Government Intervention in Information Infrastructure Protection

  • Dan Assaf
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

Critical information infrastructure protection is the subject “du jour.” An important part to addressing the issue is to answer the question whether the private sector or the government should be responsible for protection. The choice of governing arrangement – government provision, private provision or any combination thereof – is essential to ensuring an adequate level of security. This paper discusses how the market for critical information infrastructure protection may be susceptible to various market failures, namely public goods, externalities and information deficits. The presence of these market failures suggests that government intervention in the market is necessary. While this paper does not present a specific regulatory model or a set of regulatory tools to address these market failures, it asserts that understanding the market failures inherent in critical information infrastructure protection is a key element to designing a successful regulatory policy. Failure to understand and acknowledge the reasons for the inability of the private sector to provide adequate protection can impact a nation-state’s security and render it vulnerable to attack.

Keywords: Critical information infrastructure protection, cyber security, market failures, government regulation


Private Sector Public Good National Security Market Failure Critical Infrastructure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    G. Akerlof, The market for “lemons:” Quality, uncertainty and the market mechanism, The Quarterly Journal of Economics, vol. 84(3), pp. 488-500, 1970.CrossRefGoogle Scholar
  2. [2]
    P. Auerswald, L. Branscomb, T. La Porte and E. Michel-Kerian (Eds. ), Seeds of Disaster, Roots of Response: How Private Action Can Reduce Public Vulnerability, Cambridge University Press, New York, 2006.CrossRefGoogle Scholar
  3. [3]
    A. Aviram and A. Tor, Overcoming impediments to information sharing, Alabama Law Review, vol. 55(2), p. 231, 2004.Google Scholar
  4. [4]
    L. Branscomb and E. Michel-Kerjan, Public-private collaboration on a national and international scale, in Seeds of Disaster, Roots of Re- sponse: How Private Action Can Reduce Public Vulnerability, P. Auer- swald, L. Branscomb, T. La Porte and E. Michel-Kerjan (Eds. ), Cambridge University Press, New York, pp. 395-403, 2006.CrossRefGoogle Scholar
  5. [5]
    L. Camp and C. Wolfram, Pricing security, in Economics of Information Security, L. Camp and S. Lewis (Eds. ), Kluwer, Boston, Massachusetts, pp. 17-34, 2004.CrossRefGoogle Scholar
  6. [6]
    R. Coase, The problem of social cost, Journal of Law and Economics, vol. 3, pp. 1-44, 1960.CrossRefGoogle Scholar
  7. [7]
    C. Coyne and P. Leeson, Who protects cyberspace? Journal of Law, Eco- nomics and Policy, vol. 1(2), pp. 473-495, 2006.Google Scholar
  8. B. Crowell, Too many secrets: Overclassification as a barrier to critical information sharing, Testimony to the Markle Taskforce on National Security in the Information Age, Subcommittee on National Security, Emerging Threats and International Relations, House Committee on Government Reform, U. S. House of Representatives, Washington, DC (www.fas. org/sgp/congress/2004/082404crowell. html), August 24, 2004.
  9. [9]
    N. Elkin-Koren and E. Salzberger, Law, Economics and Cyberspace, Edward Elgar, Cheltenham, United Kingdom, 2004.Google Scholar
  10. [10]
    H. Kunreuther and G. Heal, Interdependent security, Journal of Risk and Uncertainty, vol. 26(2/3), pp. 231-249, 2003.CrossRefMATHGoogle Scholar
  11. [11]
    R. Mandel, The Changing Face of National Security: A Conceptual Analysis, Greenwood Press, Westport, Connecticut, 1994.Google Scholar
  12. [12]
    P. McNutt, Public goods and club goods, in Encyclopedia of Law and Economics, Volume I -The History and Methodology of Law and Economics, B. Bouckaert and G. de Geest (Eds. ), Edward Elgar, Cheltenham, United Kingdom, pp. 927-951, 2000.Google Scholar
  13. [13]
    A. Ogus, Regulation: Legal Form and Economic Theory, Clarendon Press, London, United Kingdom, 1994.Google Scholar
  14. [14]
    B. Powell, Is cyber security a public good? Evidence from the financial services industry, Journal of Law, Economics and Policy, vol. 1(2), pp. 497-510, 2005.Google Scholar
  15. [15]
    S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11-25, 2001.CrossRefGoogle Scholar
  16. [16]
    P. Samuelson, The pure theory of public expenditure, The Review of Economics and Statistics, vol. 36(4), pp. 387-389, 1954.MathSciNetCrossRefGoogle Scholar
  17. [17]
    B. Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley, New York, 2000.Google Scholar
  18. [18]
    A. Smith, The Wealth of Nations, Bantam Classics, New York, 2003.Google Scholar
  19. [19]
    M. Trebilcock and E. Iacobucci, Privatization and accountability, Harvard Law Review, vol. 116(5), pp. 1422-1453, 2003.CrossRefGoogle Scholar
  20. U. S. -Canada Power System Outage Task Force, Final Report on the August 14, 2003 Blackout in the United States and Canada: Causes and Recommendations, U. S. Department of Energy, Washington, DC (reports. energy. gov/BlackoutFinal-Web. pdf ), 2004.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Dan Assaf
    • 1
  1. 1.University of TorontoTorontoCanada

Personalised recommendations