Economic solutions to improve cybersecurity of governments and smart cities via vulnerability markets

Government Information Quarterly

Volumn 35, Issue 1, 2018, Pages 151-160

  Li, Zhen ^a   Liao, Qi ^b  

^a ALBION COLLEGE   (United States)

^b CENTRAL MICHIGAN UNIVERSITY   (United States)

Author keywords

Cybersecurity; E government; Economics; Game theory; Smart cities; Vulnerability

Indexed keywords

EID: 85032360698     PISSN: 0740624X     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.giq.2017.10.006     Document Type: Article

References (44)

1. Ablon, L., Libicki, M.C., Golay, A.A., Markets for cybercrime tools and stolen data: Hackers’ bazaar. Rand corporation research report., 2014.
2. Algarni, A.M., Malaiya, Y.K., Software vulnerability markets: Discoverers and buyers. International Journal of Computer, Information Science and Engineering 8 (2014), 71–81.
3. Alsultanny, Y.A., Evaluating users intention to use e-government services. International Journal of Emerging Trends & Technology in Computer Science 3 (2014, September–October), 55–60.
4. Anderson, R., Moore, T., The economics of information security: A survey and open questions. Science 314 (2006), 610–613.
5. Arora, A., Nandkumar, A., Telang, R., Does information security attack frequency increase with vulnerability disclosure: An empirical analysis. Information Systems Frontiers 8 (2006), 350–362.
6. Arora, A., Telang, R., Xu, H., Optimal policy for software vulnerability disclosure. Management Science 54 (2008), 642–656.
7. August, T., Tunca, T.I., Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Science 57 (2011), 934–959.
8. Belanche-Gracia, D., Casalo-Arinob, L.V., Perez-Rueda, A., Determinants of multi-service smartcard success for smart cities development: A study based on citizens’ privacy and security perceptions. Government Information Quarterly 32 (2015), 154–163.
9. Bilge, L., Dumitras, T., Before we knew it: An empirical study of zero-day attacks in the real world. Proceedings of the 2012 ACM conference on computer and communications security, 2012, 833–844 Raleigh, NC.
10. Brumfield, J., Verizon 2015 data breach investigations report, 2015.
11. Cerrudo, C., An emerging US (and world) threat: Cities wide open to cyber attacks, 2015, IOActive White Paper.
12. Cocchia, A., Smart and digital city: A systematic literature review. Dameri, R.P., Sabroux, C., (eds.) Smart city: How to create public and economic value with high technology in urban space, 2014, Spri nger International Publishing, Switzerland, 13–43.
13. de Bruijn, H., Janssen, M., Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly 34 (2017), 1–7.
14. Dynes, S., Goetz, E., Freeman, M., Cyber security: Are economic incentives adequate?. IFIP International Federation for Information Processing 253 (2008), 15–27.
15. Eslava, M., The political economy of fiscal deficits: A survey. Journal of Economic Surveys 25 (2011), 645–673.
16. Finifter, M., Akhawe, D., Wagner, D., An empirical study of vulnerability reward programs. Proceedings of the 22nd USENIX conference on security, 2013, 273–288 Washington, D.C.
17. Frei, S., The known unknowns: Empirical analysis of publicly unknown security vulnerabilities, 2013, December, NSS Labs.
18. Frei, S., Artes, F., International vulnerability purchase program: Why buying all vulnerabilities above black market prices is economically sound, 2013, December, NSS Labs.
19. Ghena, B., Beyer, W., Hillaker, A., Pevarnek, J., Halderman, J.A., Green lights forever: Analyzing the security of traffic infrastructure. Woot’14 proceedings of the 8th USENIX conference on offensive technologies, 2014, 7-7 San Diego, CA.
20. Herr, T., Governing proliferation in cybersecurity. Global Summitry, 3, 2017.
21. Huang, K., Zhang, J., Tan, W., Feng, Z., An empirical analysis of contemporary android mobile vulnerability market. Proceedings of the 2015 IEEE international conference on mobile services (ms), 2015, 182–189 New York, NY.
22. Illera, A.G., Vidal, J.V., Lights off! The darkness of the smart meters, 2014, Black-hat Europe Amsterdam RAI, The Netherlands.
23. Joh, H., Malaiya, Y., Seasonal variation in the vulnerability discovery process. Proceedings of ICST ’09, international conference on software testing verification and validation, 2009, 191–200 Denver, CO.
24. Kitchin, R., Reframing, reimagining and remaking smart cities. The programmable city working paper 20., 2016.
25. Klaper, D., Hovy, E., A taxonomy and a knowledge portal for cybersecurity. Proceedings of the 15th annual international conference on digital government research, 2014, 79–85.
26. Leuprecht, C., Skillicorn, D.B., Tait, V.E., Beyond the castle model of cyber-risk and cyber-security. Government Information Quarterly 33 (2016), 250–257.
27. Li, Z., Liao, Q., An economic alternative to improve cybersecurity of e-government and smart cities. Proceedings of the 17th international digital government research conference on digital government research, 2016, 455–464 Shanghai, China.
28. Margolis, R.M., Kammen, D.M., Evidence of under-investment in energy R&D in the United States and the impact of federal policy. Energy Policy 27 (1999), 575–584.
29. Mein, A., Evans, C., Dosh4Vulns: Google's vulnerability reward programs, 2011, March.
30. Miller, C., The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales. Proceedings of the sixth workshop on the economics of information security., 2007 Pittsburgh, PA.
31. Mojica, I.J., Adams, B., Nagappan, M., Dienst, S., Berger, T., Hassan, A.E., A large-scale empirical study on software reuse in mobile apps. IEEE Software 31 (2014), 78–86.
32. Nordhaus, W.D., The political business cycle. Review of Economic Studies 42 (1975), 169–190.
33. Paquette, S., Jaeger, P.T., Wilson, S.C., Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly 27 (2010), 245–253.
34. Pfeiffer, M.H., Managing technology risks through technological proficiency: Guidance for local governments, 2015, Bloustein Local Government Research Center, Rutgers.
35. Pfleeger, S., Cunningham, R., Why measuring security is hard. IEEE Security & Privacy 8 (2010), 46–54.
36. Quigley, K., Burns, C., Stallard, K., ‘cyber gurus’: A rhetorical analysis of the language of cybersecurity specialists and the implications for security policy and critical infrastructure protection. Government Information Quarterly 32 (2015), 108–117.
37. Ransbotham, S., Mitra, S., Ramsey, J., Are markets for vulnerabilities effective?. MIS Quarterly 36 (2012, March), 43–64.
38. Sa, F., Rochac, A., Cota, M.P., Potential dimensions for a local e-government services quality model. Telematics and Informatics 33 (2016), 270–276.
39. Scott, M.D., Tort liability for vendors of insecure software: Has the time finally come?. Maryland Law Review 67 (2008), 425–484.
40. Stockton, P.N., Golabek-Goldman, M., Curbing the market for cyber weapons. Yale Law & Policy Review 32 (2013), 101–128.
41. Sureshchandra, S.M., Bhavsar, J.J., Pitroda, J.R., Review on identification of success factors for designing of smart cities. International Journal of Science Technology & Engineering 2 (2016), 125–133.
42. Welch, E.W., Feeney, M.K., Park, C.H., Determinants of data sharing in U.S. city governments. Government Information Quarterly 33 (2016), 393–403.
43. Wu, Y., Protecting personal data in e-government: A cross-country study. Government Information Quarterly 31 (2014), 150–159.
44. Zhao, J.J., Zhao, S.Y., Opportunities and threats: A security assessment of state e-government websites. Government Information Quarterly 27 (2010), 49–56.