet's productivity potential. Without a secure Internet environment, individuals and organizations may not be able to efficiently connect through the Internet and could even refuse to connect due to security concerns. However, issues of incentive in Internet security have not been carefully considered. The incentive of the agent who designs and invests in a security system may not be fully aligned with social efficiency because such an investment would exert positive externalities on society and such a misalignment would generally lead to underinvestment. A challenge of addressing such externalities is information asymmetry, where the investment in the security systems and their potential failure is privately known by the agents who design or invest in these systems but not publicly revealed. We propose a mechanism for the agents to credibly communicate their security levels. We introduce a third party to whom the agents can report their beliefs on their systems' possibility of potential failure. The third party scores the agents based on their reports and the ex post observations of the security performance of their systems. These scores will influence the agents' payoff and thus provide them with additional incentives. We use a network contagion model with endogenous network formation as a benchmark to show how our mechanism can incentivize agents to both invest more in security and gain trust in each other's security and then make connections that create value.

Keywords: Internet security, externalities, scoring rules

Suggested Citation

Li, Xiaofan and Whinston, Andrew B., Managing Externalities of Internet Security with Scoring Rules (September 1, 2018). Available at SSRN: https://ssrn.com/abstract=3271317 or http://dx.doi.org/10.2139/ssrn.3271317

Xiaofan Li (Contact Author)

University of Texas at Austin - Department of Information, Risk and Operations Management ( email )

CBA 5.202
Austin, TX 78712
United States

Andrew B. Whinston

University of Texas at Austin - Department of Information, Risk and Operations Management ( email )

CBA 5.202
Austin, TX 78712
United States
512-471-8879 (Phone)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
82
Abstract Views
668
Rank
598,558
PlumX Metrics