Availability's Law

47 Pages Posted: 13 Apr 2020 Last revised: 23 Sep 2021

See all articles by Ido Kilovaty

Ido Kilovaty

University of Arkansas - School of Law; Yale University - Law School

Date Written: April 4, 2020


Cybersecurity incidents affecting the availability of computers, networks, and data are on the rise. Distributed denial-of-service and ransomware attacks can bring down critical systems and databases, making them unavailable when most needed, potentially affecting every individual, industry, sector, and branch of government. This Article critically evaluates cybersecurity law’s gap in addressing the growing threat of availability attacks to information technology systems. While cybersecurity law is defined as the legal framework that “promotes the confidentiality, integrity, and availability of public and private information, systems, and networks . . . .”, this Article argues that cybersecurity law is overwhelmingly concerned with confidentiality and integrity, often to the exclusion of availability. This Article offers a theory as to why availability is so often ignored by cybersecurity law, and why it should not be. This Article also acknowledges that while cybersecurity law at present is unsatisfactory, certain regulatory and market-based solutions can alleviate the risks arising from availability threats that are currently not covered by the law

Keywords: cybersecurity law, availability attacks, distributed denial of service, ransomware

Suggested Citation

Kilovaty, Ido, Availability's Law (April 4, 2020). Tennessee Law Review, Vol. 88, 2020, Available at SSRN: https://ssrn.com/abstract=3568790

Ido Kilovaty (Contact Author)

University of Arkansas - School of Law ( email )

260 Waterman Hall
Fayetteville, AR 72701
United States

Yale University - Law School ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics