An economic alternative to improve Cybersecurity of e-government and smart cities

ACM International Conference Proceeding Series

Volumn 08-10-June-2016, Issue , 2016, Pages 455-464

  Li, Zhen ^a   Liao, Qi ^b  

^a ALBION COLLEGE   (United States)

^b CENTRAL MICHIGAN UNIVERSITY   (United States)

Author keywords

E government; Economics; Game Theory; Security and Privacy; Smart cities; Vulnerability

Indexed keywords

ECONOMICS; GAME THEORY;

CATASTROPHIC CONSEQUENCES; E-GOVERNMENTS; ECONOMIC SOLUTIONS; INCENTIVE MECHANISM; SAFETY AND SECURITIES; SECURITY AND PRIVACY; SMART CITIES; VULNERABILITY;

GOVERNMENT DATA PROCESSING;

EID: 84978654179     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2912160.2912170     Document Type: Conference Paper

References (37)

1. Open-Air computers. The Economist, October 27 2012.
2. L. Ablon, M. C. Libicki, and A. A. Golay. Markets for cybercrime tools and stolen data: Hackers' bazaar. RAND Corporation research report, 2014.
3. A. M. Algarni and Y. K. Malaiya. Software vulnerability markets: Discoverers and buyers. International Journal of Computer, Information Science and Engineering, 8(3):71-81, 2014.
4. Y. A. Alsultanny. Evaluating users intention to use e-government services. International Journal of Emerging Trends & Technology in Computer Science, 3(5):55-60, September-October 2014.
5. R. Anderson and T. Moore. The economics of information security: A survey and open questions. Science, 314:610-613, 2006.
6. S. Anthony. The first rule of zero-days is no one talks about zero-days (so we'll explain). Ars Technica, October 20 2015.
7. A. Arora, A. Nandkumar, and R. Telang. Does information security attack frequency increase with vulnerability disclosure: An empircal analysis. Information Systems Frontiers, 8(5):350-362, 2006.
8. A. Arora, R. Telang, and H. Xu. Optimal policy for software vulnerability disclosure. Management Science, 54(4):642-656, 2008.
9. T. August and T. I. Tunca. Who should be responsible for software security? a comparative analysis of liability policies in network environments. Management Science, 57(5):934-959, 2011.
10. L. Bilge and T. Dumitras. Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 833-844, Raleigh, NC, October 16-18 2012.
11. J. Brumeld. Verizon 2015 data breach investigations report. April 13 2015.
12. C. Cerrudo. An emerging US (and world) threat: Cities wide open to cyber attacks. IOActive White Paper, 2015.
13. S. Dynes, E. Goetz, and M. Freeman. Cyber security: Are economic incentives adequate? IFIP International Federation for Information Processing, 253:15-27, 2008.
14. M. Eslava. The political economy of fiscal deficits: A survey. Journal of Economic Surveys, 25(4):645-673, 2011.
15. M. Finifter, D. Akhawe, and D. Wagner. An empirical study of vulnerability reward programs. In Proceedings of the 22nd USENIX conference on Security, pages 273-288, Washington, D.C., August 14-16 2013.
16. S. Frei. The known unknowns: Empirical analyais of publicly unknown security vulnerabilities. NSS Labs, December 2013.
17. S. Frei and F. Artes. International vulnerability purchase program: Why buying all vulnerabilities above black market prices is economically sound. NSS Labs, December 2013.
18. B. Ghena, W. Beyer, A. Hillaker, J. Pevarnek, and J. A. Halderman. Green lights forever: Analyzing the security of trafic infrastructure. In WOOT'14 Proceedings of the 8th USENIX conference on Offensive Technologies, pages 7-7, San Diego, CA, August 19 2014.
19. A. Greenberg. Meet the hackers who sell spies the tools to crack your PC (and get paid six-figure fees). Forbes, March 21 2012.
20. A. Greenberg. Shopping for zero-days: A price list for hackers' secret software exploits. Forbes, March 23 2012.
21. K. Huang, J. Zhang, W. Tan, and Z. Feng. An empirical analysis of contemporary android mobile vulnerability market. In Proceedings of the 2015 IEEE International Conference on Mobile Services (MS), pages 182-189, New York, NY, June 27-July 2 2015.
22. A. G. Illera and J. V. Vidal. Lights off! The darkness of the smart meters. Black-hat Europe, October 14-17 2014.
23. H. Joh and Y. Malaiya. Seasonal variation in the vulnerability discovery process. In Proceedings of ICST '09, International Conference on Software Testing Verification and Validation, pages 191-200, Denver, CO, April 1-4 2009.
24. D. Klaper and E. Hovy. A taxonomy and a knowledge portal for cybersecurity. In Proceedings of the 15th Annual International Conference on Digital Government Research, pages 79-85, 2014.
25. J. H. Lee, M. G. Hancock, and M.-C. Hu. Towards an effective framework for building smart cities: Lessons from Seoul and San Francisco. Technological Forecasting and Social Change, 89:80-99, November 2014.
26. R. Lemos. Private market growing for zero-day exploits and vulnerabilities. TechTarget, November 2012.
27. R. M. Margolis and D. M. Kammen. Evidence of under-investment in energy R&D in the United States and the impact of federal policy. Energy Policy, 27:575-584, 1999.
28. A. Mein and C. Evans. Dosh4Vulns: Google's vulnerability reward programs. March, 2011.
29. C. Miller. The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales. In Proceedings of the Sixth Workshop on the Economics of Information Security, Pittsburgh, PA, June 2007.
30. I. J. Mojica, B. Adams, M. Nagappan, S. Dienst, T. Berger, and A. E. Hassan. A large-scale empirical study on software reuse in mobile apps. IEEE Software, 31:78-86, 2014.
31. W. D. Nordhaus. The political business cycle. Review of Economic Studies, 42(2):169-190, April 1975.
32. N. Perlroth and D. E. Sanger. Nations buying as hackers sell aws in computer code. The New York Times, July 13 2013.
33. S. Peeger and R. Cunningham. Why measuring security is hard. IEEE Security & Privacy, 8(4):46-54, July/August 2010.
34. S. Ransbotham, S. Mitra, and J. Ramsey. Are markets for vulnerabilities effective? MIS Quarterly, 36(1):43-64, March, 2012.
35. M. J. Schwartz. So you want to be a zero day exploit millionaire? InformationWeek, November 10 2011.
36. M. D. Scott. Tort liability for vendors of insecure software: Has the time finally come? Maryland Law Review, 67(2):425-484, 2008.
37. P. N. Stockton and M. Golabek-Goldman. Curbing the market for cyber weapons. Yale Law & Policy Review, 32:101-128, December 18 2013.