50 Pages Posted: 13 Apr 2020
Date Written: April 4, 2020
Cybersecurity incidents affecting the availability of computers, networks, and data are on the rise. Distributed Denial-of-Service and ransomware attacks can bring down critical systems and databases, making them unavailable when most needed, potentially affecting every individual, industry, sector, and branch of government. This Article critically evaluates cybersecurity law’s gap in addressing the growing threat of availability attacks to information technology systems. While cybersecurity law is defined as the legal framework that “promotes the confidentiality, integrity, and availability of public and private information, systems, and networks…”, this Article argues that cybersecurity law is overwhelmingly concerned with confidentiality and integrity, often to the exclusion of availability. This Article offers a theory as to why availability is so often ignored by cybersecurity law, and why it should not be. This Article also acknowledges that while cybersecurity law at present is unsatisfactory, certain regulatory and market-based solutions can alleviate the risks arising from availability threats that are currently not covered by the law.
Keywords: cybersecurity law, availability attacks, distributed denial of service, ransomware
Suggested Citation: Suggested Citation